/ Check-in [d146f01a]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Make sure that the REGISTER token generates a valid Expr. REGISTER will cause the tokenizer to abort, but the parser might do several reduce actions prior to that abort and those reduce actions sometimes need a valid Expr. (CVS 3980)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: d146f01a02579339c5dc86bbe59f246bd6c05c63
User & Date: drh 2007-05-11 00:20:08
Context
2007-05-11
01:44
Additional parsing bugs fixed. (CVS 3981) check-in: d12a8924 user: drh tags: trunk
00:20
Make sure that the REGISTER token generates a valid Expr. REGISTER will cause the tokenizer to abort, but the parser might do several reduce actions prior to that abort and those reduce actions sometimes need a valid Expr. (CVS 3980) check-in: d146f01a user: drh tags: trunk
2007-05-10
21:14
When converting literal BLOBs to text using the encoding of the main database. Ticket #2349. (CVS 3975) check-in: a57afaff user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/expr.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains routines used for analyzing expressions and
    13     13   ** for generating VDBE code that evaluates expressions in SQLite.
    14     14   **
    15         -** $Id: expr.c,v 1.289 2007/05/10 10:46:56 danielk1977 Exp $
           15  +** $Id: expr.c,v 1.290 2007/05/11 00:20:08 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   #include <ctype.h>
    19     19   
    20     20   /*
    21     21   ** Return the 'affinity' of the expression pExpr if any.
    22     22   **
................................................................................
   276    276   ** The returns an expression that will code to extract the value from
   277    277   ** that memory location as needed.
   278    278   */
   279    279   Expr *sqlite3RegisterExpr(Parse *pParse, Token *pToken){
   280    280     Vdbe *v = pParse->pVdbe;
   281    281     Expr *p;
   282    282     int depth;
          283  +  static const Token zeroToken = { (u8*)"0", 0, 1 };
   283    284     if( pParse->nested==0 ){
   284    285       sqlite3ErrorMsg(pParse, "near \"%T\": syntax error", pToken);
   285         -    return 0;
          286  +    return sqlite3Expr(TK_INTEGER, 0, 0, &zeroToken);
   286    287     }
   287    288     if( v==0 ) return 0;
   288    289     p = sqlite3Expr(TK_REGISTER, 0, 0, pToken);
   289    290     if( p==0 ){
   290    291       return 0;  /* Malloc failed */
   291    292     }
   292    293     depth = atoi((char*)&pToken->z[1]);

Changes to test/fuzz.test.

     1         -
     2         -# 2001 September 15
            1  +# 2007 May 10
     3      2   #
     4      3   # The author disclaims copyright to this source code.  In place of
     5      4   # a legal notice, here is a blessing:
     6      5   #
     7      6   #    May you do good and not evil.
     8      7   #    May you find forgiveness for yourself and forgive others.
     9      8   #    May you share freely, never taking more than you give.
    10      9   #
    11     10   #***********************************************************************
    12     11   # This file implements regression tests for SQLite library.  The
    13         -# focus of this file is testing the SELECT statement.
           12  +# focus of this file is generating semi-random strings of SQL
           13  +# (a.k.a. "fuzz") and sending it into the parser to try to generate
           14  +# errors.
    14     15   #
    15         -# $Id: fuzz.test,v 1.3 2007/05/10 17:38:57 danielk1977 Exp $
           16  +# $Id: fuzz.test,v 1.4 2007/05/11 00:20:08 drh Exp $
    16     17   
    17     18   set testdir [file dirname $argv0]
    18     19   source $testdir/tester.tcl
    19     20   
    20     21   proc fuzz {TemplateList} {
    21     22     set n [llength $TemplateList]
    22     23     set i [expr {int(rand()*$n)}]
................................................................................
   191    192         puts $msg
   192    193       }
   193    194       set e
   194    195     } {1}
   195    196   } 
   196    197   
   197    198   finish_test
   198         -

Added test/fuzz2.test.

