/ Check-in [f4021843]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Make sure zeroblob does reasonable things with a negative argument or an argument that is larger than the maximum blob size. (CVS 4048)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: f40218434e549144ddb48303df30e5191d44d3fc
User & Date: drh 2007-06-07 19:08:33
Context
2007-06-08
00:20
Fix the query optimizer so that it correctly handles constant expressions in the ON clause of a LEFT JOIN. Ticket #2403. (CVS 4049) check-in: 46fdd195 user: drh tags: trunk
2007-06-07
19:08
Make sure zeroblob does reasonable things with a negative argument or an argument that is larger than the maximum blob size. (CVS 4048) check-in: f4021843 user: drh tags: trunk
15:45
Fix an error in test file sqllimits1.test that was causing a test to fail when SQLITE_MAX_EXPR_DEPTH was defined. (CVS 4047) check-in: e66aa2c3 user: danielk1977 tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/func.c.

    12     12   ** This file contains the C functions that implement various SQL
    13     13   ** functions of SQLite.  
    14     14   **
    15     15   ** There is only one exported symbol in this file - the function
    16     16   ** sqliteRegisterBuildinFunctions() found at the bottom of the file.
    17     17   ** All other code has file scope.
    18     18   **
    19         -** $Id: func.c,v 1.159 2007/05/15 14:40:11 drh Exp $
           19  +** $Id: func.c,v 1.160 2007/06/07 19:08:33 drh Exp $
    20     20   */
    21     21   #include "sqliteInt.h"
    22     22   #include <ctype.h>
    23     23   /* #include <math.h> */
    24     24   #include <stdlib.h>
    25     25   #include <assert.h>
    26     26   #include "vdbeInt.h"
................................................................................
   752    752   ** The zeroblob(N) function returns a zero-filled blob of size N bytes.
   753    753   */
   754    754   static void zeroblobFunc(
   755    755     sqlite3_context *context,
   756    756     int argc,
   757    757     sqlite3_value **argv
   758    758   ){
   759         -  int n;
          759  +  i64 n;
   760    760     assert( argc==1 );
   761         -  n = sqlite3_value_int(argv[0]);
   762         -  sqlite3_result_zeroblob(context, n);
          761  +  n = sqlite3_value_int64(argv[0]);
          762  +  if( n>SQLITE_MAX_LENGTH ){
          763  +    sqlite3_result_error_toobig(context);
          764  +  }else{
          765  +    sqlite3_result_zeroblob(context, n);
          766  +  }
   763    767   }
   764    768   
   765    769   /*
   766    770   ** The replace() function.  Three arguments are all strings: call
   767    771   ** them A, B, and C. The result is also a string which is derived
   768    772   ** from A by replacing every occurance of B with C.  The match
   769    773   ** must be exact.  Collating sequences are not used.

Changes to src/limits.h.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** 
    13     13   ** This file defines various limits of what SQLite can process.
    14     14   **
    15         -** @(#) $Id: limits.h,v 1.7 2007/06/07 10:55:36 drh Exp $
           15  +** @(#) $Id: limits.h,v 1.8 2007/06/07 19:08:34 drh Exp $
    16     16   */
    17     17   
    18     18   /*
    19     19   ** The maximum length of a TEXT or BLOB in bytes.   This also
    20     20   ** limits the size of a row in a table or index.
    21     21   **
    22     22   ** The hard limit is the ability of a 32-bit signed integer
................................................................................
    76     76   */
    77     77   #ifndef SQLITE_MAX_COMPOUND_SELECT
    78     78   # define SQLITE_MAX_COMPOUND_SELECT 100
    79     79   #endif
    80     80   
    81     81   /*
    82     82   ** The maximum number of opcodes in a VDBE program.
           83  +** Not currently enforced.
    83     84   */
    84     85   #ifndef SQLITE_MAX_VDBE_OP
    85     86   # define SQLITE_MAX_VDBE_OP 25000
    86     87   #endif
    87     88   
    88     89   /*
    89     90   ** The maximum number of arguments to an SQL function.

Changes to src/vdbe.c.

