/ Check-in [ee931508]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improved enforcement of the SQLITE_LIMIT_LENGTH limit. (CVS 5368)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: ee93150878436ce6e992ea8a1d348fb58b03b5e2
User & Date: drh 2008-07-08 14:52:08
Context
2008-07-08
15:26
Tests for SQLITE_LIMIT_LENGTH enforcement in sqlite3_bind. (CVS 5369) check-in: c5e45dd6 user: drh tags: trunk
14:52
Improved enforcement of the SQLITE_LIMIT_LENGTH limit. (CVS 5368) check-in: ee931508 user: drh tags: trunk
14:31
Another corruption related test case. (CVS 5367) check-in: f781a681 user: danielk1977 tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/build.c.

    18     18   **     CREATE INDEX
    19     19   **     DROP INDEX
    20     20   **     creating ID lists
    21     21   **     BEGIN TRANSACTION
    22     22   **     COMMIT
    23     23   **     ROLLBACK
    24     24   **
    25         -** $Id: build.c,v 1.486 2008/07/08 00:06:50 drh Exp $
           25  +** $Id: build.c,v 1.487 2008/07/08 14:52:08 drh Exp $
    26     26   */
    27     27   #include "sqliteInt.h"
    28     28   #include <ctype.h>
    29     29   
    30     30   /*
    31     31   ** This routine is called when a new SQL statement is beginning to
    32     32   ** be parsed.  Initialize the pParse structure as needed.
................................................................................
   272    272   ** auxiliary databases added using the ATTACH command.
   273    273   **
   274    274   ** See also sqlite3LocateTable().
   275    275   */
   276    276   Table *sqlite3FindTable(sqlite3 *db, const char *zName, const char *zDatabase){
   277    277     Table *p = 0;
   278    278     int i;
          279  +  int nName;
   279    280     assert( zName!=0 );
          281  +  nName = sqlite3Strlen(db, zName) + 1;
   280    282     for(i=OMIT_TEMPDB; i<db->nDb; i++){
   281    283       int j = (i<2) ? i^1 : i;   /* Search TEMP before MAIN */
   282    284       if( zDatabase!=0 && sqlite3StrICmp(zDatabase, db->aDb[j].zName) ) continue;
   283         -    p = sqlite3HashFind(&db->aDb[j].pSchema->tblHash, zName, strlen(zName)+1);
          285  +    p = sqlite3HashFind(&db->aDb[j].pSchema->tblHash, zName, nName);
   284    286       if( p ) break;
   285    287     }
   286    288     return p;
   287    289   }
   288    290   
   289    291   /*
   290    292   ** Locate the in-memory structure that describes a particular database
................................................................................
   334    336   ** for duplicate index names is done.)  The search order is
   335    337   ** TEMP first, then MAIN, then any auxiliary databases added
   336    338   ** using the ATTACH command.
   337    339   */
   338    340   Index *sqlite3FindIndex(sqlite3 *db, const char *zName, const char *zDb){
   339    341     Index *p = 0;
   340    342     int i;
          343  +  int nName = sqlite3Strlen(db, zName)+1;
   341    344     for(i=OMIT_TEMPDB; i<db->nDb; i++){
   342    345       int j = (i<2) ? i^1 : i;  /* Search TEMP before MAIN */
   343    346       Schema *pSchema = db->aDb[j].pSchema;
   344    347       if( zDb && sqlite3StrICmp(zDb, db->aDb[j].zName) ) continue;
   345    348       assert( pSchema || (j==1 && !db->aDb[1].pBt) );
   346    349       if( pSchema ){
   347         -      p = sqlite3HashFind(&pSchema->idxHash, zName, strlen(zName)+1);
          350  +      p = sqlite3HashFind(&pSchema->idxHash, zName, nName);
   348    351       }
   349    352       if( p ) break;
   350    353     }
   351    354     return p;
   352    355   }
   353    356   
   354    357   /*
................................................................................
   367    370   ** it is not unlinked from the Table that it indexes.
   368    371   ** Unlinking from the Table must be done by the calling function.
   369    372   */
   370    373   static void sqliteDeleteIndex(Index *p){
   371    374     Index *pOld;
   372    375     const char *zName = p->zName;
   373    376   
   374         -  pOld = sqlite3HashInsert(&p->pSchema->idxHash, zName, strlen( zName)+1, 0);
          377  +  pOld = sqlite3HashInsert(&p->pSchema->idxHash, zName, strlen(zName)+1, 0);
   375    378     assert( pOld==0 || pOld==p );
   376    379     freeIndex(p);
   377    380   }
   378    381   
   379    382   /*
   380    383   ** For the index called zIdxName which is found in the database iDb,
   381    384   ** unlike that index from its Table then remove the index from
................................................................................
   383    386   ** with the index.
   384    387   */
   385    388   void sqlite3UnlinkAndDeleteIndex(sqlite3 *db, int iDb, const char *zIdxName){
   386    389     Index *pIndex;
   387    390     int len;
   388    391     Hash *pHash = &db->aDb[iDb].pSchema->idxHash;
   389    392   
   390         -  len = strlen(zIdxName);
          393  +  len = sqlite3Strlen(db, zIdxName);
   391    394     pIndex = sqlite3HashInsert(pHash, zIdxName, len+1, 0);
   392    395     if( pIndex ){
   393    396       if( pIndex->pTable->pIndex==pIndex ){
   394    397         pIndex->pTable->pIndex = pIndex->pNext;
   395    398       }else{
   396    399         Index *p;
   397    400         for(p=pIndex->pTable->pIndex; p && p->pNext!=pIndex; p=p->pNext){}
................................................................................
  1261   1264     CollSeq *pColl;
  1262   1265   
  1263   1266     pColl = sqlite3FindCollSeq(db, enc, zName, nName, initbusy);
  1264   1267     if( !initbusy && (!pColl || !pColl->xCmp) ){
  1265   1268       pColl = sqlite3GetCollSeq(db, pColl, zName, nName);
  1266   1269       if( !pColl ){
  1267   1270         if( nName<0 ){
  1268         -        nName = strlen(zName);
         1271  +        nName = sqlite3Strlen(db, zName);
  1269   1272         }
  1270   1273         sqlite3ErrorMsg(pParse, "no such collation sequence: %.*s", nName, zName);
  1271   1274         pColl = 0;
  1272   1275       }
  1273   1276     }
  1274   1277   
  1275   1278     return pColl;

