/ Check-in [2c9c94a2]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add code to enforce the MAX_EXPR_DEPTH limit. (CVS 3968)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 2c9c94a24d52a1c9f5d1b32cbdff794a2dd74126
User & Date: danielk1977 2007-05-10 10:46:56
Context
2007-05-10
11:43
Another test for overflow in strftime(). It was not broken. (CVS 3969) check-in: 5800d032 user: danielk1977 tags: trunk
10:46
Add code to enforce the MAX_EXPR_DEPTH limit. (CVS 3968) check-in: 2c9c94a2 user: danielk1977 tags: trunk
2007-05-09
22:56
Make sure compound queries inside a subquery only return a single result column. Ticket #2347. (CVS 3967) check-in: 66954bdd user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/expr.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains routines used for analyzing expressions and
    13     13   ** for generating VDBE code that evaluates expressions in SQLite.
    14     14   **
    15         -** $Id: expr.c,v 1.288 2007/05/09 11:37:23 danielk1977 Exp $
           15  +** $Id: expr.c,v 1.289 2007/05/10 10:46:56 danielk1977 Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   #include <ctype.h>
    19     19   
    20     20   /*
    21     21   ** Return the 'affinity' of the expression pExpr if any.
    22     22   **
................................................................................
   243    243         }
   244    244       }
   245    245       if( pLeft->flags & EP_ExpCollate ){
   246    246         pNew->flags |= EP_ExpCollate;
   247    247         pNew->pColl = pLeft->pColl;
   248    248       }
   249    249     }
          250  +
          251  +  sqlite3ExprSetHeight(pNew);
   250    252     return pNew;
   251    253   }
   252    254   
   253    255   /*
   254    256   ** Works like sqlite3Expr() but frees its pLeft and pRight arguments
   255    257   ** if it fails due to a malloc problem.
   256    258   */
................................................................................
   339    341       return 0;
   340    342     }
   341    343     pNew->op = TK_FUNCTION;
   342    344     pNew->pList = pList;
   343    345     assert( pToken->dyn==0 );
   344    346     pNew->token = *pToken;
   345    347     pNew->span = pNew->token;
          348  +
          349  +  sqlite3ExprSetHeight(pNew);
   346    350     return pNew;
   347    351   }
   348    352   
   349    353   /*
   350    354   ** Assign a variable number to an expression that encodes a wildcard
   351    355   ** in the original SQL statement.  
   352    356   **
................................................................................
   474    478     }
   475    479     pNew->span.z = 0;
   476    480     pNew->pLeft = sqlite3ExprDup(p->pLeft);
   477    481     pNew->pRight = sqlite3ExprDup(p->pRight);
   478    482     pNew->pList = sqlite3ExprListDup(p->pList);
   479    483     pNew->pSelect = sqlite3SelectDup(p->pSelect);
   480    484     pNew->pTab = p->pTab;
          485  +#if SQLITE_MAX_EXPR_DEPTH>0
          486  +  pNew->nHeight = p->nHeight;
          487  +#endif
   481    488     return pNew;
   482    489   }
   483    490   void sqlite3TokenCopy(Token *pTo, Token *pFrom){
   484    491     if( pTo->dyn ) sqliteFree((char*)pTo->z);
   485    492     if( pFrom->z ){
   486    493       pTo->n = pFrom->n;
   487    494       pTo->z = (u8*)sqliteStrNDup((char*)pFrom->z, pFrom->n);
................................................................................
   667    674     const char *zObject
   668    675   ){
   669    676     if( pEList && pEList->nExpr>iLimit ){
   670    677       sqlite3ErrorMsg(pParse, "too many columns in %s", zObject);
   671    678     }
   672    679   }
   673    680   
          681  +
          682  +#if SQLITE_MAX_EXPR_DEPTH>0
          683  +/* The following three functions, heightOfExpr(), heightOfExprList()
          684  +** and heightOfSelect(), are used to determine the maximum height
          685  +** of any expression tree referenced by the structure passed as the
          686  +** first argument.
