Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Ensure that sqlite3AuthRead() is only call for TK_COLUMN and TK_TRIGGER expression nodes. This fixes a harmless assert() identified by OSSFuzz. Move the assert() into a position where it is tested even if the authorizer is disabled. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
d0c3beef7cdc680c0768ddd18f766a4c |
User & Date: | drh 2018-06-02 11:31:15.578 |
Context
2018-06-02
| ||
12:05 | Fix the CSV extension so that it works with single-column CSV files. (check-in: e336cf0048 user: drh tags: trunk) | |
11:31 | Ensure that sqlite3AuthRead() is only call for TK_COLUMN and TK_TRIGGER expression nodes. This fixes a harmless assert() identified by OSSFuzz. Move the assert() into a position where it is tested even if the authorizer is disabled. (check-in: d0c3beef7c user: drh tags: trunk) | |
2018-06-01
| ||
13:30 | Fix a bug in the SQLITE_ENABLE_SORTER_REFERENCES code causing an out-of-bounds array reference. (check-in: 8cadaf587d user: dan tags: trunk) | |
Changes
Changes to src/auth.c.
︙ | |||
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 | 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 | + - | sqlite3 *db = pParse->db; Table *pTab = 0; /* The table being read */ const char *zCol; /* Name of the column of the table */ int iSrc; /* Index in pTabList->a[] of table being read */ int iDb; /* The index of the database the expression refers to */ int iCol; /* Index of column in table */ assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER ); if( db->xAuth==0 ) return; iDb = sqlite3SchemaToIndex(pParse->db, pSchema); if( iDb<0 ){ /* An attempt to read a column out of a subquery or other ** temporary table. */ return; } |
︙ |
Changes to src/resolve.c.
︙ | |||
71 72 73 74 75 76 77 | 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | - - - - - - + + + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + | sqlite3 *db; /* The database connection */ assert( iCol>=0 && iCol<pEList->nExpr ); pOrig = pEList->a[iCol].pExpr; assert( pOrig!=0 ); db = pParse->db; pDup = sqlite3ExprDup(db, pOrig, 0); |
︙ | |||
345 346 347 348 349 350 351 352 353 354 355 356 357 358 | 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 | + | if( iCol<pTab->nCol ){ cnt++; #ifndef SQLITE_OMIT_UPSERT if( pExpr->iTable==2 ){ testcase( iCol==(-1) ); pExpr->iTable = pNC->uNC.pUpsert->regData + iCol; eNewExprOp = TK_REGISTER; ExprSetProperty(pExpr, EP_Alias); }else #endif /* SQLITE_OMIT_UPSERT */ { #ifndef SQLITE_OMIT_TRIGGER if( iCol<0 ){ pExpr->affinity = SQLITE_AFF_INTEGER; }else if( pExpr->iTable==0 ){ |
︙ |