SQLite

Check-in [c2f90b465e]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not crash in the internal functions sqlite_rename_table() or sqlite_rename_trigger() if they are somehow passed unexpected input. (CVS 3944)
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: c2f90b465e37ea49c9e44415f6461e4f636bb64f
User & Date: danielk1977 2007-05-08 12:37:46.000
Context
2007-05-08
13:57
Avoid evaluating (INT_MIN/-1) with 32 bit signed numbers. It can cause SIGFPE. (CVS 3945) (check-in: 2f186e916c user: danielk1977 tags: trunk)
12:37
Do not crash in the internal functions sqlite_rename_table() or sqlite_rename_trigger() if they are somehow passed unexpected input. (CVS 3944) (check-in: c2f90b465e user: danielk1977 tags: trunk)
12:12
Begin adding code to explicitly limit the size of strings and blobs. (CVS 3943) (check-in: 031a5915b6 user: drh tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/alter.c. 
8
9
10
11
12
13
14
15

16
17
18
19
20
21
22

8
9
10
11
12
13
14

15
16
17
18
19
20
21
22








-
+








**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that used to generate VDBE code
** that implements the ALTER TABLE command.
**
** $Id: alter.c,v 1.22 2006/09/08 12:27:37 drh Exp $
** $Id: alter.c,v 1.23 2007/05/08 12:37:46 danielk1977 Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>

/*
** The code in this file only exists if we are not omitting the
** ALTER TABLE logic from the build.

53
54
55
56
57
58
59





60
61
62
63
64
65
66

53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71








+
+
+
+
+









  /* The principle used to locate the table name in the CREATE TABLE 
  ** statement is that the table name is the first token that is immediatedly
  ** followed by a left parenthesis - TK_LP.
  */
  if( zSql ){
    do {
      if( !*zCsr ){
        /* Ran out of input before finding an opening bracket. Return NULL. */
        return;
      }

      /* Store the token that zCsr points to in tname. */
      tname.z = zCsr;
      tname.n = len;

      /* Advance zCsr to the next token. Store that token type in 'token',
      ** and it's length in 'len' (to be used next iteration of this loop).
      */

103
104
105
106
107
108
109






110
111
112
113
114
115
116

108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127








+
+
+
+
+
+








  /* The principle used to locate the table name in the CREATE TRIGGER 
  ** statement is that the table name is the first token that is immediatedly
  ** preceded by either TK_ON or TK_DOT and immediatedly followed by one
  ** of TK_WHEN, TK_BEGIN or TK_FOR.
  */
  if( zSql ){
    do {

      if( !*zCsr ){
        /* Ran out of input before finding the table name. Return NULL. */
        return;
      }

      /* Store the token that zCsr points to in tname. */
      tname.z = zCsr;
      tname.n = len;

      /* Advance zCsr to the next token. Store that token type in 'token',
      ** and it's length in 'len' (to be used next iteration of this loop).
      */
Changes to test/alter.test. 
1
2
3
4
5
6
7
8
9
10
11
12
13
14

15
16
17
18
19
20
21

1
2
3
4
5
6
7
8
9
10
11
12
13

14
15
16
17
18
19
20
21














-
+








# 2004 November 10
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#*************************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this script is testing the ALTER TABLE statement.
#
# $Id: alter.test,v 1.19 2007/04/06 02:32:34 drh Exp $
# $Id: alter.test,v 1.20 2007/05/08 12:37:46 danielk1977 Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# If SQLITE_OMIT_ALTERTABLE is defined, omit this file.
ifcapable !altertable {

645
646
647
648
649
650
651

















652
653
654

645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671








+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+




  }
} {27}
do_test alter-8.2 {
  execsql {
    SELECT a, sum(b) FROM t2 GROUP BY a;
  }
} {1 18 2 9}

#--------------------------------------------------------------------------
# alter-9.X - Special test: Make sure the sqlite_rename_trigger() and
# rename_table() functions do not crash when handed bad input.
#
ifcapable trigger {
  do_test alter-9.1 {
    execsql {SELECT SQLITE_RENAME_TRIGGER(0,0)}
  } {{}}
}
do_test alter-9.2 {
    execsql {
    SELECT SQLITE_RENAME_TABLE(0,0);
    SELECT SQLITE_RENAME_TABLE(10,20);
    SELECT SQLITE_RENAME_TABLE("foo", "foo");
  }
} {{} {} {}}


finish_test