SQLite

Check-in [d146f01a02]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Make sure that the REGISTER token generates a valid Expr. REGISTER will cause the tokenizer to abort, but the parser might do several reduce actions prior to that abort and those reduce actions sometimes need a valid Expr. (CVS 3980)
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: d146f01a02579339c5dc86bbe59f246bd6c05c63
User & Date: drh 2007-05-11 00:20:08.000
Context
2007-05-11
01:44
Additional parsing bugs fixed. (CVS 3981) (check-in: d12a8924c6 user: drh tags: trunk)
00:20
Make sure that the REGISTER token generates a valid Expr. REGISTER will cause the tokenizer to abort, but the parser might do several reduce actions prior to that abort and those reduce actions sometimes need a valid Expr. (CVS 3980) (check-in: d146f01a02 user: drh tags: trunk)
2007-05-10
21:14
When converting literal BLOBs to text using the encoding of the main database. Ticket #2349. (CVS 3975) (check-in: a57afaff42 user: drh tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/expr.c. 
8
9
10
11
12
13
14
15

16
17
18
19
20
21
22

8
9
10
11
12
13
14

15
16
17
18
19
20
21
22








-
+








**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains routines used for analyzing expressions and
** for generating VDBE code that evaluates expressions in SQLite.
**
** $Id: expr.c,v 1.289 2007/05/10 10:46:56 danielk1977 Exp $
** $Id: expr.c,v 1.290 2007/05/11 00:20:08 drh Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>

/*
** Return the 'affinity' of the expression pExpr if any.
**

276
277
278
279
280
281
282

283
284
285

286
287
288
289
290
291
292

276
277
278
279
280
281
282
283
284
285

286
287
288
289
290
291
292
293








+


-
+








** The returns an expression that will code to extract the value from
** that memory location as needed.
*/
Expr *sqlite3RegisterExpr(Parse *pParse, Token *pToken){
  Vdbe *v = pParse->pVdbe;
  Expr *p;
  int depth;
  static const Token zeroToken = { (u8*)"0", 0, 1 };
  if( pParse->nested==0 ){
    sqlite3ErrorMsg(pParse, "near \"%T\": syntax error", pToken);
    return 0;
    return sqlite3Expr(TK_INTEGER, 0, 0, &zeroToken);
  }
  if( v==0 ) return 0;
  p = sqlite3Expr(TK_REGISTER, 0, 0, pToken);
  if( p==0 ){
    return 0;  /* Malloc failed */
  }
  depth = atoi((char*)&pToken->z[1]);
Changes to test/fuzz.test. 
1

2
3
4
5
6
7
8
9
10
11
12
13



14
15

16
17
18
19
20
21
22


1

2
3
4
5
6
7
8
9
10
11

12
13
14
15

16
17
18
19
20
21
22
23

-
+
-










-
+
+
+

-
+









# 2007 May 10
# 2001 September 15
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this file is testing the SELECT statement.
# focus of this file is generating semi-random strings of SQL
# (a.k.a. "fuzz") and sending it into the parser to try to generate
# errors.
#
# $Id: fuzz.test,v 1.3 2007/05/10 17:38:57 danielk1977 Exp $
# $Id: fuzz.test,v 1.4 2007/05/11 00:20:08 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

proc fuzz {TemplateList} {
  set n [llength $TemplateList]
  set i [expr {int(rand()*$n)}]

191
192
193
194
195
196
197
198

192
193
194
195
196
197
198









-

      puts $msg
    }
    set e
  } {1}
} 

finish_test
Added test/fuzz2.test. 


































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

# 2007 May 10
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library. 
#
# This file checks error recovery from malformed SQL strings.
#
# $Id: fuzz2.test,v 1.1 2007/05/11 00:20:08 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

