SQLite

Check-in [0d71ad4591]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add the SQLITE_MAX_COMPOUND_SELECT compile-time parameter for limiting the number of terms in a compound select statement. Set the default limit to 100. (CVS 4046)
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 0d71ad4591eae9de8749fb2da6455ac661587f7a
User & Date: drh 2007-06-07 10:55:36.000
Context
2007-06-07
15:45
Fix an error in test file sqllimits1.test that was causing a test to fail when SQLITE_MAX_EXPR_DEPTH was defined. (CVS 4047) (check-in: e66aa2c34a user: danielk1977 tags: trunk)
10:55
Add the SQLITE_MAX_COMPOUND_SELECT compile-time parameter for limiting the number of terms in a compound select statement. Set the default limit to 100. (CVS 4046) (check-in: 0d71ad4591 user: drh tags: trunk)
2007-06-02
07:54
Fix a vdbe stack leak that could occur where one side of a WHERE clause inequality evaluated to SQL null. (CVS 4045) (check-in: 17152bf1a2 user: danielk1977 tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/limits.h.
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** 
** This file defines various limits of what SQLite can process.
**
** @(#) $Id: limits.h,v 1.6 2007/05/10 10:46:56 danielk1977 Exp $
*/

/*
** The maximum length of a TEXT or BLOB in bytes.   This also
** limits the size of a row in a table or index.
**
** The hard limit is the ability of a 32-bit signed integer







|







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** 
** This file defines various limits of what SQLite can process.
**
** @(#) $Id: limits.h,v 1.7 2007/06/07 10:55:36 drh Exp $
*/

/*
** The maximum length of a TEXT or BLOB in bytes.   This also
** limits the size of a row in a table or index.
**
** The hard limit is the ability of a 32-bit signed integer
62
63
64
65
66
67
68












69
70
71
72
73
74
75
** expression. A value of 0 (the default) means do not enforce
** any limitation on expression tree depth.
*/
#ifndef SQLITE_MAX_EXPR_DEPTH
# define SQLITE_MAX_EXPR_DEPTH 0
#endif













/*
** The maximum number of opcodes in a VDBE program.
*/
#ifndef SQLITE_MAX_VDBE_OP
# define SQLITE_MAX_VDBE_OP 25000
#endif








>
>
>
>
>
>
>
>
>
>
>
>







62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
** expression. A value of 0 (the default) means do not enforce
** any limitation on expression tree depth.
*/
#ifndef SQLITE_MAX_EXPR_DEPTH
# define SQLITE_MAX_EXPR_DEPTH 0
#endif

/*
** The maximum number of terms in a compound SELECT statement.
** The code generator for compound SELECT statements does one
** level of recursion for each term.  A stack overflow can result
** if the number of terms is too large.  In practice, most SQL
** never has more than 3 or 4 terms.  Use a value of 0 to disable
** any limit on the number of terms in a compount SELECT.
*/
#ifndef SQLITE_MAX_COMPOUND_SELECT
# define SQLITE_MAX_COMPOUND_SELECT 100
#endif

/*
** The maximum number of opcodes in a VDBE program.
*/
#ifndef SQLITE_MAX_VDBE_OP
# define SQLITE_MAX_VDBE_OP 25000
#endif

Changes to src/select.c.
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
**
** $Id: select.c,v 1.349 2007/05/31 08:20:44 danielk1977 Exp $
*/
#include "sqliteInt.h"


/*
** Delete all the content of a Select structure but do not deallocate
** the select structure itself.







|







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
**
** $Id: select.c,v 1.350 2007/06/07 10:55:36 drh Exp $
*/
#include "sqliteInt.h"


/*
** Delete all the content of a Select structure but do not deallocate
** the select structure itself.
2866
2867
2868
2869
2870
2871
2872

2873
2874




2875
2876
2877
2878
2879
2880
2881

#ifndef SQLITE_OMIT_COMPOUND_SELECT
  /* If there is are a sequence of queries, do the earlier ones first.
  */
  if( p->pPrior ){
    if( p->pRightmost==0 ){
      Select *pLoop;

      for(pLoop=p; pLoop; pLoop=pLoop->pPrior){
        pLoop->pRightmost = p;




      }
    }
    return multiSelect(pParse, p, eDest, iParm, aff);
  }
#endif

  pOrderBy = p->pOrderBy;