Changes to src/callback.c.

     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   **
    13     13   ** This file contains functions used to access the internal hash tables
    14     14   ** of user defined functions and collation sequences.
    15     15   **
    16         -** $Id: callback.c,v 1.24 2008/06/23 16:53:47 danielk1977 Exp $
           16  +** $Id: callback.c,v 1.25 2008/07/08 14:52:10 drh Exp $
    17     17   */
    18     18   
    19     19   #include "sqliteInt.h"
    20     20   
    21     21   /*
    22     22   ** Invoke the 'collation needed' callback to request a collation sequence
    23     23   ** in the database text encoding of name zName, length nName.
    24     24   ** If the collation sequence
    25     25   */
    26     26   static void callCollNeeded(sqlite3 *db, const char *zName, int nName){
    27     27     assert( !db->xCollNeeded || !db->xCollNeeded16 );
    28         -  if( nName<0 ) nName = strlen(zName);
           28  +  if( nName<0 ) nName = sqlite3Strlen(db, zName);
    29     29     if( db->xCollNeeded ){
    30     30       char *zExternal = sqlite3DbStrNDup(db, zName, nName);
    31     31       if( !zExternal ) return;
    32     32       db->xCollNeeded(db->pCollNeededArg, db, (int)ENC(db), zExternal);
    33     33       sqlite3_free(zExternal);
    34     34     }
    35     35   #ifndef SQLITE_OMIT_UTF16
................................................................................
   154    154   static CollSeq *findCollSeqEntry(
   155    155     sqlite3 *db,
   156    156     const char *zName,
   157    157     int nName,
   158    158     int create
   159    159   ){
   160    160     CollSeq *pColl;
   161         -  if( nName<0 ) nName = strlen(zName);
          161  +  if( nName<0 ) nName = sqlite3Strlen(db, zName);
   162    162     pColl = sqlite3HashFind(&db->aCollSeq, zName, nName);
   163    163   
   164    164     if( 0==pColl && create ){
   165    165       pColl = sqlite3DbMallocZero(db, 3*sizeof(*pColl) + nName + 1 );
   166    166       if( pColl ){
   167    167         CollSeq *pDel = 0;
   168    168         pColl[0].zName = (char*)&pColl[3];