do_test fuzz2-1.1 {
  catchsql {SELECT ALL "AAAAAA" . * GROUP BY LIMIT round(1), #12}
} {1 {near "#12": syntax error}}
do_test fuzz2-2.0 {
  catchsql {SELECT + #100}
} {1 {near "#100": syntax error}}
do_test fuzz2-2.1 {
  catchsql {SELECT 1 WHERE ( #61 NOT MATCH ROUND( 1 ) )}
} {1 {near "#61": syntax error}}
do_test fuzz2-2.2 {
  catchsql {SELECT 1 LIMIT NOT #59 COLLATE AAAAAA NOT IN 
    ( "AAAAAA" NOTNULL <= x'414141414141' IS NULL , ( ROUND ( 1.0 ) ) )}
} {1 {no such collation sequence: AAAAAA}}
do_test fuzz2-2.3 {
  catchsql {INSERT OR REPLACE INTO AAAAAA . "AAAAAA" ( "AAAAAA" ) SELECT DISTINCT * , ( SELECT #252 IN ( SELECT DISTINCT AAAAAA . * ) )}
} {1 {near "#252": syntax error}}
do_test fuzz2-2.4 {
  catchsql {SELECT 1 LIMIT NOT #59 COLLATE AAAAAA NOT IN round(1.0)}
} {1 {near "(": syntax error}}
do_test fuzz2-2.5 {
  catchsql {SELECT( #239 )}
} {1 {near "#239": syntax error}}
do_test fuzz2-2.6 {
  catchsql {DELETE FROM AAAAAA WHERE #65 NOT NULL}
} {1 {near "#65": syntax error}}
do_test fuzz2-2.7 {
  catchsql {ATTACH ROUND( 1.0 ) in  AAAAAA . "AAAAAA" AS #122 ISNULL}
} {1 {invalid name: "ROUND( 1.0 ) in  AAAAAA . "AAAAAA""}}
do_test fuzz2-2.8 {
  catchsql {SELECT 1 LIMIT  #122 ISNULL}
} {1 {near "#122": syntax error}}
do_test fuzz2-2.9 {
  catchsql {CREATE VIEW AAAAAA . "AAAAAA" AS SELECT DISTINCT #162 IS NULL "AAAAAA"}
} {1 {unknown database AAAAAA}}
do_test fuzz2-2.10 {
  catchsql {DELETE FROM AAAAAA WHERE #202 IS NOT NULL ISNULL}
} {1 {near "#202": syntax error}}
do_test fuzz2-2.11 {
  catchsql {UPDATE OR IGNORE "AAAAAA" . "AAAAAA" SET "AAAAAA" = NOT #96}
} {1 {near "#96": syntax error}}
do_test fuzz2-2.12 {
  catchsql {SELECT - #196}
} {1 {near "#196": syntax error}}
do_test fuzz2-3.0 {
  catchsql {CREATE TRIGGER "AAAAAA" . "AAAAAA" AFTER UPDATE OF "AAAAAA" , "AAAAAA" ON "AAAAAA" . "AAAAAA" FOR EACH ROW BEGIN UPDATE AAAAAA SET "AAAAAA" = #162;  END}
} {1 {near "#162": syntax error}}
do_test fuzz2-3.1 {
  catchsql {CREATE TRIGGER IF NOT EXISTS "AAAAAA" UPDATE ON "AAAAAA" . AAAAAA FOR EACH ROW BEGIN DELETE FROM "AAAAAA" ; INSERT INTO AAAAAA ( "AAAAAA" ) SELECT DISTINCT "AAAAAA" "AAAAAA" , #167 AAAAAA , "AAAAAA" . * ORDER BY "AAAAAA" ASC , x'414141414141' BETWEEN RAISE ( FAIL , "AAAAAA" ) AND AAAAAA ( * ) NOT NULL DESC LIMIT AAAAAA ; REPLACE INTO AAAAAA ( AAAAAA ) VALUES ( AAAAAA ( * ) ) ; END}
} {1 {near "#167": syntax error}}
do_test fuzz2-3.2 {
  catchsql {CREATE TEMP TRIGGER IF NOT EXISTS AAAAAA . "AAAAAA" BEFORE UPDATE OF "AAAAAA" ON AAAAAA . "AAAAAA" BEGIN SELECT ALL * , #175 "AAAAAA" FROM "AAAAAA" . AAAAAA;  END}
} {1 {near "#175": syntax error}}
do_test fuzz2-4.0 {
  catchsql {ATTACH DATABASE #168 AS whatever}
} {1 {near "#168": syntax error}}
do_test fuzz2-4.1 {
  catchsql {DETACH #133}
} {1 {near "#133": syntax error}}
do_test fuzz2-5.0 {
  catchsql {SELECT 1 LIMIT ( SELECT DISTINCT * , AAAAAA , * , AAAAAA , "AAAAAA" . * FROM "AAAAAA" ON ROUND( 1 ) COLLATE AAAAAA OR "AAAAAA" USING ( AAAAAA , "AAAAAA" ) WHERE ROUND( 1 ) GROUP BY ORDER BY #84 ASC , #44 DESC , ( SELECT "AAAAAA" . * , "AAAAAA" . * FROM , ( ) "AAAAAA" USING ( )}
