Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Remove unnecessary "#if SQLITE_MAX_COLUMN". SQLITE_MAX_COLUMN is always defined. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
6ec82acde81a46a75ed5931fc7dd813f |
| User & Date: | drh 2017-10-21 13:29:26.479 |
Context
|
2017-10-21
| ||
| 14:17 | Catch and avoid a 16-bit integer overflow on the number of columns in a common table expression. This fixes a problem found by OSS-Fuzz. The test case is in TH3. (check-in: 6ee8cb6ae5 user: drh tags: trunk) | |
| 13:29 | Remove unnecessary "#if SQLITE_MAX_COLUMN". SQLITE_MAX_COLUMN is always defined. (check-in: 6ec82acde8 user: drh tags: trunk) | |
|
2017-10-19
| ||
| 15:17 | Take extra care to avoid an OOB read caused by a corrupt b-tree page. This fixes a problem detected by Natalie Silvanovich of Google Project Zero. (check-in: 04925dee41 user: dan tags: trunk) | |
Changes
Changes to src/build.c.
| ︙ | ︙ | |||
1059 1060 1061 1062 1063 1064 1065 | Table *p; int i; char *z; char *zType; Column *pCol; sqlite3 *db = pParse->db; if( (p = pParse->pNewTable)==0 ) return; | < < | 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 |
Table *p;
int i;
char *z;
char *zType;
Column *pCol;
sqlite3 *db = pParse->db;
if( (p = pParse->pNewTable)==0 ) return;
if( p->nCol+1>db->aLimit[SQLITE_LIMIT_COLUMN] ){
sqlite3ErrorMsg(pParse, "too many columns on %s", p->zName);
return;
}
z = sqlite3DbMallocRaw(db, pName->n + pType->n + 2);
if( z==0 ) return;
memcpy(z, pName->z, pName->n);
z[pName->n] = 0;
sqlite3Dequote(z);
for(i=0; i<p->nCol; i++){
if( sqlite3_stricmp(z, p->aCol[i].zName)==0 ){
|
| ︙ | ︙ |
Changes to src/resolve.c.
| ︙ | ︙ | |||
955 956 957 958 959 960 961 | ExprList *pEList; sqlite3 *db; int moreToDo = 1; pOrderBy = pSelect->pOrderBy; if( pOrderBy==0 ) return 0; db = pParse->db; | < < | 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 |
ExprList *pEList;
sqlite3 *db;
int moreToDo = 1;
pOrderBy = pSelect->pOrderBy;
if( pOrderBy==0 ) return 0;
db = pParse->db;
if( pOrderBy->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
sqlite3ErrorMsg(pParse, "too many terms in ORDER BY clause");
return 1;
}
for(i=0; i<pOrderBy->nExpr; i++){
pOrderBy->a[i].done = 0;
}
pSelect->pNext = 0;
while( pSelect->pPrior ){
pSelect->pPrior->pNext = pSelect;
pSelect = pSelect->pPrior;
|
| ︙ | ︙ | |||
1052 1053 1054 1055 1056 1057 1058 |
){
int i;
sqlite3 *db = pParse->db;
ExprList *pEList;
struct ExprList_item *pItem;
if( pOrderBy==0 || pParse->db->mallocFailed ) return 0;
| < < | 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 |
){
int i;
sqlite3 *db = pParse->db;
ExprList *pEList;
struct ExprList_item *pItem;
if( pOrderBy==0 || pParse->db->mallocFailed ) return 0;
if( pOrderBy->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
sqlite3ErrorMsg(pParse, "too many terms in %s BY clause", zType);
return 1;
}
pEList = pSelect->pEList;
assert( pEList!=0 ); /* sqlite3SelectNew() guarantees this */
for(i=0, pItem=pOrderBy->a; i<pOrderBy->nExpr; i++, pItem++){
if( pItem->u.x.iOrderByCol ){
if( pItem->u.x.iOrderByCol>pEList->nExpr ){
resolveOutOfRangeError(pParse, zType, i+1, pEList->nExpr);
return 1;
|
| ︙ | ︙ |
Changes to src/select.c.
| ︙ | ︙ | |||
4592 4593 4594 4595 4596 4597 4598 |
}
}
}
}
sqlite3ExprListDelete(db, pEList);
p->pEList = pNew;
}
| < < | 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 4602 4603 4604 4605 4606 4607 4608 4609 |
}
}
}
}
sqlite3ExprListDelete(db, pEList);
p->pEList = pNew;
}
if( p->pEList && p->pEList->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
sqlite3ErrorMsg(pParse, "too many columns in result set");
return WRC_Abort;
}
return WRC_Continue;
}
/*
** No-op routine for the parse-tree walker.
**
** When this routine is the Walker.xExprCallback then expression trees
|
| ︙ | ︙ |