Changes to src/global.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   **
    13     13   ** This file contains definitions of global variables and contants.
    14     14   **
    15         -** $Id: global.c,v 1.2 2008/06/14 16:56:22 drh Exp $
           15  +** $Id: global.c,v 1.3 2008/07/08 14:52:10 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   
    20     20   /* An array to map all upper-case characters into their corresponding
    21     21   ** lower-case character. 
    22     22   **
................................................................................
    62     62   #endif
    63     63   };
    64     64   
    65     65   /*
    66     66   ** The following singleton contains the global configuration for
    67     67   ** the SQLite library.
    68     68   */
    69         -struct Sqlite3Config sqlite3Config = { 1, 1, 1, };
           69  +struct Sqlite3Config sqlite3Config = { 1, 1, 1, 0x7ffffffe };

Changes to src/main.c.

    10     10   **
    11     11   *************************************************************************
    12     12   ** Main file for the SQLite library.  The routines in this file
    13     13   ** implement the programmer interface to the library.  Routines in
    14     14   ** other files are for internal use by SQLite and should not be
    15     15   ** accessed by users of the library.
    16     16   **
    17         -** $Id: main.c,v 1.470 2008/07/08 12:02:35 danielk1977 Exp $
           17  +** $Id: main.c,v 1.471 2008/07/08 14:52:10 drh Exp $
    18     18   */
    19     19   #include "sqliteInt.h"
    20     20   #include <ctype.h>
    21     21   
    22     22   #ifdef SQLITE_ENABLE_FTS3
    23     23   # include "fts3.h"
    24     24   #endif
................................................................................
   676    676   
   677    677     assert( sqlite3_mutex_held(db->mutex) );
   678    678     if( zFunctionName==0 ||
   679    679         (xFunc && (xFinal || xStep)) || 
   680    680         (!xFunc && (xFinal && !xStep)) ||
   681    681         (!xFunc && (!xFinal && xStep)) ||
   682    682         (nArg<-1 || nArg>SQLITE_MAX_FUNCTION_ARG) ||
   683         -      (255<(nName = strlen(zFunctionName))) ){
          683  +      (255<(nName = sqlite3Strlen(db, zFunctionName))) ){
   684    684       sqlite3Error(db, SQLITE_ERROR, "bad parameters");
   685    685       return SQLITE_ERROR;
   686    686     }
   687    687     
   688    688   #ifndef SQLITE_OMIT_UTF16
   689    689     /* If SQLITE_UTF16 is specified as the encoding type, transform this
   690    690     ** to one of SQLITE_UTF16LE or SQLITE_UTF16BE using the
................................................................................
   802    802   ** properly.
   803    803   */
   804    804   int sqlite3_overload_function(
   805    805     sqlite3 *db,
   806    806     const char *zName,
   807    807     int nArg
   808    808   ){
   809         -  int nName = strlen(zName);
          809  +  int nName = sqlite3Strlen(db, zName);
   810    810     int rc;
   811    811     sqlite3_mutex_enter(db->mutex);
   812    812     if( sqlite3FindFunction(db, zName, nName, nArg, SQLITE_UTF8, 0)==0 ){
   813    813       sqlite3CreateFunc(db, zName, nArg, SQLITE_UTF8,
   814    814                         0, sqlite3InvalidFunction, 0, 0);
   815    815     }
