/ Check-in [c2f90b46]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not crash in the internal functions sqlite_rename_table() or sqlite_rename_trigger() if they are somehow passed unexpected input. (CVS 3944)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: c2f90b465e37ea49c9e44415f6461e4f636bb64f
User & Date: danielk1977 2007-05-08 12:37:46
Context
2007-05-08
13:57
Avoid evaluating (INT_MIN/-1) with 32 bit signed numbers. It can cause SIGFPE. (CVS 3945) check-in: 2f186e91 user: danielk1977 tags: trunk
12:37
Do not crash in the internal functions sqlite_rename_table() or sqlite_rename_trigger() if they are somehow passed unexpected input. (CVS 3944) check-in: c2f90b46 user: danielk1977 tags: trunk
12:12
Begin adding code to explicitly limit the size of strings and blobs. (CVS 3943) check-in: 031a5915 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/alter.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that used to generate VDBE code
    13     13   ** that implements the ALTER TABLE command.
    14     14   **
    15         -** $Id: alter.c,v 1.22 2006/09/08 12:27:37 drh Exp $
           15  +** $Id: alter.c,v 1.23 2007/05/08 12:37:46 danielk1977 Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   #include <ctype.h>
    19     19   
    20     20   /*
    21     21   ** The code in this file only exists if we are not omitting the
    22     22   ** ALTER TABLE logic from the build.
................................................................................
    53     53   
    54     54     /* The principle used to locate the table name in the CREATE TABLE 
    55     55     ** statement is that the table name is the first token that is immediatedly
    56     56     ** followed by a left parenthesis - TK_LP.
    57     57     */
    58     58     if( zSql ){
    59     59       do {
           60  +      if( !*zCsr ){
           61  +        /* Ran out of input before finding an opening bracket. Return NULL. */
           62  +        return;
           63  +      }
           64  +
    60     65         /* Store the token that zCsr points to in tname. */
    61     66         tname.z = zCsr;
    62     67         tname.n = len;
    63     68   
    64     69         /* Advance zCsr to the next token. Store that token type in 'token',
    65     70         ** and it's length in 'len' (to be used next iteration of this loop).
    66     71         */
................................................................................
   103    108     /* The principle used to locate the table name in the CREATE TRIGGER 
   104    109     ** statement is that the table name is the first token that is immediatedly
   105    110     ** preceded by either TK_ON or TK_DOT and immediatedly followed by one
   106    111     ** of TK_WHEN, TK_BEGIN or TK_FOR.
   107    112     */
   108    113     if( zSql ){
   109    114       do {
          115  +
          116  +      if( !*zCsr ){
          117  +        /* Ran out of input before finding the table name. Return NULL. */
          118  +        return;
          119  +      }
          120  +
   110    121         /* Store the token that zCsr points to in tname. */
   111    122         tname.z = zCsr;
   112    123         tname.n = len;
   113    124   
   114    125         /* Advance zCsr to the next token. Store that token type in 'token',
   115    126         ** and it's length in 'len' (to be used next iteration of this loop).
   116    127         */

Changes to test/alter.test.

     7      7   #    May you find forgiveness for yourself and forgive others.
     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #*************************************************************************
    11     11   # This file implements regression tests for SQLite library.  The
    12     12   # focus of this script is testing the ALTER TABLE statement.
    13     13   #
    14         -# $Id: alter.test,v 1.19 2007/04/06 02:32:34 drh Exp $
           14  +# $Id: alter.test,v 1.20 2007/05/08 12:37:46 danielk1977 Exp $
    15     15   #
    16     16   
    17     17   set testdir [file dirname $argv0]
    18     18   source $testdir/tester.tcl
    19     19   
    20     20   # If SQLITE_OMIT_ALTERTABLE is defined, omit this file.
    21     21   ifcapable !altertable {
................................................................................
   645    645     }
   646    646   } {27}
   647    647   do_test alter-8.2 {
   648    648     execsql {
   649    649       SELECT a, sum(b) FROM t2 GROUP BY a;
   650    650     }
   651    651   } {1 18 2 9}
          652  +
          653  +#--------------------------------------------------------------------------
          654  +# alter-9.X - Special test: Make sure the sqlite_rename_trigger() and
          655  +# rename_table() functions do not crash when handed bad input.
          656  +#
          657  +ifcapable trigger {
          658  +  do_test alter-9.1 {
          659  +    execsql {SELECT SQLITE_RENAME_TRIGGER(0,0)}
          660  +  } {{}}
          661  +}
          662  +do_test alter-9.2 {
          663  +    execsql {
          664  +    SELECT SQLITE_RENAME_TABLE(0,0);
          665  +    SELECT SQLITE_RENAME_TABLE(10,20);
          666  +    SELECT SQLITE_RENAME_TABLE("foo", "foo");
          667  +  }
          668  +} {{} {} {}}
   652    669   
   653    670   
   654    671   finish_test