SQLite: Check-in [d146f01a]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Make sure that the REGISTER token generates a valid Expr. REGISTER will cause the tokenizer to abort, but the parser might do several reduce actions prior to that abort and those reduce actions sometimes need a valid Expr. (CVS 3980)
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA1:	d146f01a02579339c5dc86bbe59f246bd6c05c63
User & Date:	drh 2007-05-11 00:20:08

Context

2007-05-11
01:44		Additional parsing bugs fixed. (CVS 3981) check-in: d12a8924 user: drh tags: trunk
00:20		Make sure that the REGISTER token generates a valid Expr. REGISTER will cause the tokenizer to abort, but the parser might do several reduce actions prior to that abort and those reduce actions sometimes need a valid Expr. (CVS 3980) check-in: d146f01a user: drh tags: trunk
2007-05-10
21:14		When converting literal BLOBs to text using the encoding of the main database. Ticket #2349. (CVS 3975) check-in: a57afaff user: drh tags: trunk

Changes

Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/expr.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains routines used for analyzing expressions and
    13     13   ** for generating VDBE code that evaluates expressions in SQLite.
    14     14   **
    15         -** $Id: expr.c,v 1.289 2007/05/10 10:46:56 danielk1977 Exp $
           15  +** $Id: expr.c,v 1.290 2007/05/11 00:20:08 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   #include <ctype.h>
    19     19   
    20     20   /*
    21     21   ** Return the 'affinity' of the expression pExpr if any.
    22     22   **
................................................................................
   276    276   ** The returns an expression that will code to extract the value from
   277    277   ** that memory location as needed.
   278    278   */
   279    279   Expr *sqlite3RegisterExpr(Parse *pParse, Token *pToken){
   280    280     Vdbe *v = pParse->pVdbe;
   281    281     Expr *p;
   282    282     int depth;
          283  +  static const Token zeroToken = { (u8*)"0", 0, 1 };
   283    284     if( pParse->nested==0 ){
   284    285       sqlite3ErrorMsg(pParse, "near \"%T\": syntax error", pToken);
   285         -    return 0;
          286  +    return sqlite3Expr(TK_INTEGER, 0, 0, &zeroToken);
   286    287     }
   287    288     if( v==0 ) return 0;
   288    289     p = sqlite3Expr(TK_REGISTER, 0, 0, pToken);
   289    290     if( p==0 ){
   290    291       return 0;  /* Malloc failed */
   291    292     }
   292    293     depth = atoi((char*)&pToken->z[1]);

Changes to test/fuzz.test.

     1         -
     2         -# 2001 September 15
            1  +# 2007 May 10
     3      2   #
     4      3   # The author disclaims copyright to this source code.  In place of
     5      4   # a legal notice, here is a blessing:
     6      5   #
     7      6   #    May you do good and not evil.
     8      7   #    May you find forgiveness for yourself and forgive others.
     9      8   #    May you share freely, never taking more than you give.
    10      9   #
    11     10   #***********************************************************************
    12     11   # This file implements regression tests for SQLite library.  The
    13         -# focus of this file is testing the SELECT statement.
           12  +# focus of this file is generating semi-random strings of SQL
           13  +# (a.k.a. "fuzz") and sending it into the parser to try to generate
           14  +# errors.
    14     15   #
    15         -# $Id: fuzz.test,v 1.3 2007/05/10 17:38:57 danielk1977 Exp $
           16  +# $Id: fuzz.test,v 1.4 2007/05/11 00:20:08 drh Exp $
    16     17   
    17     18   set testdir [file dirname $argv0]
    18     19   source $testdir/tester.tcl
    19     20   
    20     21   proc fuzz {TemplateList} {
    21     22     set n [llength $TemplateList]
    22     23     set i [expr {int(rand()*$n)}]
................................................................................
   191    192         puts $msg
   192    193       }
   193    194       set e
   194    195     } {1}
   195    196   } 
   196    197   
   197    198   finish_test
   198         -

Added test/fuzz2.test.