   816    816     rc = sqlite3ApiExit(db, SQLITE_OK);
................................................................................
  1090   1090     int enc, 
  1091   1091     void* pCtx,
  1092   1092     int(*xCompare)(void*,int,const void*,int,const void*),
  1093   1093     void(*xDel)(void*)
  1094   1094   ){
  1095   1095     CollSeq *pColl;
  1096   1096     int enc2;
         1097  +  int nName;
  1097   1098     
  1098   1099     assert( sqlite3_mutex_held(db->mutex) );
  1099   1100   
  1100   1101     /* If SQLITE_UTF16 is specified as the encoding type, transform this
  1101   1102     ** to one of SQLITE_UTF16LE or SQLITE_UTF16BE using the
  1102   1103     ** SQLITE_UTF16NATIVE macro. SQLITE_UTF16 is not used internally.
  1103   1104     */
................................................................................
  1109   1110       return SQLITE_MISUSE;
  1110   1111     }
  1111   1112   
  1112   1113     /* Check if this call is removing or replacing an existing collation 
  1113   1114     ** sequence. If so, and there are active VMs, return busy. If there
  1114   1115     ** are no active VMs, invalidate any pre-compiled statements.
  1115   1116     */
  1116         -  pColl = sqlite3FindCollSeq(db, (u8)enc2, zName, strlen(zName), 0);
         1117  +  nName = sqlite3Strlen(db, zName);
         1118  +  pColl = sqlite3FindCollSeq(db, (u8)enc2, zName, nName, 0);
  1117   1119     if( pColl && pColl->xCmp ){
  1118   1120       if( db->activeVdbeCnt ){
  1119   1121         sqlite3Error(db, SQLITE_BUSY, 
  1120   1122           "Unable to delete/modify collation sequence due to active statements");
  1121   1123         return SQLITE_BUSY;
  1122   1124       }
  1123   1125       sqlite3ExpirePreparedStatements(db);
................................................................................
  1125   1127       /* If collation sequence pColl was created directly by a call to
  1126   1128       ** sqlite3_create_collation, and not generated by synthCollSeq(),
  1127   1129       ** then any copies made by synthCollSeq() need to be invalidated.
  1128   1130       ** Also, collation destructor - CollSeq.xDel() - function may need
  1129   1131       ** to be called.
  1130   1132       */ 
  1131   1133       if( (pColl->enc & ~SQLITE_UTF16_ALIGNED)==enc2 ){
  1132         -      CollSeq *aColl = sqlite3HashFind(&db->aCollSeq, zName, strlen(zName));
         1134  +      CollSeq *aColl = sqlite3HashFind(&db->aCollSeq, zName, nName);
  1133   1135         int j;
  1134   1136         for(j=0; j<3; j++){
  1135   1137           CollSeq *p = &aColl[j];
  1136   1138           if( p->enc==pColl->enc ){
  1137   1139             if( p->xDel ){
  1138   1140               p->xDel(p->pUser);
  1139   1141             }
  1140   1142             p->xCmp = 0;
  1141   1143           }
  1142   1144         }
  1143   1145       }
  1144   1146     }
  1145   1147   
  1146         -  pColl = sqlite3FindCollSeq(db, (u8)enc2, zName, strlen(zName), 1);
         1148  +  pColl = sqlite3FindCollSeq(db, (u8)enc2, zName, nName, 1);
  1147   1149     if( pColl ){
  1148   1150       pColl->xCmp = xCompare;
  1149   1151       pColl->pUser = pCtx;
  1150   1152       pColl->xDel = xDel;
  1151   1153       pColl->enc = enc2 | (enc & SQLITE_UTF16_ALIGNED);
  1152   1154     }
  1153   1155     sqlite3Error(db, SQLITE_OK, 0);

Changes to src/sqliteInt.h.