          687  +**
          688  +** If this maximum height is greater than the current value pointed
          689  +** to by pnHeight, the second parameter, then set *pnHeight to that
          690  +** value.
          691  +*/
          692  +static void heightOfExpr(Expr *p, int *pnHeight){
          693  +  if( p ){
          694  +    if( p->nHeight>*pnHeight ){
          695  +      *pnHeight = p->nHeight;
          696  +    }
          697  +  }
          698  +}
          699  +static void heightOfExprList(ExprList *p, int *pnHeight){
          700  +  if( p ){
          701  +    int i;
          702  +    for(i=0; i<p->nExpr; i++){
          703  +      heightOfExpr(p->a[i].pExpr, pnHeight);
          704  +    }
          705  +  }
          706  +}
          707  +static void heightOfSelect(Select *p, int *pnHeight){
          708  +  if( p ){
          709  +    heightOfExpr(p->pWhere, pnHeight);
          710  +    heightOfExpr(p->pHaving, pnHeight);
          711  +    heightOfExpr(p->pLimit, pnHeight);
          712  +    heightOfExpr(p->pOffset, pnHeight);
          713  +    heightOfExprList(p->pEList, pnHeight);
          714  +    heightOfExprList(p->pGroupBy, pnHeight);
          715  +    heightOfExprList(p->pOrderBy, pnHeight);
          716  +    heightOfSelect(p->pPrior, pnHeight);
          717  +  }
          718  +}
          719  +
          720  +/*
          721  +** Set the Expr.nHeight variable in the structure passed as an 
          722  +** argument. An expression with no children, Expr.pList or 
          723  +** Expr.pSelect member has a height of 1. Any other expression
          724  +** has a height equal to the maximum height of any other 
          725  +** referenced Expr plus one.
          726  +*/
          727  +void sqlite3ExprSetHeight(Expr *p){
          728  +  int nHeight = 0;
          729  +  heightOfExpr(p->pLeft, &nHeight);
          730  +  heightOfExpr(p->pRight, &nHeight);
          731  +  heightOfExprList(p->pList, &nHeight);
          732  +  heightOfSelect(p->pSelect, &nHeight);
          733  +  p->nHeight = nHeight + 1;
          734  +}
          735  +
          736  +/*
          737  +** Return the maximum height of any expression tree referenced
          738  +** by the select statement passed as an argument.
          739  +*/
          740  +int sqlite3SelectExprHeight(Select *p){
          741  +  int nHeight = 0;
          742  +  heightOfSelect(p, &nHeight);
          743  +  return nHeight;
          744  +}
          745  +#endif
          746  +
   674    747   /*
   675    748   ** Delete an entire expression list.
   676    749   */
   677    750   void sqlite3ExprListDelete(ExprList *pList){
   678    751     int i;
   679    752     struct ExprList_item *pItem;
   680    753     if( pList==0 ) return;
................................................................................
  1331   1404   ** usage.  Make sure all function names are recognized and all functions
  1332   1405   ** have the correct number of arguments.  Leave an error message
  1333   1406   ** in pParse->zErrMsg if anything is amiss.  Return the number of errors.
  1334   1407   **
  1335   1408   ** If the expression contains aggregate functions then set the EP_Agg
  1336   1409   ** property on the expression.