            1  +# 2007 May 10
            2  +#
            3  +# The author disclaims copyright to this source code.  In place of
            4  +# a legal notice, here is a blessing:
            5  +#
            6  +#    May you do good and not evil.
            7  +#    May you find forgiveness for yourself and forgive others.
            8  +#    May you share freely, never taking more than you give.
            9  +#
           10  +#***********************************************************************
           11  +# This file implements regression tests for SQLite library. 
           12  +#
           13  +# This file checks error recovery from malformed SQL strings.
           14  +#
           15  +# $Id: fuzz2.test,v 1.1 2007/05/11 00:20:08 drh Exp $
           16  +
           17  +set testdir [file dirname $argv0]
           18  +source $testdir/tester.tcl
           19  +
           20  +do_test fuzz2-1.1 {
           21  +  catchsql {SELECT ALL "AAAAAA" . * GROUP BY LIMIT round(1), #12}
           22  +} {1 {near "#12": syntax error}}
           23  +do_test fuzz2-2.0 {
           24  +  catchsql {SELECT + #100}
           25  +} {1 {near "#100": syntax error}}
           26  +do_test fuzz2-2.1 {
           27  +  catchsql {SELECT 1 WHERE ( #61 NOT MATCH ROUND( 1 ) )}
           28  +} {1 {near "#61": syntax error}}
           29  +do_test fuzz2-2.2 {
           30  +  catchsql {SELECT 1 LIMIT NOT #59 COLLATE AAAAAA NOT IN 
           31  +    ( "AAAAAA" NOTNULL <= x'414141414141' IS NULL , ( ROUND ( 1.0 ) ) )}
           32  +} {1 {no such collation sequence: AAAAAA}}
           33  +do_test fuzz2-2.3 {
           34  +  catchsql {INSERT OR REPLACE INTO AAAAAA . "AAAAAA" ( "AAAAAA" ) SELECT DISTINCT * , ( SELECT #252 IN ( SELECT DISTINCT AAAAAA . * ) )}
           35  +} {1 {near "#252": syntax error}}
           36  +do_test fuzz2-2.4 {
           37  +  catchsql {SELECT 1 LIMIT NOT #59 COLLATE AAAAAA NOT IN round(1.0)}
           38  +} {1 {near "(": syntax error}}
           39  +do_test fuzz2-2.5 {
           40  +  catchsql {SELECT( #239 )}
           41  +} {1 {near "#239": syntax error}}
           42  +do_test fuzz2-2.6 {
           43  +  catchsql {DELETE FROM AAAAAA WHERE #65 NOT NULL}
           44  +} {1 {near "#65": syntax error}}
           45  +do_test fuzz2-2.7 {
           46  +  catchsql {ATTACH ROUND( 1.0 ) in  AAAAAA . "AAAAAA" AS #122 ISNULL}
           47  +} {1 {invalid name: "ROUND( 1.0 ) in  AAAAAA . "AAAAAA""}}
           48  +do_test fuzz2-2.8 {
           49  +  catchsql {SELECT 1 LIMIT  #122 ISNULL}
           50  +} {1 {near "#122": syntax error}}
           51  +do_test fuzz2-2.9 {
           52  +  catchsql {CREATE VIEW AAAAAA . "AAAAAA" AS SELECT DISTINCT #162 IS NULL "AAAAAA"}
