/ Check-in [205d85d7]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a segfault in the authorizer when it is given a SELECT statement with no FROM clause. Ticket #896. (CVS 1953)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | version_2
Files: files | file ages | folders
SHA1: 205d85d77e8f0c9a1d841129601847235052d59f
User & Date: drh 2004-09-09 13:54:30
Context
2004-10-01
15:11
Fix for ticket #905. (CVS 1995) check-in: bf90799d user: drh tags: version_2
2004-09-09
13:54
Fix a segfault in the authorizer when it is given a SELECT statement with no FROM clause. Ticket #896. (CVS 1953) check-in: 205d85d7 user: drh tags: version_2
2004-08-28
14:53
Correct handling of quoted names in CREATE INDEX. Ticket #869. (CVS 1907) check-in: b01d5665 user: drh tags: version_2
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/auth.c.

    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains code used to implement the sqlite_set_authorizer()
    13     13   ** API.  This facility is an optional feature of the library.  Embedded
    14     14   ** systems that do not need this facility may omit it by recompiling
    15     15   ** the library with -DSQLITE_OMIT_AUTHORIZATION=1
    16     16   **
    17         -** $Id: auth.c,v 1.12.2.1 2004/06/14 11:58:37 drh Exp $
           17  +** $Id: auth.c,v 1.12.2.2 2004/09/09 13:54:30 drh Exp $
    18     18   */
    19     19   #include "sqliteInt.h"
    20     20   
    21     21   /*
    22     22   ** All of the code in this file may be omitted by defining a single
    23     23   ** macro.
    24     24   */
................................................................................
   107    107   ){
   108    108     sqlite *db = pParse->db;
   109    109     int rc;
   110    110     Table *pTab;          /* The table being read */
   111    111     const char *zCol;     /* Name of the column of the table */
   112    112     int iSrc;             /* Index in pTabList->a[] of table being read */
   113    113     const char *zDBase;   /* Name of database being accessed */
          114  +  TriggerStack *pStack; /* The stack of current triggers */
   114    115   
   115    116     if( db->xAuth==0 ) return;
   116    117     assert( pExpr->op==TK_COLUMN );
   117    118     for(iSrc=0; iSrc<pTabList->nSrc; iSrc++){
   118    119       if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
   119    120     }
   120    121     if( iSrc>=0 && iSrc<pTabList->nSrc ){
   121    122       pTab = pTabList->a[iSrc].pTab;
   122         -  }else{
          123  +  }else if( (pStack = pParse->trigStack)!=0 ){
   123    124       /* This must be an attempt to read the NEW or OLD pseudo-tables
   124    125       ** of a trigger.
   125    126       */
   126         -    TriggerStack *pStack; /* The stack of current triggers */
   127         -    pStack = pParse->trigStack;
   128         -    assert( pStack!=0 );
   129    127       assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx );
   130    128       pTab = pStack->pTab;
          129  +  }else{
          130  +    return;
   131    131     }
   132    132     if( pTab==0 ) return;
   133    133     if( pExpr->iColumn>=0 ){
   134    134       assert( pExpr->iColumn<pTab->nCol );
   135    135       zCol = pTab->aCol[pExpr->iColumn].zName;
   136    136     }else if( pTab->iPKey>=0 ){
   137    137       assert( pTab->iPKey<pTab->nCol );

Changes to test/auth.test.

     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #***********************************************************************
    11     11   # This file implements regression tests for SQLite library.  The
    12     12   # focus of this script is testing the ATTACH and DETACH commands
    13     13   # and related functionality.
    14     14   #
    15         -# $Id: auth.test,v 1.12 2003/12/07 00:24:35 drh Exp $
           15  +# $Id: auth.test,v 1.12.2.1 2004/09/09 13:54:31 drh Exp $
    16     16   #
    17     17   
    18     18   set testdir [file dirname $argv0]
    19     19   source $testdir/tester.tcl
    20     20   
    21     21   # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
    22     22   # defined during compilation.
................................................................................
    32     32     }
    33     33     db authorizer ::auth
    34     34     catchsql {CREATE TABLE t1(a,b,c)}
    35     35   } {1 {not authorized}}
    36     36   do_test auth-1.1.2 {
    37     37     db errorcode
    38     38   } {23}
           39  +do_test auth-1.1.3 {
           40  +  # Ticket #896.
           41  +  catchsql {
           42  +    SELECT x;
           43  +  }
           44  +} {1 {no such column: x}}
    39     45   do_test auth-1.2 {
    40     46     execsql {SELECT name FROM sqlite_master}
    41     47   } {}
    42     48   do_test auth-1.3.1 {
    43     49     proc auth {code arg1 arg2 arg3 arg4} {
    44     50       if {$code=="SQLITE_CREATE_TABLE"} {
    45     51         set ::authargs [list $arg1 $arg2 $arg3 $arg4]