  1337   1410   */
  1338         -int sqlite3ExprResolveNames(
         1411  +int sqlite3ExprResolveNames( 
  1339   1412     NameContext *pNC,       /* Namespace to resolve expressions in. */
  1340   1413     Expr *pExpr             /* The expression to be analyzed. */
  1341   1414   ){
  1342   1415     int savedHasAgg;
  1343   1416     if( pExpr==0 ) return 0;
         1417  +#if SQLITE_MAX_EXPR_DEPTH>0
         1418  +  if( (pExpr->nHeight+pNC->pParse->nHeight)>SQLITE_MAX_EXPR_DEPTH ){
         1419  +    sqlite3ErrorMsg(pNC->pParse, 
         1420  +       "Expression tree is too large (maximum depth %d)",
         1421  +       SQLITE_MAX_EXPR_DEPTH
         1422  +    );
         1423  +    return 1;
         1424  +  }
         1425  +  pNC->pParse->nHeight += pExpr->nHeight;
         1426  +#endif
  1344   1427     savedHasAgg = pNC->hasAgg;
  1345   1428     pNC->hasAgg = 0;
  1346   1429     walkExprTree(pExpr, nameResolverStep, pNC);
         1430  +#if SQLITE_MAX_EXPR_DEPTH>0
         1431  +  pNC->pParse->nHeight -= pExpr->nHeight;
         1432  +#endif
  1347   1433     if( pNC->nErr>0 ){
  1348   1434       ExprSetProperty(pExpr, EP_Error);
  1349   1435     }
  1350   1436     if( pNC->hasAgg ){
  1351   1437       ExprSetProperty(pExpr, EP_Agg);
  1352   1438     }else if( savedHasAgg ){
  1353   1439       pNC->hasAgg = 1;
................................................................................
  1379   1465   ** operator or subquery.
  1380   1466   */
  1381   1467   #ifndef SQLITE_OMIT_SUBQUERY
  1382   1468   void sqlite3CodeSubselect(Parse *pParse, Expr *pExpr){
  1383   1469     int testAddr = 0;                       /* One-time test address */
  1384   1470     Vdbe *v = sqlite3GetVdbe(pParse);
  1385   1471     if( v==0 ) return;
         1472  +
  1386   1473   
  1387   1474     /* This code must be run in its entirety every time it is encountered
  1388   1475     ** if any of the following is true:
  1389   1476     **
  1390   1477     **    *  The right-hand side is a correlated subquery
  1391   1478     **    *  The right-hand side is an expression list containing variables
  1392   1479     **    *  We are inside a trigger
................................................................................
  1517   1604         break;
  1518   1605       }
  1519   1606     }
  1520   1607   
  1521   1608     if( testAddr ){
  1522   1609       sqlite3VdbeJumpHere(v, testAddr);
  1523   1610     }
         1611  +
  1524   1612     return;
  1525   1613   }
  1526   1614   #endif /* SQLITE_OMIT_SUBQUERY */
  1527   1615   
  1528   1616   /*
  1529   1617   ** Generate an instruction that will put the integer describe by
  1530   1618   ** text z[0..n-1] on the stack.

Changes to src/limits.h.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** 
    13     13   ** This file defines various limits of what SQLite can process.
    14     14   **
    15         -** @(#) $Id: limits.h,v 1.5 2007/05/08 15:34:48 drh Exp $
           15  +** @(#) $Id: limits.h,v 1.6 2007/05/10 10:46:56 danielk1977 Exp $
    16     16   */
    17     17   
    18     18   /*
    19     19   ** The maximum length of a TEXT or BLOB in bytes.   This also
    20     20   ** limits the size of a row in a table or index.
    21     21   **
    22     22   ** The hard limit is the ability of a 32-bit signed integer
................................................................................
    52     52   ** The hard limit here is the same as SQLITE_MAX_LENGTH.
    53     53   */
    54     54   #ifndef SQLITE_MAX_SQL_LENGTH
    55     55   # define SQLITE_MAX_SQL_LENGTH 1000000
    56     56   #endif
    57     57   
    58     58   /*
    59         -** The maximum number of terms in an expression.
    60         -** This is limited to some extent by SQLITE_MAX_SQL_LENGTH.
    61         -** But sometime you might want to place more severe limits
    62         -** on the complexity of an expression.
           59  +** The maximum depth of an expression tree. This is limited to 
           60  +** some extent by SQLITE_MAX_SQL_LENGTH. But sometime you might 
           61  +** want to place more severe limits on the complexity of an 
           62  +** expression. A value of 0 (the default) means do not enforce
           63  +** any limitation on expression tree depth.