class="diffln"> 1 +# 2007 May 10 2 +# 3 +# The author disclaims copyright to this source code. In place of 4 +# a legal notice, here is a blessing: 5 +# 6 +# May you do good and not evil. 7 +# May you find forgiveness for yourself and forgive others. 8 +# May you share freely, never taking more than you give. 9 +# 10 +#*********************************************************************** 11 +# This file implements regression tests for SQLite library. 12 +# 13 +# This file checks error recovery from malformed SQL strings. 14 +# 15 +# $Id: fuzz2.test,v 1.1 2007/05/11 00:20:08 drh Exp $ 16 + 17 +set testdir [file dirname $argv0] 18 +source $testdir/tester.tcl 19 + 20 +do_test fuzz2-1.1 { 21 + catchsql {SELECT ALL "AAAAAA" . * GROUP BY LIMIT round(1), #12} 22 +} {1 {near "#12": syntax error}} 23 +do_test fuzz2-2.0 { 24 + catchsql {SELECT + #100} 25 +} {1 {near "#100": syntax error}} 26 +do_test fuzz2-2.1 { 27 + catchsql {SELECT 1 WHERE ( #61 NOT MATCH ROUND( 1 ) )} 28 +} {1 {near "#61": syntax error}} 29 +do_test fuzz2-2.2 { 30 + catchsql {SELECT 1 LIMIT NOT #59 COLLATE AAAAAA NOT IN 31 + ( "AAAAAA" NOTNULL <= x'414141414141' IS NULL , ( ROUND ( 1.0 ) ) )} 32 +} {1 {no such collation sequence: AAAAAA}} 33 +do_test fuzz2-2.3 { 34 + catchsql {INSERT OR REPLACE INTO AAAAAA . "AAAAAA" ( "AAAAAA" ) SELECT DISTINCT * , ( SELECT #252 IN ( SELECT DISTINCT AAAAAA . * ) )} 35 +} {1 {near "#252": syntax error}} 36 +do_test fuzz2-2.4 { 37 + catchsql {SELECT 1 LIMIT NOT #59 COLLATE AAAAAA NOT IN round(1.0)} 38 +} {1 {near "(": syntax error}} 39 +do_test fuzz2-2.5 { 40 + catchsql {SELECT( #239 )} 41 +} {1 {near "#239": syntax error}} 42 +do_test fuzz2-2.6 { 43 + catchsql {DELETE FROM AAAAAA WHERE #65 NOT NULL} 44 +} {1 {near "#65": syntax error}} 45 +do_test fuzz2-2.7 { 46 + catchsql {ATTACH ROUND( 1.0 ) in AAAAAA . "AAAAAA" AS #122 ISNULL} 47 +} {1 {invalid name: "ROUND( 1.0 ) in AAAAAA . "AAAAAA""}} 48 +do_test fuzz2-2.8 { 49 + catchsql {SELECT 1 LIMIT #122 ISNULL} 50 +} {1 {near "#122": syntax error}} 51 +do_test fuzz2-2.9 { 52 + catchsql {CREATE VIEW AAAAAA . "AAAAAA" AS SELECT DISTINCT #162 IS NULL "AAAAAA"} 53 +} {1 {unknown database AAAAAA}} 54 +do_test fuzz2-2.10 { 55 + catchsql {DELETE FROM AAAAAA WHERE #202 IS NOT NULL ISNULL} 56 +} {1 {near "#202": syntax error}} 57 +do_test fuzz2-2.11 { 58 + catchsql {UPDATE