SQLite

Check-in [c2f90b465e]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not crash in the internal functions sqlite_rename_table() or sqlite_rename_trigger() if they are somehow passed unexpected input. (CVS 3944)
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: c2f90b465e37ea49c9e44415f6461e4f636bb64f
User & Date: danielk1977 2007-05-08 12:37:46.000
Context
2007-05-08
13:57
Avoid evaluating (INT_MIN/-1) with 32 bit signed numbers. It can cause SIGFPE. (CVS 3945) (check-in: 2f186e916c user: danielk1977 tags: trunk)
12:37
Do not crash in the internal functions sqlite_rename_table() or sqlite_rename_trigger() if they are somehow passed unexpected input. (CVS 3944) (check-in: c2f90b465e user: danielk1977 tags: trunk)
12:12
Begin adding code to explicitly limit the size of strings and blobs. (CVS 3943) (check-in: 031a5915b6 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/alter.c. 
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that used to generate VDBE code
** that implements the ALTER TABLE command.
**
** $Id: alter.c,v 1.22 2006/09/08 12:27:37 drh Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>

/*
** The code in this file only exists if we are not omitting the
** ALTER TABLE logic from the build.








|








8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that used to generate VDBE code
** that implements the ALTER TABLE command.
**
** $Id: alter.c,v 1.23 2007/05/08 12:37:46 danielk1977 Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>

/*
** The code in this file only exists if we are not omitting the
** ALTER TABLE logic from the build.

53
54
55
56
57
58
59





60
61
62
63
64
65
66


  /* The principle used to locate the table name in the CREATE TABLE 
  ** statement is that the table name is the first token that is immediatedly
  ** followed by a left parenthesis - TK_LP.
  */
  if( zSql ){
    do {





      /* Store the token that zCsr points to in tname. */
      tname.z = zCsr;
      tname.n = len;

      /* Advance zCsr to the next token. Store that token type in 'token',
      ** and it's length in 'len' (to be used next iteration of this loop).
      */








>
>
>
>
>








53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71


  /* The principle used to locate the table name in the CREATE TABLE 
  ** statement is that the table name is the first token that is immediatedly
  ** followed by a left parenthesis - TK_LP.
  */
  if( zSql ){
    do {
      if( !*zCsr ){
        /* Ran out of input before finding an opening bracket. Return NULL. */
        return;
      }

      /* Store the token that zCsr points to in tname. */
      tname.z = zCsr;
      tname.n = len;

      /* Advance zCsr to the next token. Store that token type in 'token',
      ** and it's length in 'len' (to be used next iteration of this loop).
      */

103
104
105
106
107
108
109






110
111
112
113
114
115
116

  /* The principle used to locate the table name in the CREATE TRIGGER 
  ** statement is that the table name is the first token that is immediatedly
  ** preceded by either TK_ON or TK_DOT and immediatedly followed by one
  ** of TK_WHEN, TK_BEGIN or TK_FOR.
  */
  if( zSql ){
    do {






      /* Store the token that zCsr points to in tname. */
      tname.z = zCsr;
      tname.n = len;

      /* Advance zCsr to the next token. Store that token type in 'token',
      ** and it's length in 'len' (to be used next iteration of this loop).
      */








>
>
>
>
>
>








108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

  /* The principle used to locate the table name in the CREATE TRIGGER 
  ** statement is that the table name is the first token that is immediatedly
  ** preceded by either TK_ON or TK_DOT and immediatedly followed by one
  ** of TK_WHEN, TK_BEGIN or TK_FOR.
  */
  if( zSql ){
    do {

      if( !*zCsr ){
        /* Ran out of input before finding the table name. Return NULL. */
        return;
      }

      /* Store the token that zCsr points to in tname. */
      tname.z = zCsr;
      tname.n = len;

      /* Advance zCsr to the next token. Store that token type in 'token',
      ** and it's length in 'len' (to be used next iteration of this loop).
      */
Changes to test/alter.test. 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

# 2004 November 10
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#*************************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this script is testing the ALTER TABLE statement.
#
# $Id: alter.test,v 1.19 2007/04/06 02:32:34 drh Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# If SQLITE_OMIT_ALTERTABLE is defined, omit this file.
ifcapable !altertable {














|








1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

# 2004 November 10
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#*************************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this script is testing the ALTER TABLE statement.
#
# $Id: alter.test,v 1.20 2007/05/08 12:37:46 danielk1977 Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# If SQLITE_OMIT_ALTERTABLE is defined, omit this file.
ifcapable !altertable {

645
646
647
648
649
650
651

















652
653
654

  }
} {27}
do_test alter-8.2 {
  execsql {
    SELECT a, sum(b) FROM t2 GROUP BY a;
  }
} {1 18 2 9}



















finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671

  }
} {27}
do_test alter-8.2 {
  execsql {
    SELECT a, sum(b) FROM t2 GROUP BY a;
  }
} {1 18 2 9}

#--------------------------------------------------------------------------
# alter-9.X - Special test: Make sure the sqlite_rename_trigger() and
# rename_table() functions do not crash when handed bad input.
#
ifcapable trigger {
  do_test alter-9.1 {
    execsql {SELECT SQLITE_RENAME_TRIGGER(0,0)}
  } {{}}
}
do_test alter-9.2 {
    execsql {
    SELECT SQLITE_RENAME_TABLE(0,0);
    SELECT SQLITE_RENAME_TABLE(10,20);
    SELECT SQLITE_RENAME_TABLE("foo", "foo");
  }
} {{} {} {}}


finish_test