    63     64   */
    64         -#ifndef SQLITE_MAX_EXPR_LENGTH
    65         -# define SQLITE_MAX_EXPR_LENGTH 5000
           65  +#ifndef SQLITE_MAX_EXPR_DEPTH
           66  +# define SQLITE_MAX_EXPR_DEPTH 0
    66     67   #endif
    67     68   
    68     69   /*
    69     70   ** The maximum number of opcodes in a VDBE program.
    70     71   */
    71     72   #ifndef SQLITE_MAX_VDBE_OP
    72     73   # define SQLITE_MAX_VDBE_OP 25000

Changes to src/parse.y.

    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains SQLite's grammar for SQL.  Process this file
    13     13   ** using the lemon parser generator to generate C code that runs
    14     14   ** the parser.  Lemon will also generate a header file containing
    15     15   ** numeric codes for all of the tokens.
    16     16   **
    17         -** @(#) $Id: parse.y,v 1.224 2007/05/08 17:54:44 danielk1977 Exp $
           17  +** @(#) $Id: parse.y,v 1.225 2007/05/10 10:46:57 danielk1977 Exp $
    18     18   */
    19     19   
    20     20   // All token codes are small integers with #defines that begin with "TK_"
    21     21   %token_prefix TK_
    22     22   
    23     23   // The type of the data attached to each token is Token.  This is also the
    24     24   // default type for non-terminals.
................................................................................
   762    762     %type in_op {int}
   763    763     in_op(A) ::= IN.      {A = 0;}
   764    764     in_op(A) ::= NOT IN.  {A = 1;}
   765    765     expr(A) ::= expr(X) in_op(N) LP exprlist(Y) RP(E). [IN] {
   766    766       A = sqlite3Expr(TK_IN, X, 0, 0);
   767    767       if( A ){
   768    768         A->pList = Y;
          769  +      sqlite3ExprSetHeight(A);
   769    770       }else{
   770    771         sqlite3ExprListDelete(Y);
   771    772       }
   772    773       if( N ) A = sqlite3Expr(TK_NOT, A, 0, 0);
   773    774       sqlite3ExprSpan(A,&X->span,&E);
   774    775     }
   775    776     expr(A) ::= LP(B) select(X) RP(E). {
   776    777       A = sqlite3Expr(TK_SELECT, 0, 0, 0);
   777    778       if( A ){
   778    779         A->pSelect = X;
          780  +      sqlite3ExprSetHeight(A);
   779    781       }else{
   780    782         sqlite3SelectDelete(X);
   781    783       }
   782    784       sqlite3ExprSpan(A,&B,&E);
   783    785     }
   784    786     expr(A) ::= expr(X) in_op(N) LP select(Y) RP(E).  [IN] {
   785    787       A = sqlite3Expr(TK_IN, X, 0, 0);
   786    788       if( A ){
   787    789         A->pSelect = Y;
          790  +      sqlite3ExprSetHeight(A);
   788    791       }else{
   789    792         sqlite3SelectDelete(Y);
   790    793       }
   791    794       if( N ) A = sqlite3Expr(TK_NOT, A, 0, 0);
   792    795       sqlite3ExprSpan(A,&X->span,&E);
   793    796     }
   794    797     expr(A) ::= expr(X) in_op(N) nm(Y) dbnm(Z). [IN] {
   795    798       SrcList *pSrc = sqlite3SrcListAppend(0,&Y,&Z);
   796    799       A = sqlite3Expr(TK_IN, X, 0, 0);
   797    800       if( A ){
   798    801         A->pSelect = sqlite3SelectNew(0,pSrc,0,0,0,0,0,0,0);
          802  +      sqlite3ExprSetHeight(A);
   799    803       }else{
   800    804         sqlite3SrcListDelete(pSrc);
   801    805       }
   802    806       if( N ) A = sqlite3Expr(TK_NOT, A, 0, 0);
   803    807       sqlite3ExprSpan(A,&X->span,Z.z?&Z:&Y);
   804    808     }
   805    809     expr(A) ::= EXISTS(B) LP select(Y) RP(E). {
   806    810       Expr *p = A = sqlite3Expr(TK_EXISTS, 0, 0, 0);
   807    811       if( p ){