OR IGNORE "AAAAAA" . "AAAAAA" SET "AAAAAA" = NOT #96} 59 +} {1 {near "#96": syntax error}} 60 +do_test fuzz2-2.12 { 61 + catchsql {SELECT - #196} 62 +} {1 {near "#196": syntax error}} 63 +do_test fuzz2-3.0 { 64 + catchsql {CREATE TRIGGER "AAAAAA" . "AAAAAA" AFTER UPDATE OF "AAAAAA" , "AAAAAA" ON "AAAAAA" . "AAAAAA" FOR EACH ROW BEGIN UPDATE AAAAAA SET "AAAAAA" = #162; END} 65 +} {1 {near "#162": syntax error}} 66 +do_test fuzz2-3.1 { 67 + catchsql {CREATE TRIGGER IF NOT EXISTS "AAAAAA" UPDATE ON "AAAAAA" . AAAAAA FOR EACH ROW BEGIN DELETE FROM "AAAAAA" ; INSERT INTO AAAAAA ( "AAAAAA" ) SELECT DISTINCT "AAAAAA" "AAAAAA" , #167 AAAAAA , "AAAAAA" . * ORDER BY "AAAAAA" ASC , x'414141414141' BETWEEN RAISE ( FAIL , "AAAAAA" ) AND AAAAAA ( * ) NOT NULL DESC LIMIT AAAAAA ; REPLACE INTO AAAAAA ( AAAAAA ) VALUES ( AAAAAA ( * ) ) ; END} 68 +} {1 {near "#167": syntax error}} 69 +do_test fuzz2-3.2 { 70 + catchsql {CREATE TEMP TRIGGER IF NOT EXISTS AAAAAA . "AAAAAA" BEFORE UPDATE OF "AAAAAA" ON AAAAAA . "AAAAAA" BEGIN SELECT ALL * , #175 "AAAAAA" FROM "AAAAAA" . AAAAAA; END} 71 +} {1 {near "#175": syntax error}} 72 +do_test fuzz2-4.0 { 73 + catchsql {ATTACH DATABASE #168 AS whatever} 74 +} {1 {near "#168": syntax error}} 75 +do_test fuzz2-4.1 { 76 + catchsql {DETACH #133} 77 +} {1 {near "#133": syntax error}} 78 +do_test fuzz2-5.0 { 79 + catchsql {SELECT 1 LIMIT ( SELECT DISTINCT * , AAAAAA , * , AAAAAA , "AAAAAA" . * FROM "AAAAAA" ON ROUND( 1 ) COLLATE AAAAAA OR "AAAAAA" USING ( AAAAAA , "AAAAAA" ) WHERE ROUND( 1 ) GROUP BY ORDER BY #84 ASC , #44 DESC , ( SELECT "AAAAAA" . * , "AAAAAA" . * FROM , ( ) "AAAAAA" USING ( )} 80 +} {1 {near ",": syntax error}} 81 +do_test fuzz2-5.1 { 82 + catchsql {SELECT 1 WHERE 1 == AAAAAA ( * ) BETWEEN + - ~ + "AAAAAA" . AAAAAA | RAISE ( IGNORE ) COLLATE AAAAAA NOT IN ( SELECT DISTINCT "AAAAAA" . * , * , * WHERE ( SELECT ALL AAAAAA AS "AAAAAA" HAVING CAST ( "AAAAAA" . "AAAAAA" . "AAAAAA" AS AAAAAA ) ORDER BY , , IS NULL ASC , ~ AND DESC LIMIT ( ( "AAAAAA" ) NOT BETWEEN ( ) NOT IN ( ) AND AAAAAA ( ) IS NOT NULL ) OFFSET AAAAAA ( ALL , , ) ) GROUP BY ORDER BY "AAAAAA" . AAAAAA ASC , NULL IN ( SELECT UNION ALL SELECT ALL WHERE HAVING ORDER BY LIMIT UNION SELECT DISTINCT FROM ( ) WHERE + HAVING >> ORDER BY LIMIT . . , "AAAAAA" ) , CAST ( ~ "AAAAAA" . AAAAAA AS "AAAAAA" AAAAAA "AAAAAA" ( + 