           53  +} {1 {unknown database AAAAAA}}
           54  +do_test fuzz2-2.10 {
           55  +  catchsql {DELETE FROM AAAAAA WHERE #202 IS NOT NULL ISNULL}
           56  +} {1 {near "#202": syntax error}}
           57  +do_test fuzz2-2.11 {
           58  +  catchsql {UPDATE OR IGNORE "AAAAAA" . "AAAAAA" SET "AAAAAA" = NOT #96}
           59  +} {1 {near "#96": syntax error}}
           60  +do_test fuzz2-2.12 {
           61  +  catchsql {SELECT - #196}
           62  +} {1 {near "#196": syntax error}}
           63  +do_test fuzz2-3.0 {
           64  +  catchsql {CREATE TRIGGER "AAAAAA" . "AAAAAA" AFTER UPDATE OF "AAAAAA" , "AAAAAA" ON "AAAAAA" . "AAAAAA" FOR EACH ROW BEGIN UPDATE AAAAAA SET "AAAAAA" = #162;  END}
           65  +} {1 {near "#162": syntax error}}
           66  +do_test fuzz2-3.1 {
           67  +  catchsql {CREATE TRIGGER IF NOT EXISTS "AAAAAA" UPDATE ON "AAAAAA" . AAAAAA FOR EACH ROW BEGIN DELETE FROM "AAAAAA" ; INSERT INTO AAAAAA ( "AAAAAA" ) SELECT DISTINCT "AAAAAA" "AAAAAA" , #167 AAAAAA , "AAAAAA" . * ORDER BY "AAAAAA" ASC , x'414141414141' BETWEEN RAISE ( FAIL , "AAAAAA" ) AND AAAAAA ( * ) NOT NULL DESC LIMIT AAAAAA ; REPLACE INTO AAAAAA ( AAAAAA ) VALUES ( AAAAAA ( * ) ) ; END}
           68  +} {1 {near "#167": syntax error}}
           69  +do_test fuzz2-3.2 {
           70  +  catchsql {CREATE TEMP TRIGGER IF NOT EXISTS AAAAAA . "AAAAAA" BEFORE UPDATE OF "AAAAAA" ON AAAAAA . "AAAAAA" BEGIN SELECT ALL * , #175 "AAAAAA" FROM "AAAAAA" . AAAAAA;  END}
           71  +} {1 {near "#175": syntax error}}
           72  +do_test fuzz2-4.0 {
           73  +  catchsql {ATTACH DATABASE #168 AS whatever}
           74  +} {1 {near "#168": syntax error}}
           75  +do_test fuzz2-4.1 {
           76  +  catchsql {DETACH #133}
           77  +} {1 {near "#133": syntax error}}
           78  +do_test fuzz2-5.0 {
           79  +  catchsql {SELECT 1 LIMIT ( SELECT DISTINCT * , AAAAAA , * , AAAAAA , "AAAAAA" . * FROM "AAAAAA" ON ROUND( 1 ) COLLATE AAAAAA OR "AAAAAA" USING ( AAAAAA , "AAAAAA" ) WHERE ROUND( 1 ) GROUP BY ORDER BY #84 ASC , #44 DESC , ( SELECT "AAAAAA" . * , "AAAAAA" . * FROM , ( ) "AAAAAA" USING ( )}
           80  +} {1 {near ",": syntax error}}
           81  +do_test fuzz2-5.1 {
           82  +  catchsql {SELECT 1 WHERE 1 == AAAAAA ( * ) BETWEEN + - ~ + "AAAAAA" . AAAAAA | RAISE ( IGNORE ) COLLATE AAAAAA NOT IN ( SELECT DISTINCT "AAAAAA" . * , * , * WHERE ( SELECT ALL AAAAAA AS "AAAAAA" HAVING CAST ( "AAAAAA" . "AAAAAA" . "AAAAAA" AS AAAAAA ) ORDER BY , , IS NULL ASC , ~ AND DESC LIMIT ( ( "AAAAAA" ) NOT BETWEEN ( ) NOT IN ( ) AND AAAAAA ( ) IS NOT NULL ) OFFSET AAAAAA ( ALL , , ) ) GROUP BY ORDER BY "AAAAAA" . AAAAAA