   808    812         p->pSelect = Y;
   809    813         sqlite3ExprSpan(p,&B,&E);
          814  +      sqlite3ExprSetHeight(A);
   810    815       }else{
   811    816         sqlite3SelectDelete(Y);
   812    817       }
   813    818     }
   814    819   %endif SQLITE_OMIT_SUBQUERY
   815    820   
   816    821   /* CASE expressions */
   817    822   expr(A) ::= CASE(C) case_operand(X) case_exprlist(Y) case_else(Z) END(E). {
   818    823     A = sqlite3Expr(TK_CASE, X, Z, 0);
   819    824     if( A ){
   820    825       A->pList = Y;
          826  +    sqlite3ExprSetHeight(A);
   821    827     }else{
   822    828       sqlite3ExprListDelete(Y);
   823    829     }
   824    830     sqlite3ExprSpan(A, &C, &E);
   825    831   }
   826    832   %type case_exprlist {ExprList*}
   827    833   %destructor case_exprlist {sqlite3ExprListDelete($$);}

Changes to src/select.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that are called by the parser
    13     13   ** to handle SELECT statements in SQLite.
    14     14   **
    15         -** $Id: select.c,v 1.343 2007/05/09 22:56:39 drh Exp $
           15  +** $Id: select.c,v 1.344 2007/05/10 10:46:57 danielk1977 Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   
    20     20   /*
    21     21   ** Delete all the content of a Select structure but do not deallocate
    22     22   ** the select structure itself.
................................................................................
  2936   2936       if( pItem->zName!=0 ){
  2937   2937         zSavedAuthContext = pParse->zAuthContext;
  2938   2938         pParse->zAuthContext = pItem->zName;
  2939   2939         needRestoreContext = 1;
  2940   2940       }else{
  2941   2941         needRestoreContext = 0;
  2942   2942       }
         2943  +#if SQLITE_MAX_EXPR_DEPTH>0
         2944  +    /* Increment Parse.nHeight by the height of the largest expression
         2945  +    ** tree refered to by this, the parent select. The child select
         2946  +    ** may contain expression trees of at most
         2947  +    ** (SQLITE_MAX_EXPR_DEPTH-Parse.nHeight) height. This is a bit
         2948  +    ** more conservative than necessary, but much easier than enforcing
         2949  +    ** an exact limit.
         2950  +    */
         2951  +    pParse->nHeight += sqlite3SelectExprHeight(p);
         2952  +#endif
  2943   2953       sqlite3Select(pParse, pItem->pSelect, SRT_EphemTab, 
  2944   2954                    pItem->iCursor, p, i, &isAgg, 0);
         2955  +#if SQLITE_MAX_EXPR_DEPTH>0
         2956  +    pParse->nHeight -= sqlite3SelectExprHeight(p);
         2957  +#endif
  2945   2958       if( needRestoreContext ){
  2946   2959         pParse->zAuthContext = zSavedAuthContext;
  2947   2960       }
  2948   2961       pTabList = p->pSrc;
  2949   2962       pWhere = p->pWhere;
  2950   2963       if( !IgnorableOrderby(eDest) ){
  2951   2964         pOrderBy = p->pOrderBy;

Changes to src/sqliteInt.h.

     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** Internal interface definitions for SQLite.
    13     13   **
    14         -** @(#) $Id: sqliteInt.h,v 1.562 2007/05/08 21:45:28 drh Exp $
           14  +** @(#) $Id: sqliteInt.h,v 1.563 2007/05/10 10:46:57 danielk1977 Exp $
    15     15   */
    16     16   #ifndef _SQLITEINT_H_
    17     17   #define _SQLITEINT_H_
    18     18   #include "limits.h"
    19     19   
    20     20   
    21     21   #if defined(SQLITE_TCL) || defined(TCLSH)
................................................................................