    39     39   **
    40     40   ** Various scripts scan this source file in order to generate HTML
    41     41   ** documentation, headers files, or other derived files.  The formatting
    42     42   ** of the code in this file is, therefore, important.  See other comments
    43     43   ** in this file for details.  If in doubt, do not deviate from existing
    44     44   ** commenting and indentation practices when changing or adding code.
    45     45   **
    46         -** $Id: vdbe.c,v 1.623 2007/05/23 06:31:39 drh Exp $
           46  +** $Id: vdbe.c,v 1.624 2007/06/07 19:08:34 drh Exp $
    47     47   */
    48     48   #include "sqliteInt.h"
    49     49   #include "os.h"
    50     50   #include <ctype.h>
    51     51   #include <math.h>
    52     52   #include "vdbeInt.h"
    53     53   
................................................................................
  5135   5135     ** is encountered.
  5136   5136     */
  5137   5137   too_big:
  5138   5138     sqlite3SetString(&p->zErrMsg, "string or blob too big", (char*)0);
  5139   5139     rc = SQLITE_TOOBIG;
  5140   5140     goto vdbe_halt;
  5141   5141   
  5142         -  /* Jump to here if a malloc() fails.  It's hard to get a malloc()
  5143         -  ** to fail on a modern VM computer, so this code is untested.
         5142  +  /* Jump to here if a malloc() fails.
  5144   5143     */
  5145   5144   no_mem:
  5146   5145     sqlite3SetString(&p->zErrMsg, "out of memory", (char*)0);
  5147   5146     rc = SQLITE_NOMEM;
  5148   5147     goto vdbe_halt;
  5149   5148   
  5150   5149     /* Jump to here for an SQLITE_MISUSE error.

Changes to src/vdbemem.c.

    94     94   ** If the given Mem* has a zero-filled tail, turn it into an ordinary
    95     95   ** blob stored in dynamically allocated space.
    96     96   */
    97     97   #ifndef SQLITE_OMIT_INCRBLOB
    98     98   int sqlite3VdbeMemExpandBlob(Mem *pMem){
    99     99     if( pMem->flags & MEM_Zero ){
   100    100       char *pNew;
          101  +    int nByte;
   101    102       assert( (pMem->flags & MEM_Blob)!=0 );
   102         -    pNew = sqliteMalloc(pMem->n+pMem->u.i);
          103  +    nByte = pMem->n + pMem->u.i;
          104  +    if( nByte<=0 ) nByte = 1;
          105  +    pNew = sqliteMalloc(nByte);
   103    106       if( pNew==0 ){ 
   104    107         return SQLITE_NOMEM;
   105    108       }
   106    109       memcpy(pNew, pMem->z, pMem->n);
   107    110       memset(&pNew[pMem->n], 0, pMem->u.i);
   108    111       sqlite3VdbeMemRelease(pMem);
   109    112       pMem->z = pNew;
................................................................................
   407    410   ** n containing all zeros.
   408    411   */
   409    412   void sqlite3VdbeMemSetZeroBlob(Mem *pMem, int n){
   410    413     sqlite3VdbeMemRelease(pMem);
   411    414     pMem->flags = MEM_Blob|MEM_Zero|MEM_Short;
   412    415     pMem->type = SQLITE_BLOB;
   413    416     pMem->n = 0;
          417  +  if( n<0 ) n = 0;
   414    418     pMem->u.i = n;
   415    419     pMem->z = pMem->zShort;
   416    420     pMem->enc = SQLITE_UTF8;
   417    421   }
   418    422   
   419    423   /*
   420    424   ** Delete any previous value and set the value stored in *pMem to val,

Changes to test/sqllimits1.test.

