/ Check-in [64bec9e6]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a fairly obscure problem allowing an "ALTER TABLE RENAME col TO ..." statement to modify the schema in such a way as to break a reference within a trigger program.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 64bec9e6214c6932fab5a3fb8c569ae14cd2d603bd0f8b26104815c3bb9d396a
User & Date: dan 2019-01-18 16:06:18
Context
2019-01-18
17:53
Handle oversize floating point values carefully when converting to integers for the '%' binary operator. check-in: 048add13 user: drh tags: trunk
16:06
Fix a fairly obscure problem allowing an "ALTER TABLE RENAME col TO ..." statement to modify the schema in such a way as to break a reference within a trigger program. check-in: 64bec9e6 user: dan tags: trunk
14:53
Use the full 64-bit integer value in the argument to randomblob(). check-in: 05df5f7a user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/alter.c.

  1077   1077   ** message in the Parse object.
  1078   1078   */
  1079   1079   static int renameResolveTrigger(Parse *pParse, const char *zDb){
  1080   1080     sqlite3 *db = pParse->db;
  1081   1081     Trigger *pNew = pParse->pNewTrigger;
  1082   1082     TriggerStep *pStep;
  1083   1083     NameContext sNC;
  1084         -  SrcList sSrc;
  1085   1084     int rc = SQLITE_OK;
  1086   1085   
  1087   1086     memset(&sNC, 0, sizeof(sNC));
  1088   1087     sNC.pParse = pParse;
  1089   1088     assert( pNew->pTabSchema );
  1090   1089     pParse->pTriggerTab = sqlite3FindTable(db, pNew->table, 
  1091   1090         db->aDb[sqlite3SchemaToIndex(db, pNew->pTabSchema)].zDbSName
................................................................................
  1108   1107         if( pParse->nErr ) rc = pParse->rc;
  1109   1108       }
  1110   1109       if( rc==SQLITE_OK && pStep->zTarget ){
  1111   1110         Table *pTarget = sqlite3LocateTable(pParse, 0, pStep->zTarget, zDb);
  1112   1111         if( pTarget==0 ){
  1113   1112           rc = SQLITE_ERROR;
  1114   1113         }else if( SQLITE_OK==(rc = sqlite3ViewGetColumnNames(pParse, pTarget)) ){
         1114  +        SrcList sSrc;
  1115   1115           memset(&sSrc, 0, sizeof(sSrc));
  1116   1116           sSrc.nSrc = 1;
  1117   1117           sSrc.a[0].zName = pStep->zTarget;
  1118   1118           sSrc.a[0].pTab = pTarget;
  1119   1119           sNC.pSrcList = &sSrc;
  1120   1120           if( pStep->pWhere ){
  1121   1121             rc = sqlite3ResolveExprNames(&sNC, pStep->pWhere);
................................................................................
  1139   1139               rc = sqlite3ResolveExprNames(&sNC, pUpsert->pUpsertWhere);
  1140   1140             }
  1141   1141             if( rc==SQLITE_OK ){
  1142   1142               rc = sqlite3ResolveExprNames(&sNC, pUpsert->pUpsertTargetWhere);
  1143   1143             }
  1144   1144             sNC.ncFlags = 0;
  1145   1145           }
         1146  +        sNC.pSrcList = 0;
  1146   1147         }
  1147   1148       }
  1148   1149     }
  1149   1150     return rc;
  1150   1151   }
  1151   1152   
  1152   1153   /*

Changes to test/altertab2.test.

   301    301   } {
   302    302     {CREATE TRIGGER r1 AFTER INSERT ON "xyzzy" BEGIN
   303    303       INSERT INTO t2
   304    304       SELECT a,b,ccc FROM "xyzzy" UNION SELECT d,e,f FROM "xyzzy" ORDER BY b,ccc;
   305    305     END}
   306    306   }
   307    307   
          308  +#-------------------------------------------------------------------------
          309  +reset_db
          310  +do_execsql_test 8.0 {
          311  +  CREATE TABLE t1(a, b, c); 
          312  +  CREATE TABLE t2(a, b, c); 
          313  +  CREATE TABLE t3(d, e, f);
          314  +  CREATE VIEW v1 AS SELECT * FROM t1;
          315  +  CREATE TRIGGER tr AFTER INSERT ON t3 BEGIN
          316  +    UPDATE t2 SET a = new.d;
          317  +    SELECT a, b, c FROM v1;
          318  +  END;
          319  +}
          320  +
          321  +do_execsql_test 8.1 {
          322  +  INSERT INTO t3 VALUES(1, 2, 3);
          323  +}
          324  +
          325  +# The following ALTER TABLE fails as if column "t1.a" is renamed the "a"
          326  +# in the "SELECT a, b, c FROM v1" within the trigger can no longer be
          327  +# resolved. But at one point there was a bug allowing the ALTER TABLE
          328  +# succeed. Which meant the subsequent INSERT statement would fail.
          329  +do_catchsql_test 8.2 {
          330  +  ALTER TABLE t1 RENAME a TO aaa;
          331  +} {1 {error in trigger tr after rename: no such column: a}}
          332  +do_execsql_test 8.3 {
          333  +  INSERT INTO t3 VALUES(4, 5, 6);
          334  +}
   308    335   
   309    336   finish_test
   310    337   
   311    338