   994    994     AggInfo *pAggInfo;     /* Used by TK_AGG_COLUMN and TK_AGG_FUNCTION */
   995    995     int iAgg;              /* Which entry in pAggInfo->aCol[] or ->aFunc[] */
   996    996     int iRightJoinTable;   /* If EP_FromJoin, the right table of the join */
   997    997     Select *pSelect;       /* When the expression is a sub-select.  Also the
   998    998                            ** right side of "<expr> IN (<select>)" */
   999    999     Table *pTab;           /* Table for OP_Column expressions. */
  1000   1000     Schema *pSchema;
         1001  +#if SQLITE_MAX_EXPR_DEPTH>0
         1002  +  int nHeight;           /* Height of the tree headed by this node */
         1003  +#endif
  1001   1004   };
  1002   1005   
  1003   1006   /*
  1004   1007   ** The following are the meanings of bits in the Expr.flags field.
  1005   1008   */
  1006   1009   #define EP_FromJoin     0x01  /* Originated in ON or USING clause of a join */
  1007   1010   #define EP_Agg          0x02  /* Contains one or more aggregate functions */
................................................................................
  1339   1342     TriggerStack *trigStack;  /* Trigger actions being coded */
  1340   1343     const char *zAuthContext; /* The 6th parameter to db->xAuth callbacks */
  1341   1344   #ifndef SQLITE_OMIT_VIRTUALTABLE
  1342   1345     Token sArg;                /* Complete text of a module argument */
  1343   1346     u8 declareVtab;            /* True if inside sqlite3_declare_vtab() */
  1344   1347     Table *pVirtualLock;       /* Require virtual table lock on this table */
  1345   1348   #endif
         1349  +#if SQLITE_MAX_EXPR_DEPTH>0
         1350  +  int nHeight;            /* Expression tree height of current sub-select */
         1351  +#endif
  1346   1352   };
  1347   1353   
  1348   1354   #ifdef SQLITE_OMIT_VIRTUALTABLE
  1349   1355     #define IN_DECLARE_VTAB 0
  1350   1356   #else
  1351   1357     #define IN_DECLARE_VTAB (pParse->declareVtab)
  1352   1358   #endif
................................................................................
  1873   1879   int sqlite3VtabCallConnect(Parse*, Table*);
  1874   1880   int sqlite3VtabCallDestroy(sqlite3*, int, const char *);
  1875   1881   int sqlite3VtabBegin(sqlite3 *, sqlite3_vtab *);
  1876   1882   FuncDef *sqlite3VtabOverloadFunction(FuncDef*, int nArg, Expr*);
  1877   1883   void sqlite3InvalidFunction(sqlite3_context*,int,sqlite3_value**);
  1878   1884   int sqlite3Reprepare(Vdbe*);
  1879   1885   void sqlite3ExprListCheckLength(Parse*, ExprList*, int, const char*);
         1886  +
         1887  +#if SQLITE_MAX_EXPR_DEPTH>0
         1888  +  void sqlite3ExprSetHeight(Expr *);
         1889  +  int sqlite3SelectExprHeight(Select *);
         1890  +#else
         1891  +  #define sqlite3ExprSetHeight(x)
         1892  +#endif
  1880   1893   
  1881   1894   u32 sqlite3Get2byte(const u8*);
  1882   1895   u32 sqlite3Get4byte(const u8*);
  1883   1896   void sqlite3Put2byte(u8*, u32);
  1884   1897   void sqlite3Put4byte(u8*, u32);
  1885   1898   
  1886   1899   #ifdef SQLITE_SSE

Changes to src/test_config.c.

    12     12   ** 
    13     13   ** This file contains code used for testing the SQLite system.
