Index: src/expr.c ================================================================== --- src/expr.c +++ src/expr.c @@ -10,11 +10,11 @@ ** ************************************************************************* ** This file contains routines used for analyzing expressions and ** for generating VDBE code that evaluates expressions in SQLite. ** -** $Id: expr.c,v 1.289 2007/05/10 10:46:56 danielk1977 Exp $ +** $Id: expr.c,v 1.290 2007/05/11 00:20:08 drh Exp $ */ #include "sqliteInt.h" #include /* @@ -278,13 +278,14 @@ */ Expr *sqlite3RegisterExpr(Parse *pParse, Token *pToken){ Vdbe *v = pParse->pVdbe; Expr *p; int depth; + static const Token zeroToken = { (u8*)"0", 0, 1 }; if( pParse->nested==0 ){ sqlite3ErrorMsg(pParse, "near \"%T\": syntax error", pToken); - return 0; + return sqlite3Expr(TK_INTEGER, 0, 0, &zeroToken); } if( v==0 ) return 0; p = sqlite3Expr(TK_REGISTER, 0, 0, pToken); if( p==0 ){ return 0; /* Malloc failed */ Index: test/fuzz.test ================================================================== --- test/fuzz.test +++ test/fuzz.test @@ -1,7 +1,6 @@ - -# 2001 September 15 +# 2007 May 10 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: # # May you do good and not evil. @@ -8,13 +7,15 @@ # May you find forgiveness for yourself and forgive others. # May you share freely, never taking more than you give. # #*********************************************************************** # This file implements regression tests for SQLite library. The -# focus of this file is testing the SELECT statement. +# focus of this file is generating semi-random strings of SQL +# (a.k.a. "fuzz") and sending it into the parser to try to generate +# errors. # -# $Id: fuzz.test,v 1.3 2007/05/10 17:38:57 danielk1977 Exp $ +# $Id: fuzz.test,v 1.4 2007/05/11 00:20:08 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl proc fuzz {TemplateList} { @@ -193,6 +194,5 @@ set e } {1} } finish_test - ADDED test/fuzz2.test Index: test/fuzz2.test ================================================================== --- /dev/null +++ test/fuzz2.test @@ -0,0 +1,97 @@ +# 2007 May 10 +# +# The author disclaims copyright to this source code. In place of +# a legal notice, here is a blessing: +# +# May you do good and not evil. +# May you find forgiveness for yourself and forgive others. +# May you share freely, never taking more than you give. +# +#*********************************************************************** +# This file implements regression tests for SQLite library. +# +# This file checks error recovery from malformed SQL strings. +# +# $Id: fuzz2.test,v 1.1 2007/05/11 00:20:08 drh Exp $ + +set testdir [file dirname $argv0] +source $testdir/tester.tcl + +do_test fuzz2-1.1 { + catchsql {SELECT ALL "AAAAAA" . * GROUP BY LIMIT round(1), #12} +} {1 {near "#12": syntax error}} +do_test fuzz2-2.0 { + catchsql {SELECT + #100} +} {1 {near "#100": syntax error}} +do_test fuzz2-2.1 { + catchsql {SELECT 1 WHERE ( #61 NOT MATCH ROUND( 1 ) )} +} {1 {near "#61": syntax error}} +do_test fuzz2-2.2 { + catchsql {SELECT 1 LIMIT NOT #59 COLLATE AAAAAA NOT IN + ( "AAAAAA" NOTNULL <= x'414141414141' IS NULL , ( ROUND ( 1.0 ) ) )} +} {1 {no such collation sequence: AAAAAA}} +do_test fuzz2-2.3 { + catchsql {INSERT OR REPLACE INTO AAAAAA . "AAAAAA" ( "AAAAAA" ) SELECT DISTINCT * , ( SELECT #252 IN ( SELECT DISTINCT AAAAAA . * ) )} +} {1 {near "#252": syntax error}} +do_test fuzz2-2.4 { + catchsql {SELECT 1 LIMIT NOT #59 COLLATE AAAAAA NOT IN round(1.0)} +} {1 {near "(": syntax error}} +do_test fuzz2-2.5 { + catchsql {SELECT( #239 )} +} {1 {near "#239": syntax error}} +do_test fuzz2-2.6 { + catchsql {DELETE FROM AAAAAA WHERE #65 NOT NULL} +} {1 {near "#65": syntax error}} +do_test fuzz2-2.7 { + catchsql {ATTACH ROUND( 1.0 ) in AAAAAA . "AAAAAA" AS #122 ISNULL} +} {1 {invalid name: "ROUND( 1.0 ) in AAAAAA . "AAAAAA""}} +do_test fuzz2-2.8 { + catchsql {SELECT 1 LIMIT #122 ISNULL} +} {1 {near "#122": syntax error}} +do_test fuzz2-2.9 { + catchsql {CREATE VIEW AAAAAA . "AAAAAA" AS SELECT DISTINCT #162 IS NULL "AAAAAA"} +} {1 {unknown database AAAAAA}} +do_test fuzz2-2.10 { + catchsql {DELETE FROM AAAAAA WHERE #202 IS NOT NULL ISNULL} +} {1 {near "#202": syntax error}} +do_test fuzz2-2.11 { + catchsql {UPDATE OR IGNORE "AAAAAA" . "AAAAAA" SET "AAAAAA" = NOT #96} +} {1 {near "#96": syntax error}} +do_test fuzz2-2.12 { + catchsql {SELECT - #196} +} {1 {near "#196": syntax error}} +do_test fuzz2-3.0 { + catchsql {CREATE TRIGGER "AAAAAA" . "AAAAAA" AFTER UPDATE OF "AAAAAA" , "AAAAAA" ON "AAAAAA" . "AAAAAA" FOR EACH ROW BEGIN UPDATE AAAAAA SET "AAAAAA" = #162; END} +} {1 {near "#162": syntax error}} +do_test fuzz2-3.1 { + catchsql {CREATE TRIGGER IF NOT EXISTS "AAAAAA" UPDATE ON "AAAAAA" . AAAAAA FOR EACH ROW BEGIN DELETE FROM "AAAAAA" ; INSERT INTO AAAAAA ( "AAAAAA" ) SELECT DISTINCT "AAAAAA" "AAAAAA" , #167 AAAAAA , "AAAAAA" . * ORDER BY "AAAAAA" ASC , x'414141414141' BETWEEN RAISE ( FAIL , "AAAAAA" ) AND AAAAAA ( * ) NOT NULL DESC LIMIT AAAAAA ; REPLACE INTO AAAAAA ( AAAAAA ) VALUES ( AAAAAA ( * ) ) ; END} +} {1 {near "#167": syntax error}} +do_test fuzz2-3.2 { + catchsql {CREATE TEMP TRIGGER IF NOT EXISTS AAAAAA . "AAAAAA" BEFORE UPDATE OF "AAAAAA" ON AAAAAA . "AAAAAA" BEGIN SELECT ALL * , #175 "AAAAAA" FROM "AAAAAA" . AAAAAA; END} +} {1 {near "#175": syntax error}} +do_test fuzz2-4.0 { + catchsql {ATTACH DATABASE #168 AS whatever} +} {1 {near "#168": syntax error}} +do_test fuzz2-4.1 { + catchsql {DETACH #133} +} {1 {near "#133": syntax error}} +do_test fuzz2-5.0 { + catchsql {SELECT 1 LIMIT ( SELECT DISTINCT * , AAAAAA , * , AAAAAA , "AAAAAA" . * FROM "AAAAAA" ON ROUND( 1 ) COLLATE AAAAAA OR "AAAAAA" USING ( AAAAAA , "AAAAAA" ) WHERE ROUND( 1 ) GROUP BY ORDER BY #84 ASC , #44 DESC , ( SELECT "AAAAAA" . * , "AAAAAA" . * FROM , ( ) "AAAAAA" USING ( )} +} {1 {near ",": syntax error}} +do_test fuzz2-5.1 { + catchsql {SELECT 1 WHERE 1 == AAAAAA ( * ) BETWEEN + - ~ + "AAAAAA" . AAAAAA | RAISE ( IGNORE ) COLLATE AAAAAA NOT IN ( SELECT DISTINCT "AAAAAA" . * , * , * WHERE ( SELECT ALL AAAAAA AS "AAAAAA" HAVING CAST ( "AAAAAA" . "AAAAAA" . "AAAAAA" AS AAAAAA ) ORDER BY , , IS NULL ASC , ~ AND DESC LIMIT ( ( "AAAAAA" ) NOT BETWEEN ( ) NOT IN ( ) AND AAAAAA ( ) IS NOT NULL ) OFFSET AAAAAA ( ALL , , ) ) GROUP BY ORDER BY "AAAAAA" . AAAAAA ASC , NULL IN ( SELECT UNION ALL SELECT ALL WHERE HAVING ORDER BY LIMIT UNION SELECT DISTINCT FROM ( ) WHERE + HAVING >> ORDER BY LIMIT . . , "AAAAAA" ) , CAST ( ~ "AAAAAA" . AAAAAA AS "AAAAAA" AAAAAA "AAAAAA" ( + 4294967295 , - 4294967296.0 ) ) ASC LIMIT AAAAAA INTERSECT SELECT ALL * GROUP BY , AAAAAA ( DISTINCT , ) != #241 NOT IN ( , , ) , , CTIME_KW HAVING AAAAAA ORDER BY #103 DESC , #81 ASC LIMIT AAAAAA OFFSET ~ AAAAAA ( ALL AAAAAA . AAAAAA >= AAAAAA . "AAAAAA" . "AAAAAA" ) ) NOTNULL NOT NULL} +} {1 {near "#81": syntax error}} +do_test fuzz2-5.2 { + catchsql {SELECT 1 WHERE 1 == AAAAAA ( * ) BETWEEN + - ~ + "AAAAAA" . AAAAAA | RAISE ( IGNORE ) COLLATE AAAAAA NOT IN ( SELECT DISTINCT "AAAAAA" . * , * , * WHERE ( SELECT ALL AAAAAA AS "AAAAAA" HAVING CAST ( "AAAAAA" . "AAAAAA" . "AAAAAA" AS AAAAAA ) ORDER BY , , IS NULL ASC , ~ AND DESC LIMIT ( ( "AAAAAA" ) NOT BETWEEN ( ) NOT IN ( ) AND AAAAAA ( ) IS NOT NULL ) OFFSET AAAAAA ( ALL , , ) ) GROUP BY ORDER BY "AAAAAA" . AAAAAA ASC , NULL IN ( SELECT UNION ALL SELECT ALL WHERE HAVING ORDER BY LIMIT UNION SELECT DISTINCT FROM ( ) WHERE + HAVING >> ORDER BY LIMIT . . , "AAAAAA" ) , CAST ( ~ "AAAAAA" . AAAAAA AS "AAAAAA" AAAAAA "AAAAAA" ( + 4294967295 , - 4294967296.0 ) ) ASC LIMIT AAAAAA INTERSECT SELECT ALL * GROUP BY , AAAAAA ( DISTINCT , ) != #241 NOT IN ( , , ) , , CTIME_KW HAVING AAAAAA ORDER BY #103 DESC , #81 ASC LIMIT AAAAAA OFFSET ~ AAAAAA ( ALL AAAAAA . AAAAAA >= AAAAAA . "AAAAAA" . "AAAAAA" ) ) NOTNULL NOT NULL} +} {1 {near "#81": syntax error}} +do_test fuzz2-5.3 { + catchsql {UPDATE "AAAAAA" SET "AAAAAA" = - EXISTS ( SELECT DISTINCT * , * ORDER BY #202 ASC , #147 , ~ AAAAAA . "AAAAAA" ASC LIMIT AAAAAA . "AAAAAA" , RAISE ( ABORT , AAAAAA ) UNION ALL SELECT DISTINCT AAAAAA . * , * FROM ( SELECT DISTINCT} +} {1 {near "DISTINCT": syntax error}} +do_test fuzz2-5.4 { + catchsql {REPLACE INTO AAAAAA SELECT DISTINCT "AAAAAA" . * WHERE AAAAAA ( AAAAAA ( ) ) GROUP BY AAAAAA . AAAAAA . "AAAAAA" IN "AAAAAA" | AAAAAA ( ALL , ) ORDER BY #238, #92 DESC LIMIT 0 OFFSET - RAISE ( IGNORE ) NOT NULL > RAISE ( IGNORE ) IS NULL} +} {1 {near "#92": syntax error}} +do_test fuzz2-5.5 { + catchsql {SELECT ALL * GROUP BY EXISTS ( SELECT "AAAAAA" . * , AAAAAA ( * ) AS AAAAAA FROM "AAAAAA" . "AAAAAA" AS "AAAAAA" USING ( AAAAAA , "AAAAAA" , "AAAAAA" ) WHERE AAAAAA ( DISTINCT ) - RAISE ( FAIL , "AAAAAA" ) HAVING "AAAAAA" . "AAAAAA" . AAAAAA ORDER BY #182 , #55 ) BETWEEN EXISTS ( SELECT ALL * FROM ( ( } +} {1 {near " ": syntax error}} + +finish_test