} {1 {near ",": syntax error}}
do_test fuzz2-5.1 {
  catchsql {SELECT 1 WHERE 1 == AAAAAA ( * ) BETWEEN + - ~ + "AAAAAA" . AAAAAA | RAISE ( IGNORE ) COLLATE AAAAAA NOT IN ( SELECT DISTINCT "AAAAAA" . * , * , * WHERE ( SELECT ALL AAAAAA AS "AAAAAA" HAVING CAST ( "AAAAAA" . "AAAAAA" . "AAAAAA" AS AAAAAA ) ORDER BY , , IS NULL ASC , ~ AND DESC LIMIT ( ( "AAAAAA" ) NOT BETWEEN ( ) NOT IN ( ) AND AAAAAA ( ) IS NOT NULL ) OFFSET AAAAAA ( ALL , , ) ) GROUP BY ORDER BY "AAAAAA" . AAAAAA ASC , NULL IN ( SELECT UNION ALL SELECT ALL WHERE HAVING ORDER BY LIMIT UNION SELECT DISTINCT FROM ( ) WHERE + HAVING >> ORDER BY LIMIT . . , "AAAAAA" ) , CAST ( ~ "AAAAAA" . AAAAAA AS "AAAAAA" AAAAAA "AAAAAA" ( + 4294967295 , - 4294967296.0 ) ) ASC LIMIT AAAAAA INTERSECT SELECT ALL * GROUP BY , AAAAAA ( DISTINCT , ) != #241 NOT IN ( , , ) , , CTIME_KW HAVING AAAAAA ORDER BY #103 DESC , #81 ASC LIMIT AAAAAA OFFSET ~ AAAAAA ( ALL AAAAAA . AAAAAA >= AAAAAA . "AAAAAA" . "AAAAAA" ) ) NOTNULL NOT NULL}
} {1 {near "#81": syntax error}}
do_test fuzz2-5.2 {
  catchsql {SELECT 1 WHERE 1 == AAAAAA ( * ) BETWEEN + - ~ + "AAAAAA" . AAAAAA | RAISE ( IGNORE ) COLLATE AAAAAA NOT IN ( SELECT DISTINCT "AAAAAA" . * , * , * WHERE ( SELECT ALL AAAAAA AS "AAAAAA" HAVING CAST ( "AAAAAA" . "AAAAAA" . "AAAAAA" AS AAAAAA ) ORDER BY , , IS NULL ASC , ~ AND DESC LIMIT ( ( "AAAAAA" ) NOT BETWEEN ( ) NOT IN ( ) AND AAAAAA ( ) IS NOT NULL ) OFFSET AAAAAA ( ALL , , ) ) GROUP BY ORDER BY "AAAAAA" . AAAAAA ASC , NULL IN ( SELECT UNION ALL SELECT ALL WHERE HAVING ORDER BY LIMIT UNION SELECT DISTINCT FROM ( ) WHERE + HAVING >> ORDER BY LIMIT . . , "AAAAAA" ) , CAST ( ~ "AAAAAA" . AAAAAA AS "AAAAAA" AAAAAA "AAAAAA" ( + 4294967295 , - 4294967296.0 ) ) ASC LIMIT AAAAAA INTERSECT SELECT ALL * GROUP BY , AAAAAA ( DISTINCT , ) != #241 NOT IN ( , , ) , , CTIME_KW HAVING AAAAAA ORDER BY #103 DESC , #81 ASC LIMIT AAAAAA OFFSET ~ AAAAAA ( ALL AAAAAA . AAAAAA >= AAAAAA . "AAAAAA" . "AAAAAA" ) ) NOTNULL NOT NULL}
} {1 {near "#81": syntax error}}
do_test fuzz2-5.3 {
  catchsql {UPDATE "AAAAAA" SET "AAAAAA" = - EXISTS ( SELECT DISTINCT * , * ORDER BY #202 ASC , #147 , ~ AAAAAA . "AAAAAA" ASC LIMIT AAAAAA . "AAAAAA" , RAISE ( ABORT , AAAAAA ) UNION ALL SELECT DISTINCT AAAAAA . * , * FROM ( SELECT DISTINCT}
} {1 {near "DISTINCT": syntax error}}
do_test fuzz2-5.4 {
  catchsql {REPLACE INTO AAAAAA SELECT DISTINCT "AAAAAA" . * WHERE AAAAAA ( AAAAAA ( ) ) GROUP BY AAAAAA . AAAAAA . "AAAAAA" IN "AAAAAA" | AAAAAA ( ALL , ) ORDER BY #238, #92 DESC LIMIT 0 OFFSET - RAISE ( IGNORE ) NOT NULL > RAISE ( IGNORE ) IS NULL}
} {1 {near "#92": syntax error}}
do_test fuzz2-5.5 {
  catchsql {SELECT ALL * GROUP BY EXISTS ( SELECT "AAAAAA" . * , AAAAAA ( * ) AS AAAAAA FROM "AAAAAA" . "AAAAAA" AS "AAAAAA" USING ( AAAAAA , "AAAAAA" , "AAAAAA" ) WHERE AAAAAA ( DISTINCT ) - RAISE ( FAIL , "AAAAAA" ) HAVING "AAAAAA" . "AAAAAA" . AAAAAA ORDER BY #182 , #55 ) BETWEEN EXISTS ( SELECT ALL * FROM ( ( }
} {1 {near " ": syntax error}}

finish_test