    14     14   ** None of the code in this file goes into a deliverable build.
    15     15   ** 
    16     16   ** The focus of this file is providing the TCL testing layer
    17     17   ** access to compile-time constants.
    18     18   **
    19         -** $Id: test_config.c,v 1.3 2007/05/09 11:37:23 danielk1977 Exp $
           19  +** $Id: test_config.c,v 1.4 2007/05/10 10:46:57 danielk1977 Exp $
    20     20   */
    21     21   #include "sqliteInt.h"
    22     22   #include "tcl.h"
    23     23   #include "os.h"
    24     24   #include <stdlib.h>
    25     25   #include <string.h>
    26     26   
................................................................................
   378    378     }
   379    379     {
   380    380       static int sqlite_max_sql_length = SQLITE_MAX_SQL_LENGTH;
   381    381       Tcl_LinkVar(interp, "SQLITE_MAX_SQL_LENGTH",
   382    382              (char*)&sqlite_max_sql_length, TCL_LINK_INT|TCL_LINK_READ_ONLY);
   383    383     }
   384    384     {
   385         -    static int sqlite_max_expr_length = SQLITE_MAX_EXPR_LENGTH;
   386         -    Tcl_LinkVar(interp, "SQLITE_MAX_EXPR_LENGTH",
   387         -           (char*)&sqlite_max_expr_length, TCL_LINK_INT|TCL_LINK_READ_ONLY);
          385  +    static int sqlite_max_expr_depth = SQLITE_MAX_EXPR_DEPTH;
          386  +    Tcl_LinkVar(interp, "SQLITE_MAX_EXPR_DEPTH",
          387  +           (char*)&sqlite_max_expr_depth, TCL_LINK_INT|TCL_LINK_READ_ONLY);
   388    388     }
   389    389     {
   390    390       static int sqlite_max_vdbe_op = SQLITE_MAX_VDBE_OP;
   391    391       Tcl_LinkVar(interp, "SQLITE_MAX_VDBE_OP",
   392    392              (char*)&sqlite_max_vdbe_op, TCL_LINK_INT|TCL_LINK_READ_ONLY);
   393    393     }
   394    394     {

Changes to test/sqllimits1.test.

     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #***********************************************************************
    11     11   #
    12     12   # This file contains tests to verify that the limits defined in
    13     13   # sqlite source file limits.h are enforced.
    14     14   #
    15         -# $Id: sqllimits1.test,v 1.6 2007/05/09 15:56:40 danielk1977 Exp $
           15  +# $Id: sqllimits1.test,v 1.7 2007/05/10 10:46:57 danielk1977 Exp $
    16     16   
    17     17   set testdir [file dirname $argv0]
    18     18   source $testdir/tester.tcl
    19     19   
    20     20   # Test organization:
    21     21   #
    22     22   #     sqllimits-1.*:  SQLITE_MAX_LENGTH
................................................................................
    29     29   #     sqllimits-8.*:   SQLITE_MAX_ATTACHED
    30     30   #     sqllimits-9.*:   SQLITE_MAX_VARIABLE_NUMBER
    31     31   #     sqllimits-10.*:  SQLITE_MAX_PAGE_SIZE
    32     32   #     sqllimits-11.*:  SQLITE_MAX_LIKE_PATTERN_LENGTH
    33     33   #
    34     34   # Todo:
    35     35   #
    36         -#     sqllimits-5.*:   SQLITE_MAX_EXPR_LENGTH           (sqlite todo)
           36  +#     sqllimits-5.*:   SQLITE_MAX_EXPR_DEPTH            (sqlite todo)
    37     37   #     sqllimits-6.*:   SQLITE_MAX_VDBE_OP               (sqlite todo)
    38     38   #
    39     39   
    40     40   #--------------------------------------------------------------------
    41     41   # Test cases sqllimits-1.* test that the SQLITE_MAX_LENGTH limit
    42     42   # is enforced.
