SQLite

Check-in [4c2458c190]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add a comment to the Lemon documentation regarding the security of the lemon.exe command-line tool.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 4c2458c1908181dc2f6bc594395c06d015fcbd78f5d3472f07a6a3909be9673c
User & Date: drh 2017-06-01 01:53:19.186
Context
2017-06-02
13:16
Fix a typo in the header comment of the "series.c" virtual table extension. (check-in: d637feb4e3 user: drh tags: trunk)
2017-06-01
01:53
Add a comment to the Lemon documentation regarding the security of the lemon.exe command-line tool. (check-in: 4c2458c190 user: drh tags: trunk)
2017-05-31
17:30
Add the SQLITE_STMTSTATUS_MEMUSED opcode to sqlite3_stmt_status() for finding the heap memory usage by a single prepared statement. (check-in: c26cf978ee user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to doc/lemon.html. 
18
19
20
21
22
23
24




















25
26
27
28
29
30
31

Lemon also implements features that can be used
to eliminate resource leaks, making is suitable for use
in long-running programs such as graphical user interfaces
or embedded controllers.</p>

<p>This document is an introduction to the Lemon
parser generator.</p>





















<h2>Theory of Operation</h2>

<p>The main goal of Lemon is to translate a context free grammar (CFG)
for a particular language into C code that implements a parser for
that language.
The program has two inputs:








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

Lemon also implements features that can be used
to eliminate resource leaks, making is suitable for use
in long-running programs such as graphical user interfaces
or embedded controllers.</p>

<p>This document is an introduction to the Lemon
parser generator.</p>

<h2>Security Note</h2>

<p>The language parser code created by Lemon is very robust and
is well-suited for use in internet-facing applications that need to
safely process maliciously crafted inputs.

<p>The "lemon.exe" command-line tool itself works great when given a valid
input grammar file and almost always gives helpful
error messages for malformed inputs.  However,  it is possible for
a malicious user to craft a grammar file that will cause 
lemon.exe to crash.
We do not see this as a problem, as lemon.exe is not intended to be used
with hostile inputs.
To summarize:</p>

<ul>
<li>Parser code generated by lemon &rarr; Robust and secure
<li>The "lemon.exe" command line tool itself &rarr; Not so much
</ul>

<h2>Theory of Operation</h2>

<p>The main goal of Lemon is to translate a context free grammar (CFG)
for a particular language into C code that implements a parser for
that language.
The program has two inputs: