Index: src/alter.c ================================================================== --- src/alter.c +++ src/alter.c @@ -10,11 +10,11 @@ ** ************************************************************************* ** This file contains C code routines that used to generate VDBE code ** that implements the ALTER TABLE command. ** -** $Id: alter.c,v 1.22 2006/09/08 12:27:37 drh Exp $ +** $Id: alter.c,v 1.23 2007/05/08 12:37:46 danielk1977 Exp $ */ #include "sqliteInt.h" #include /* @@ -55,10 +55,15 @@ ** statement is that the table name is the first token that is immediatedly ** followed by a left parenthesis - TK_LP. */ if( zSql ){ do { + if( !*zCsr ){ + /* Ran out of input before finding an opening bracket. Return NULL. */ + return; + } + /* Store the token that zCsr points to in tname. */ tname.z = zCsr; tname.n = len; /* Advance zCsr to the next token. Store that token type in 'token', @@ -105,10 +110,16 @@ ** preceded by either TK_ON or TK_DOT and immediatedly followed by one ** of TK_WHEN, TK_BEGIN or TK_FOR. */ if( zSql ){ do { + + if( !*zCsr ){ + /* Ran out of input before finding the table name. Return NULL. */ + return; + } + /* Store the token that zCsr points to in tname. */ tname.z = zCsr; tname.n = len; /* Advance zCsr to the next token. Store that token type in 'token', Index: test/alter.test ================================================================== --- test/alter.test +++ test/alter.test @@ -9,11 +9,11 @@ # #************************************************************************* # This file implements regression tests for SQLite library. The # focus of this script is testing the ALTER TABLE statement. # -# $Id: alter.test,v 1.19 2007/04/06 02:32:34 drh Exp $ +# $Id: alter.test,v 1.20 2007/05/08 12:37:46 danielk1977 Exp $ # set testdir [file dirname $argv0] source $testdir/tester.tcl @@ -647,8 +647,25 @@ do_test alter-8.2 { execsql { SELECT a, sum(b) FROM t2 GROUP BY a; } } {1 18 2 9} + +#-------------------------------------------------------------------------- +# alter-9.X - Special test: Make sure the sqlite_rename_trigger() and +# rename_table() functions do not crash when handed bad input. +# +ifcapable trigger { + do_test alter-9.1 { + execsql {SELECT SQLITE_RENAME_TRIGGER(0,0)} + } {{}} +} +do_test alter-9.2 { + execsql { + SELECT SQLITE_RENAME_TABLE(0,0); + SELECT SQLITE_RENAME_TABLE(10,20); + SELECT SQLITE_RENAME_TABLE("foo", "foo"); + } +} {{} {} {}} finish_test