>
|

>
>
>
>







2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886

#ifndef SQLITE_OMIT_COMPOUND_SELECT
  /* If there is are a sequence of queries, do the earlier ones first.
  */
  if( p->pPrior ){
    if( p->pRightmost==0 ){
      Select *pLoop;
      int cnt = 0;
      for(pLoop=p; pLoop; pLoop=pLoop->pPrior, cnt++){
        pLoop->pRightmost = p;
      }
      if( SQLITE_MAX_COMPOUND_SELECT>0 && cnt>SQLITE_MAX_COMPOUND_SELECT ){
        sqlite3ErrorMsg(pParse, "too many terms in compound SELECT");
        return 1;
      }
    }
    return multiSelect(pParse, p, eDest, iParm, aff);
  }
#endif

  pOrderBy = p->pOrderBy;
Changes to src/test_config.c.
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
** 
** This file contains code used for testing the SQLite system.
** None of the code in this file goes into a deliverable build.
** 
** The focus of this file is providing the TCL testing layer
** access to compile-time constants.
**
** $Id: test_config.c,v 1.5 2007/05/17 16:38:30 danielk1977 Exp $
*/
#include "sqliteInt.h"
#include "tcl.h"
#include "os.h"
#include <stdlib.h>
#include <string.h>








|







12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
** 
** This file contains code used for testing the SQLite system.
** None of the code in this file goes into a deliverable build.
** 
** The focus of this file is providing the TCL testing layer
** access to compile-time constants.
**
** $Id: test_config.c,v 1.6 2007/06/07 10:55:36 drh Exp $
*/
#include "sqliteInt.h"
#include "tcl.h"
#include "os.h"
#include <stdlib.h>
#include <string.h>

388
389
390
391
392
393
394





395
396
397
398
399
400
401
           (char*)&sqlite_max_sql_length, TCL_LINK_INT|TCL_LINK_READ_ONLY);
  }
  {
    static int sqlite_max_expr_depth = SQLITE_MAX_EXPR_DEPTH;
    Tcl_LinkVar(interp, "SQLITE_MAX_EXPR_DEPTH",
           (char*)&sqlite_max_expr_depth, TCL_LINK_INT|TCL_LINK_READ_ONLY);
  }





  {
    static int sqlite_max_vdbe_op = SQLITE_MAX_VDBE_OP;
    Tcl_LinkVar(interp, "SQLITE_MAX_VDBE_OP",
           (char*)&sqlite_max_vdbe_op, TCL_LINK_INT|TCL_LINK_READ_ONLY);
  }
  {
    static int sqlite_max_function_arg = SQLITE_MAX_FUNCTION_ARG;







>
>
>
>
>







388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
           (char*)&sqlite_max_sql_length, TCL_LINK_INT|TCL_LINK_READ_ONLY);
  }
  {
    static int sqlite_max_expr_depth = SQLITE_MAX_EXPR_DEPTH;
    Tcl_LinkVar(interp, "SQLITE_MAX_EXPR_DEPTH",
           (char*)&sqlite_max_expr_depth, TCL_LINK_INT|TCL_LINK_READ_ONLY);
  }
  {
    static int sqlite_max_compound_select = SQLITE_MAX_COMPOUND_SELECT;
    Tcl_LinkVar(interp, "SQLITE_MAX_COMPOUND_SELECT",
           (char*)&sqlite_max_compound_select, TCL_LINK_INT|TCL_LINK_READ_ONLY);
  }
  {
    static int sqlite_max_vdbe_op = SQLITE_MAX_VDBE_OP;
    Tcl_LinkVar(interp, "SQLITE_MAX_VDBE_OP",
           (char*)&sqlite_max_vdbe_op, TCL_LINK_INT|TCL_LINK_READ_ONLY);
  }
  {
    static int sqlite_max_function_arg = SQLITE_MAX_FUNCTION_ARG;
Changes to test/select7.test.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this file is testing compute SELECT statements and nested
# views.
#
# $Id: select7.test,v 1.9 2007/05/09 22:56:39 drh Exp $


set testdir [file dirname $argv0]
source $testdir/tester.tcl

ifcapable compound {













|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this file is testing compute SELECT statements and nested
# views.
#
# $Id: select7.test,v 1.10 2007/06/07 10:55:36 drh Exp $


set testdir [file dirname $argv0]
source $testdir/tester.tcl

ifcapable compound {

130
131
132
133
134
135
136
137



















138
  do_test select7-5.4 {
    catchsql {
      SELECT 5 IN (SELECT * FROM t2 UNION SELECT * FROM t2);
    }
  } [list 1 \
     {only a single result allowed for a SELECT that is part of an expression}]
}




















finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
  do_test select7-5.4 {
    catchsql {
      SELECT 5 IN (SELECT * FROM t2 UNION SELECT * FROM t2);
    }
  } [list 1 \
     {only a single result allowed for a SELECT that is part of an expression}]
}

# Verify that an error occurs if you have too many terms on a
# compound select statement.
#
if {$SQLITE_MAX_COMPOUND_SELECT>0} {
  set sql {SELECT 0}
  set result 0
  for {set i 1} {$i<$SQLITE_MAX_COMPOUND_SELECT} {incr i} {
    append sql " UNION ALL SELECT $i"
    lappend result $i
  }
  do_test select7-6.1 {
    catchsql $sql
  } [list 0 $result]
  append sql { UNION ALL SELECT 99999999}
  do_test select7-6.2 {
    catchsql $sql
  } {1 {too many terms in compound SELECT}}
}

finish_test