Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Performance improvement in the parsing of options to %-formats in the printf implementation. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
40d8f8ae87abf928542c4e558a4c3a3e |
| User & Date: | drh 2019-02-01 18:46:41 |
Context
|
2019-02-01
| ||
| 20:29 | Prevent the printf formatter from doing large memory allocations - larger than either the size of the static buffer for interfaces like sqlite3_snprintf(), or larger than SQLITE_LIMIT_LENGTH for interfaces that are associated with a database connection. This helps to prevent DOS attacks on products that let hostile sources inject arbitrary SQL. It also helps fuzzers run faster and more effectively. check-in: 179e5d46 user: drh tags: trunk | |
| 18:46 | Performance improvement in the parsing of options to %-formats in the printf implementation. check-in: 40d8f8ae user: drh tags: trunk | |
| 15:06 | Ensure that the Walker.pParse structure is initialized when walking the source tree to gather the WINDOW clauses on a query with window functions. check-in: 4ca9d5d5 user: drh tags: trunk | |
Changes
Changes to src/printf.c.
233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 |
sqlite3_str_append(pAccum, "%", 1);
break;
}
/* Find out what flags are present */
flag_leftjustify = flag_prefix = cThousand =
flag_alternateform = flag_altform2 = flag_zeropad = 0;
done = 0;
do{
switch( c ){
case '-': flag_leftjustify = 1; break;
case '+': flag_prefix = '+'; break;
case ' ': flag_prefix = ' '; break;
case '#': flag_alternateform = 1; break;
case '!': flag_altform2 = 1; break;
case '0': flag_zeropad = 1; break;
case ',': cThousand = ','; break;
default: done = 1; break;
}
}while( !done && (c=(*++fmt))!=0 );
/* Get the field width */
if( c=='*' ){
if( bArgList ){
width = (int)getIntArg(pArgList);
}else{
width = va_arg(ap,int);
}
if( width<0 ){
flag_leftjustify = 1;
width = width >= -2147483647 ? -width : 0;
}
c = *++fmt;
}else{
unsigned wx = 0;
while( c>='0' && c<='9' ){
wx = wx*10 + c - '0';
c = *++fmt;
}
testcase( wx>0x7fffffff );
width = wx & 0x7fffffff;
}
assert( width>=0 );
#ifdef SQLITE_PRINTF_PRECISION_LIMIT
if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
width = SQLITE_PRINTF_PRECISION_LIMIT;
}
#endif
/* Get the precision */
if( c=='.' ){
c = *++fmt;
if( c=='*' ){
if( bArgList ){
precision = (int)getIntArg(pArgList);
}else{
precision = va_arg(ap,int);
}
c = *++fmt;
if( precision<0 ){
precision = precision >= -2147483647 ? -precision : -1;
}
}else{
unsigned px = 0;
while( c>='0' && c<='9' ){
px = px*10 + c - '0';
c = *++fmt;
}
testcase( px>0x7fffffff );
precision = px & 0x7fffffff;
}
}else{
precision = -1;
}
assert( precision>=(-1) );
#ifdef SQLITE_PRINTF_PRECISION_LIMIT
if( precision>SQLITE_PRINTF_PRECISION_LIMIT ){
precision = SQLITE_PRINTF_PRECISION_LIMIT;
}
#endif
/* Get the conversion type modifier */
if( c=='l' ){
flag_long = 1;
c = *++fmt;
if( c=='l' ){
flag_long = 2;
c = *++fmt;
}
}else{
flag_long = 0;
}
/* Fetch the info entry for the field */
infop = &fmtinfo[0];
xtype = etINVALID;
for(idx=0; idx<ArraySize(fmtinfo); idx++){
if( c==fmtinfo[idx].fmttype ){
infop = &fmtinfo[idx];
xtype = infop->type;
|
> > > < < < > > > | < < < | > | < | < > | | | | | | < | | | > > > | > > > > > > > > > > > > > > | > > > | | | > > > | < < > > > | | | | | | | < | | | > | | | | | | | | | < < < < | | | > > > > | > | < < < < < < < < < > | |
233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 |
sqlite3_str_append(pAccum, "%", 1);
break;
}
/* Find out what flags are present */
flag_leftjustify = flag_prefix = cThousand =
flag_alternateform = flag_altform2 = flag_zeropad = 0;
done = 0;
width = 0;
flag_long = 0;
precision = -1;
do{
switch( c ){
case '-': flag_leftjustify = 1; break;
case '+': flag_prefix = '+'; break;
case ' ': flag_prefix = ' '; break;
case '#': flag_alternateform = 1; break;
case '!': flag_altform2 = 1; break;
case '0': flag_zeropad = 1; break;
case ',': cThousand = ','; break;
default: done = 1; break;
case 'l': {
flag_long = 1;
c = *++fmt;
if( c=='l' ){
c = *++fmt;
flag_long = 2;
}
done = 1;
break;
}
case '1': case '2': case '3': case '4': case '5':
case '6': case '7': case '8': case '9': {
unsigned wx = c - '0';
while( (c = *++fmt)>='0' && c<='9' ){
wx = wx*10 + c - '0';
}
testcase( wx>0x7fffffff );
width = wx & 0x7fffffff;
#ifdef SQLITE_PRINTF_PRECISION_LIMIT
if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
width = SQLITE_PRINTF_PRECISION_LIMIT;
}
#endif
if( c!='.' && c!='l' ){
done = 1;
}else{
fmt--;
}
break;
}
case '*': {
if( bArgList ){
width = (int)getIntArg(pArgList);
}else{
width = va_arg(ap,int);
}
if( width<0 ){
flag_leftjustify = 1;
width = width >= -2147483647 ? -width : 0;
}
#ifdef SQLITE_PRINTF_PRECISION_LIMIT
if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
width = SQLITE_PRINTF_PRECISION_LIMIT;
}
#endif
if( (c = fmt[1])!='.' && c!='l' ){
c = *++fmt;
done = 1;
}
break;
}
case '.': {
c = *++fmt;
if( c=='*' ){
if( bArgList ){
precision = (int)getIntArg(pArgList);
}else{
precision = va_arg(ap,int);
}
if( precision<0 ){
precision = precision >= -2147483647 ? -precision : -1;
}
c = *++fmt;
}else{
unsigned px = 0;
while( c>='0' && c<='9' ){
px = px*10 + c - '0';
c = *++fmt;
}
testcase( px>0x7fffffff );
precision = px & 0x7fffffff;
}
#ifdef SQLITE_PRINTF_PRECISION_LIMIT
if( precision>SQLITE_PRINTF_PRECISION_LIMIT ){
precision = SQLITE_PRINTF_PRECISION_LIMIT;
}
#endif
if( c=='l' ){
--fmt;
}else{
done = 1;
}
break;
}
}
}while( !done && (c=(*++fmt))!=0 );
/* Fetch the info entry for the field */
infop = &fmtinfo[0];
xtype = etINVALID;
for(idx=0; idx<ArraySize(fmtinfo); idx++){
if( c==fmtinfo[idx].fmttype ){
infop = &fmtinfo[idx];
xtype = infop->type;
|