    43     43   #
................................................................................
   233    233       lappend cols "c$i"
   234    234     }
   235    235     catchsql "CREATE TABLE t2([join $cols ,])"
   236    236     catchsql "CREATE VIEW v1 AS SELECT *, c1 AS o FROM t2;"
   237    237   } {1 {too many columns in result set}}
   238    238   
   239    239   #--------------------------------------------------------------------
   240         -# These tests - sqllimits-5.* - test that the SQLITE_MAX_EXPR_LENGTH
          240  +# These tests - sqllimits-5.* - test that the SQLITE_MAX_EXPR_DEPTH
   241    241   # limit is enforced. The limit refers to the number of terms in 
   242    242   # the expression.
   243    243   #
   244         -# TODO
   245         -do_test sqllimits-1.5.1 {
   246         -  execsql {
   247         -    PRAGMA max_page_count = 1000000;  -- 1 GB
   248         -    CREATE TABLE v0(a);
   249         -  }
   250         -  db transaction {
   251         -    for {set i 1} {$i < 2000} {incr i} {
   252         -      set expr "([string repeat {a AND } 50]a AND a) AS a"
   253         -      execsql [subst {
   254         -        CREATE VIEW v${i} AS SELECT $expr FROM v0
   255         -      }]
          244  +if {$::SQLITE_MAX_EXPR_DEPTH != 1000} {
          245  +  puts -nonewline stderr "WARNING: Compile with -DSQLITE_MAX_EXPR_DEPTH to run "
          246  +  puts stderr "tests sqllimits-1.5.X"
          247  +} else {
          248  +  do_test sqllimits-1.5.1 {
          249  +    set max $::SQLITE_MAX_EXPR_DEPTH
          250  +    set expr "(1 [string repeat {AND 1 } $max])"
          251  +    catchsql [subst {
          252  +      SELECT $expr
          253  +    }]
          254  +  } "1 {Expression tree is too large (maximum depth $::SQLITE_MAX_EXPR_DEPTH)}"
          255  +  
          256  +  # Attempting to beat the expression depth limit using nested SELECT
          257  +  # queries causes a parser stack overflow. 
          258  +  do_test sqllimits-1.5.2 {
          259  +    set max $::SQLITE_MAX_EXPR_DEPTH
          260  +    set expr "SELECT 1"
          261  +    for {set i 0} {$i <= $max} {incr i} {
          262  +      set expr "SELECT ($expr)"
          263  +    }
          264  +    catchsql [subst {
          265  +      SELECT $expr
          266  +    }]
          267  +  } "1 {parser stack overflow}"
          268  +  
          269  +  
          270  +  do_test sqllimits-1.5.3 {
          271  +    execsql {
          272  +      PRAGMA max_page_count = 1000000;  -- 1 GB
          273  +      CREATE TABLE v0(a);
          274  +      INSERT INTO v0 VALUES(1);
          275  +    }
          276  +    db transaction {
          277  +      for {set i 1} {$i < 200} {incr i} {
          278  +        set expr "(a [string repeat {AND 1 } 50]) AS a"
          279  +        execsql [subst {
          280  +          CREATE VIEW v${i} AS SELECT $expr FROM v[expr {$i-1}]
          281  +        }]
          282  +      }
          283  +    }
          284  +  } {}
          285  +  
          286  +  do_test sqllimits-1.5.4 {
          287  +    catchsql {
          288  +      SELECT a FROM v199
   256    289       }
   257         -  }
   258         -} {}
          290  +  } "1 {Expression tree is too large (maximum depth $::SQLITE_MAX_EXPR_DEPTH)}"
          291  +}
   259    292   
   260    293   #--------------------------------------------------------------------
   261    294   # Test cases sqllimits-6.* test that the SQLITE_MAX_VDBE_OP
   262    295   # limit works as expected. The limit refers to the number of opcodes
   263    296   # in a single VDBE program.
   264    297   #
   265    298   # TODO