4294967295 , - 4294967296.0 ) ) ASC LIMIT AAAAAA INTERSECT SELECT ALL * GROUP BY , AAAAAA ( DISTINCT , ) != #241 NOT IN ( , , ) , , CTIME_KW HAVING AAAAAA ORDER BY #103 DESC , #81 ASC LIMIT AAAAAA OFFSET ~ AAAAAA ( ALL AAAAAA . AAAAAA >= AAAAAA . "AAAAAA" . "AAAAAA" ) ) NOTNULL NOT NULL} 83 +} {1 {near "#81": syntax error}} 84 +do_test fuzz2-5.2 { 85 + catchsql {SELECT 1 WHERE 1 == AAAAAA ( * ) BETWEEN + - ~ + "AAAAAA" . AAAAAA | RAISE ( IGNORE ) COLLATE AAAAAA NOT IN ( SELECT DISTINCT "AAAAAA" . * , * , * WHERE ( SELECT ALL AAAAAA AS "AAAAAA" HAVING CAST ( "AAAAAA" . "AAAAAA" . "AAAAAA" AS AAAAAA ) ORDER BY , , IS NULL ASC , ~ AND DESC LIMIT ( ( "AAAAAA" ) NOT BETWEEN ( ) NOT IN ( ) AND AAAAAA ( ) IS NOT NULL ) OFFSET AAAAAA ( ALL , , ) ) GROUP BY ORDER BY "AAAAAA" . AAAAAA ASC , NULL IN ( SELECT UNION ALL SELECT ALL WHERE HAVING ORDER BY LIMIT UNION SELECT DISTINCT FROM ( ) WHERE + HAVING >> ORDER BY LIMIT . . , "AAAAAA" ) , CAST ( ~ "AAAAAA" . AAAAAA AS "AAAAAA" AAAAAA "AAAAAA" ( + 4294967295 , - 4294967296.0 ) ) ASC LIMIT AAAAAA INTERSECT SELECT ALL * GROUP BY , AAAAAA ( DISTINCT , ) != #241 NOT IN ( , , ) , , CTIME_KW HAVING AAAAAA ORDER BY #103 DESC , #81 ASC LIMIT AAAAAA OFFSET ~ AAAAAA ( ALL AAAAAA . AAAAAA >= AAAAAA . "AAAAAA" . "AAAAAA" ) ) NOTNULL NOT NULL} 86 +} {1 {near "#81": syntax error}} 87 +do_test fuzz2-5.3 { 88 + catchsql {UPDATE "AAAAAA" SET "AAAAAA" = - EXISTS ( SELECT DISTINCT * , * ORDER BY #202 ASC , #147 , ~ AAAAAA . "AAAAAA" ASC LIMIT AAAAAA . "AAAAAA" , RAISE ( ABORT , AAAAAA ) UNION ALL SELECT DISTINCT AAAAAA . * , * FROM ( SELECT DISTINCT} 89 +} {1 {near "DISTINCT": syntax error}} 90 +do_test fuzz2-5.4 { 91 + catchsql {REPLACE INTO AAAAAA SELECT DISTINCT "AAAAAA" . * WHERE AAAAAA ( AAAAAA ( ) ) GROUP BY AAAAAA . AAAAAA . "AAAAAA" IN "AAAAAA" | AAAAAA ( ALL , ) ORDER BY #238, #92 DESC LIMIT 0 OFFSET - RAISE ( IGNORE ) NOT NULL > RAISE ( IGNORE ) IS NULL} 92 +} {1 {near "#92": syntax error}} 93 +do_test fuzz2-5.5 { 94 + catchsql {SELECT ALL * GROUP BY EXISTS ( SELECT "AAAAAA" . * , AAAAAA ( * ) AS AAAAAA FROM "AAAAAA" . "AAAAAA" AS "AAAAAA" USING ( AAAAAA , "AAAAAA" , "AAAAAA" ) WHERE AAAAAA ( DISTINCT ) - RAISE ( FAIL , "AAAAAA" ) HAVING "AAAAAA" . "AAAAAA" . AAAAAA ORDER BY #182 , #55 ) BETWEEN EXISTS ( SELECT ALL * FROM ( ( } 95 +} {1 {near " ": syntax error}} 96 + 97 +finish_test