     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** Internal interface definitions for SQLite.
    13     13   **
    14         -** @(#) $Id: sqliteInt.h,v 1.734 2008/06/27 14:05:25 danielk1977 Exp $
           14  +** @(#) $Id: sqliteInt.h,v 1.735 2008/07/08 14:52:10 drh Exp $
    15     15   */
    16     16   #ifndef _SQLITEINT_H_
    17     17   #define _SQLITEINT_H_
    18     18   
    19     19   /*
    20     20   ** Include the configuration header output by 'configure' if we're using the
    21     21   ** autoconf-based build
................................................................................
  1735   1735   **
  1736   1736   ** This structure also contains some state information.
  1737   1737   */
  1738   1738   struct Sqlite3Config {
  1739   1739     int bMemstat;                     /* True to enable memory status */
  1740   1740     int bCoreMutex;                   /* True to enable core mutexing */
  1741   1741     int bFullMutex;                   /* True to enable full mutexing */
         1742  +  int mxStrlen;                     /* Maximum string length */
  1742   1743     sqlite3_mem_methods m;            /* Low-level memory allocation interface */
  1743   1744     sqlite3_mutex_methods mutex;      /* Low-level mutex interface */
  1744   1745     void *pHeap;                      /* Heap storage space */
  1745   1746     int nHeap;                        /* Size of pHeap[] */
  1746   1747     int mnReq, mxReq;                 /* Min and max heap requests sizes */
  1747   1748     void *pScratch;                   /* Scratch memory */
  1748   1749     int szScratch;                    /* Size of each scratch buffer */
................................................................................
  1782   1783   
  1783   1784   /*
  1784   1785   ** Internal function prototypes
  1785   1786   */
  1786   1787   int sqlite3StrICmp(const char *, const char *);
  1787   1788   int sqlite3StrNICmp(const char *, const char *, int);
  1788   1789   int sqlite3IsNumber(const char*, int*, u8);
         1790  +int sqlite3Strlen(sqlite3*, const char*);
  1789   1791   
  1790   1792   int sqlite3MallocInit(void);
  1791   1793   void sqlite3MallocEnd(void);
  1792   1794   void *sqlite3Malloc(int);
  1793   1795   void *sqlite3MallocZero(int);
  1794   1796   void *sqlite3DbMallocZero(sqlite3*, int);
  1795   1797   void *sqlite3DbMallocRaw(sqlite3*, int);

Changes to src/util.c.

    10     10   **
    11     11   *************************************************************************
    12     12   ** Utility functions used throughout sqlite.
    13     13   **
    14     14   ** This file contains functions for allocating memory, comparing
    15     15   ** strings, and stuff like that.
    16     16   **
    17         -** $Id: util.c,v 1.233 2008/07/06 00:21:35 drh Exp $
           17  +** $Id: util.c,v 1.234 2008/07/08 14:52:10 drh Exp $
    18     18   */
    19     19   #include "sqliteInt.h"
    20     20   #include <stdarg.h>
    21     21   #include <ctype.h>
    22     22   
    23     23   
    24     24   /*
................................................................................
    36     36     */
    37     37   #ifdef __FAST_MATH__
    38     38   # error SQLite will not work correctly with the -ffast-math option of GCC.
    39     39   #endif
    40     40     volatile double y = x;
    41     41     return x!=y;
    42     42   }
           43  +
           44  +/*
           45  +** Return the length of a string, except do not allow the string length
           46  +** to exceed the SQLITE_LIMIT_LENGTH setting.
           47  +*/
           48  +int sqlite3Strlen(sqlite3 *db, const char *z){
           49  +  const char *z2 = z;
           50  +  while( *z2 ){ z2++; }
           51  +  if( z2 > &z[db->aLimit[SQLITE_LIMIT_LENGTH]] ){
           52  +    return db->aLimit[SQLITE_LIMIT_LENGTH];
           53  +  }else{
           54  +    return (int)(z2 - z);
           55  +  }
           56  +}
    43     57   
    44     58   /*
    45     59   ** Set the most recent error code and error string for the sqlite
    46     60   ** handle "db". The error code is set to "err_code".
    47     61   **
    48     62   ** If it is not NULL, string zFormat specifies the format of the
    49     63   ** error string in the style of the printf functions: The following