ASC , NULL IN ( SELECT UNION ALL SELECT ALL WHERE HAVING ORDER BY LIMIT UNION SELECT DISTINCT FROM ( ) WHERE + HAVING >> ORDER BY LIMIT . . , "AAAAAA" ) , CAST ( ~ "AAAAAA" . AAAAAA AS "AAAAAA" AAAAAA "AAAAAA" ( + 4294967295 , - 4294967296.0 ) ) ASC LIMIT AAAAAA INTERSECT SELECT ALL * GROUP BY , AAAAAA ( DISTINCT , ) != #241 NOT IN ( , , ) , , CTIME_KW HAVING AAAAAA ORDER BY #103 DESC , #81 ASC LIMIT AAAAAA OFFSET ~ AAAAAA ( ALL AAAAAA . AAAAAA >= AAAAAA . "AAAAAA" . "AAAAAA" ) ) NOTNULL NOT NULL}
           83  +} {1 {near "#81": syntax error}}
           84  +do_test fuzz2-5.2 {
           85  +  catchsql {SELECT 1 WHERE 1 == AAAAAA ( * ) BETWEEN + - ~ + "AAAAAA" . AAAAAA | RAISE ( IGNORE ) COLLATE AAAAAA NOT IN ( SELECT DISTINCT "AAAAAA" . * , * , * WHERE ( SELECT ALL AAAAAA AS "AAAAAA" HAVING CAST ( "AAAAAA" . "AAAAAA" . "AAAAAA" AS AAAAAA ) ORDER BY , , IS NULL ASC , ~ AND DESC LIMIT ( ( "AAAAAA" ) NOT BETWEEN ( ) NOT IN ( ) AND AAAAAA ( ) IS NOT NULL ) OFFSET AAAAAA ( ALL , , ) ) GROUP BY ORDER BY "AAAAAA" . AAAAAA ASC , NULL IN ( SELECT UNION ALL SELECT ALL WHERE HAVING ORDER BY LIMIT UNION SELECT DISTINCT FROM ( ) WHERE + HAVING >> ORDER BY LIMIT . . , "AAAAAA" ) , CAST ( ~ "AAAAAA" . AAAAAA AS "AAAAAA" AAAAAA "AAAAAA" ( + 4294967295 , - 4294967296.0 ) ) ASC LIMIT AAAAAA INTERSECT SELECT ALL * GROUP BY , AAAAAA ( DISTINCT , ) != #241 NOT IN ( , , ) , , CTIME_KW HAVING AAAAAA ORDER BY #103 DESC , #81 ASC LIMIT AAAAAA OFFSET ~ AAAAAA ( ALL AAAAAA . AAAAAA >= AAAAAA . "AAAAAA" . "AAAAAA" ) ) NOTNULL NOT NULL}
           86  +} {1 {near "#81": syntax error}}
           87  +do_test fuzz2-5.3 {
           88  +  catchsql {UPDATE "AAAAAA" SET "AAAAAA" = - EXISTS ( SELECT DISTINCT * , * ORDER BY #202 ASC , #147 , ~ AAAAAA . "AAAAAA" ASC LIMIT AAAAAA . "AAAAAA" , RAISE ( ABORT , AAAAAA ) UNION ALL SELECT DISTINCT AAAAAA . * , * FROM ( SELECT DISTINCT}
           89  +} {1 {near "DISTINCT": syntax error}}
           90  +do_test fuzz2-5.4 {
           91  +  catchsql {REPLACE INTO AAAAAA SELECT DISTINCT "AAAAAA" . * WHERE AAAAAA ( AAAAAA ( ) ) GROUP BY AAAAAA . AAAAAA . "AAAAAA" IN "AAAAAA" | AAAAAA ( ALL , ) ORDER BY #238, #92 DESC LIMIT 0 OFFSET - RAISE ( IGNORE ) NOT NULL > RAISE ( IGNORE ) IS NULL}
           92  +} {1 {near "#92": syntax error}}
           93  +do_test fuzz2-5.5 {
           94  +  catchsql {SELECT ALL * GROUP BY EXISTS ( SELECT "AAAAAA" . * , AAAAAA ( * ) AS AAAAAA FROM "AAAAAA" . "AAAAAA" AS "AAAAAA" USING ( AAAAAA , "AAAAAA" , "AAAAAA" ) WHERE AAAAAA ( DISTINCT ) - RAISE ( FAIL , "AAAAAA" ) HAVING "AAAAAA" . "AAAAAA" . AAAAAA ORDER BY #182 , #55 ) BETWEEN EXISTS ( SELECT ALL * FROM ( ( }
           95  +} {1 {near " ": syntax error}}
           96  +
           97  +finish_test