SQLite: Check-in [c2f90b46]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Do not crash in the internal functions sqlite_rename_table() or sqlite_rename_trigger() if they are somehow passed unexpected input. (CVS 3944)
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA1:	c2f90b465e37ea49c9e44415f6461e4f636bb64f
User & Date:	danielk1977 2007-05-08 12:37:46

Context

2007-05-08
13:57		Avoid evaluating (INT_MIN/-1) with 32 bit signed numbers. It can cause SIGFPE. (CVS 3945) check-in: 2f186e91 user: danielk1977 tags: trunk
12:37		Do not crash in the internal functions sqlite_rename_table() or sqlite_rename_trigger() if they are somehow passed unexpected input. (CVS 3944) check-in: c2f90b46 user: danielk1977 tags: trunk
12:12		Begin adding code to explicitly limit the size of strings and blobs. (CVS 3943) check-in: 031a5915 user: drh tags: trunk

Changes

Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/alter.c.

      9     10     11     12     13     14     15      16     17     18     19     20     21     22      54     55     56     57     58     59          60     61     62     63     64     65     66     104    105    106    107    108    109          110    111    112    113    114    115    116

class="diffln"> 8 8 ** May you find forgiveness for yourself and forgive others. 9 ** May you share freely, never taking more than you give. 10 ** 11 ************************************************************************* 12 ** This file contains C code routines that used to generate VDBE code 13 ** that implements the ALTER TABLE command. 14 ** -** $Id: alter.c,v 1.22 2006/09/08 12:27:37 drh Exp $ 15 +** $Id: alter.c,v 1.23 2007/05/08 12:37:46 danielk1977 Exp $ 16 */ 17 #include "sqliteInt.h" 18 #include <ctype.h> 19 20 /* 21 ** The code in this file only exists if we are not omitting the 22 ** ALTER TABLE logic from the build. ................................................................................ class="diffln"> 53 53 54 /* The principle used to locate the table name in the CREATE TABLE 55 ** statement is that the table name is the first token that is immediatedly 56 ** followed by a left parenthesis - TK_LP. 57 */ 58 if( zSql ){ 59 do { 60 + if( !*zCsr ){ 61 + /* Ran out of input before finding an opening bracket. Return NULL. */ 62 + return; 63 + } 64 + 65 /* Store the token that zCsr points to in tname. */ 66 tname.z = zCsr; 67 tname.n = len; 68 69 /* Advance zCsr to the next token. Store that token type in 'token', 70 ** and it's length in 'len' (to be used next iteration of this loop). 71 */ ................................................................................ class="diffln"> 103 108 /* The principle used to locate the table name in the CREATE TRIGGER 109 ** statement is that the table name is the first token that is immediatedly 110 ** preceded by either TK_ON or TK_DOT and immediatedly followed by one 111 ** of TK_WHEN, TK_BEGIN or TK_FOR. 112 */ 113 if( zSql ){ 114 do { 115 + 116 + if( !*zCsr ){ 117 + /* Ran out of input before finding the table name. Return NULL. */ 118 + return; 119 + } 120 + 121 /* Store the token that zCsr points to in tname. */ 122 tname.z = zCsr; 123 tname.n = len; 124 125 /* Advance zCsr to the next token. Store that token type in 'token', 126 ** and it's length in 'len' (to be used next iteration of this loop). 127 */

Changes to test/alter.test.

     7      7   #    May you find forgiveness for yourself and forgive others.
     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #*************************************************************************
    11     11   # This file implements regression tests for SQLite library.  The
    12     12   # focus of this script is testing the ALTER TABLE statement.
    13     13   #
    14         -# $Id: alter.test,v 1.19 2007/04/06 02:32:34 drh Exp $
           14  +# $Id: alter.test,v 1.20 2007/05/08 12:37:46 danielk1977 Exp $
    15     15   #
    16     16   
    17     17   set testdir [file dirname $argv0]
    18     18   source $testdir/tester.tcl
    19     19   
    20     20   # If SQLITE_OMIT_ALTERTABLE is defined, omit this file.
    21     21   ifcapable !altertable {
................................................................................
   645    645     }
   646    646   } {27}
   647    647   do_test alter-8.2 {
   648    648     execsql {
   649    649       SELECT a, sum(b) FROM t2 GROUP BY a;
   650    650     }
   651    651   } {1 18 2 9}
          652  +
          653  +#--------------------------------------------------------------------------
          654  +# alter-9.X - Special test: Make sure the sqlite_rename_trigger() and
          655  +# rename_table() functions do not crash when handed bad input.
          656  +#
          657  +ifcapable trigger {
          658  +  do_test alter-9.1 {
          659  +    execsql {SELECT SQLITE_RENAME_TRIGGER(0,0)}
          660  +  } {{}}
          661  +}
          662  +do_test alter-9.2 {
          663  +    execsql {
          664  +    SELECT SQLITE_RENAME_TABLE(0,0);
          665  +    SELECT SQLITE_RENAME_TABLE(10,20);
          666  +    SELECT SQLITE_RENAME_TABLE("foo", "foo");
          667  +  }
          668  +} {{} {} {}}
   652    669   
   653    670   
   654    671   finish_test