Changes to src/vdbemem.c.

    11     11   *************************************************************************
    12     12   **
    13     13   ** This file contains code use to manipulate "Mem" structure.  A "Mem"
    14     14   ** stores a single value in the VDBE.  Mem is an opaque structure visible
    15     15   ** only within the VDBE.  Interface routines refer to a Mem using the
    16     16   ** name sqlite_value
    17     17   **
    18         -** $Id: vdbemem.c,v 1.115 2008/05/16 04:51:55 danielk1977 Exp $
           18  +** $Id: vdbemem.c,v 1.116 2008/07/08 14:52:10 drh Exp $
    19     19   */
    20     20   #include "sqliteInt.h"
    21     21   #include <ctype.h>
    22     22   #include "vdbeInt.h"
    23     23   
    24     24   /*
    25     25   ** Call sqlite3VdbeMemExpandBlob() on the supplied value (type Mem*)
................................................................................
   584    584     Mem *pMem,          /* Memory cell to set to string value */
   585    585     const char *z,      /* String pointer */
   586    586     int n,              /* Bytes in string, or negative */
   587    587     u8 enc,             /* Encoding of z.  0 for BLOBs */
   588    588     void (*xDel)(void*) /* Destructor function */
   589    589   ){
   590    590     int nByte = n;      /* New value for pMem->n */
          591  +  int iLimit;         /* Maximum allowed string or blob size */
   591    592     int flags = 0;      /* New value for pMem->flags */
   592    593   
   593    594     assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   594    595   
   595    596     /* If z is a NULL pointer, set pMem to contain an SQL NULL. */
   596    597     if( !z ){
   597    598       sqlite3VdbeMemSetNull(pMem);
   598    599       return SQLITE_OK;
   599    600     }
   600    601   
          602  +  if( pMem->db ){
          603  +    iLimit = pMem->db->aLimit[SQLITE_LIMIT_LENGTH];
          604  +  }else{
          605  +    iLimit = SQLITE_MAX_LENGTH;
          606  +  }
   601    607     flags = (enc==0?MEM_Blob:MEM_Str);
   602    608     if( nByte<0 ){
   603    609       assert( enc!=0 );
   604    610       if( enc==SQLITE_UTF8 ){
   605         -      for(nByte=0; z[nByte]; nByte++){}
          611  +      for(nByte=0; nByte<=iLimit && z[nByte]; nByte++){}
   606    612       }else{
   607         -      for(nByte=0; z[nByte] | z[nByte+1]; nByte+=2){}
          613  +      for(nByte=0; nByte<=iLimit && (z[nByte] | z[nByte+1]); nByte+=2){}
   608    614       }
   609    615       flags |= MEM_Term;
   610    616     }
          617  +  if( nByte>iLimit ){
          618  +    return SQLITE_TOOBIG;
          619  +  }
   611    620   
   612    621     /* The following block sets the new values of Mem.z and Mem.xDel. It
   613    622     ** also sets a flag in local variable "flags" to indicate the memory
   614    623     ** management (one of MEM_Dyn or MEM_Static).
   615    624     */
   616    625     if( xDel==SQLITE_TRANSIENT ){
   617    626       int nAlloc = nByte;