     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #***********************************************************************
    11     11   #
    12     12   # This file contains tests to verify that the limits defined in
    13     13   # sqlite source file limits.h are enforced.
    14     14   #
    15         -# $Id: sqllimits1.test,v 1.9 2007/06/07 15:45:35 danielk1977 Exp $
           15  +# $Id: sqllimits1.test,v 1.10 2007/06/07 19:08:34 drh Exp $
    16     16   
    17     17   set testdir [file dirname $argv0]
    18     18   source $testdir/tester.tcl
    19     19   
    20     20   # Test organization:
    21     21   #
    22     22   #     sqllimits-1.*:  SQLITE_MAX_LENGTH
................................................................................
    37     37   #     sqllimits-6.*:   SQLITE_MAX_VDBE_OP               (sqlite todo)
    38     38   #
    39     39   
    40     40   #--------------------------------------------------------------------
    41     41   # Test cases sqllimits-1.* test that the SQLITE_MAX_LENGTH limit
    42     42   # is enforced.
    43     43   #
    44         -do_test sqllimits-1.1 {
           44  +do_test sqllimits-1.1.1 {
    45     45     catchsql { SELECT randomblob(2147483647) }
    46     46   } {1 {string or blob too big}}
           47  +do_test sqllimits-1.1.2 {
           48  +  catchsql { SELECT zeroblob(2147483647) }
           49  +} {1 {string or blob too big}}
    47     50   
    48     51   # Large, but allowable, blob-size.
    49     52   #
    50     53   set ::LARGESIZE [expr $SQLITE_MAX_LENGTH - 1] 
    51     54   
    52     55   do_test sqllimits-1.2 {
    53     56     catchsql { SELECT LENGTH(randomblob($::LARGESIZE)) }
................................................................................
    54     57   } "0 $::LARGESIZE"
    55     58   
    56     59   do_test sqllimits-1.3 {
    57     60     catchsql { SELECT quote(randomblob($::LARGESIZE)) }
    58     61   } {1 {string or blob too big}}
    59     62   
    60     63   do_test sqllimits-1.4 {
           64  +  catchsql { SELECT LENGTH(zeroblob($::LARGESIZE)) }
           65  +} "0 $::LARGESIZE"
           66  +
           67  +do_test sqllimits-1.5 {
           68  +  catchsql { SELECT quote(zeroblob($::LARGESIZE)) }
           69  +} {1 {string or blob too big}}
           70  +
           71  +do_test sqllimits-1.6 {
           72  +  catchsql { SELECT zeroblob(-1) }
           73  +} {0 {}}
           74  +
           75  +do_test sqllimits-1.9 {
    61     76     set ::str [string repeat A 65537]
    62     77     set ::rep [string repeat B 65537]
    63     78     catchsql { SELECT replace($::str, 'A', $::rep) }
    64     79   } {1 {string or blob too big}}
    65     80   
    66     81   #--------------------------------------------------------------------
    67     82   # Test cases sqllimits-2.* test that the SQLITE_MAX_SQL_LENGTH limit
................................................................................
   433    448     set ::format "[string repeat A 60][string repeat "%J" $::N]"
   434    449     catchsql {
   435    450       SELECT strftime($::format, 1);
   436    451     }
   437    452   } {1 {string or blob too big}}
   438    453   
   439    454   finish_test
   440         -
   441         -

Changes to test/zeroblob.test.

     9      9   #
    10     10   #***********************************************************************
    11     11   # This file implements regression tests for SQLite library.  The
    12     12   # focus of this file is testing of the zero-filled blob functionality
    13     13   # including the sqlite3_bind_zeroblob(), sqlite3_result_zeroblob(),
    14     14   # and the built-in zeroblob() SQL function.
    15     15   #
    16         -# $Id: zeroblob.test,v 1.5 2007/05/30 06:19:33 danielk1977 Exp $
           16  +# $Id: zeroblob.test,v 1.6 2007/06/07 19:08:34 drh Exp $
    17     17   
    18     18   set testdir [file dirname $argv0]
    19     19   source $testdir/tester.tcl
    20     20   
    21     21   ifcapable !incrblob {
    22     22     finish_test
    23     23     return
................................................................................
   147    147   } {{}}
   148    148   do_test zeroblob-5.4 {
   149    149     execsql {
   150    150       SELECT CAST(zeroblob(100) AS BLOB);
   151    151     }
   152    152   } [execsql {SELECT zeroblob(100)}]
   153    153     
          154  +
          155  +# Check for malicious use of zeroblob.  Make sure nothing crashes.
          156  +#
          157  +do_test zeroblob-6.1.1 { 
          158  +  execsql {select zeroblob(-1)} 
          159  +} {{}} 
          160  +do_test zeroblob-6.1.2 { 
          161  +  execsql {select zeroblob(-10)} 
          162  +} {{}} 
          163  +do_test zeroblob-6.1.3 { 
          164  +  execsql {select zeroblob(-100)} 
          165  +} {{}} 
          166  +do_test zeroblob-6.2 { 
          167  +  execsql {select length(zeroblob(-1))} 
          168  +} {0} 
          169  +do_test zeroblob-6.3 { 
          170  +  execsql {select zeroblob(-1)|1} 
          171  +} {1} 
          172  +do_test zeroblob-6.4 { 
          173  +  catchsql {select length(zeroblob(2147483648))} 
          174  +} {1 {string or blob too big}} 
          175  +do_test zeroblob-6.5 { 
          176  +  catchsql {select zeroblob(2147483648)} 
          177  +} {1 {string or blob too big}} 
   154    178   
   155    179   finish_test