/ Check-in [26a59bb8]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Make sure the authorizer callback gets a valid pointer to "ROWID" for the column-name parameter when doing an UPDATE that changes the rowid. Fix for ticket [0eb70d77cb05bb2272].
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 26a59bb88d4082758eb281b365b57f9a0c059d89
User & Date: drh 2013-05-06 13:22:50
Context
2013-05-06
14:57
Add an assert() to fts3_expr.c in order to silence a clang warning. check-in: d8dc2c5f user: drh tags: trunk
13:22
Make sure the authorizer callback gets a valid pointer to "ROWID" for the column-name parameter when doing an UPDATE that changes the rowid. Fix for ticket [0eb70d77cb05bb2272]. check-in: 26a59bb8 user: drh tags: trunk
2013-05-03
20:08
Add magic numbers for Bentley Systems application files. check-in: 9314b080 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/update.c.

   204    204           }
   205    205           aXRef[j] = i;
   206    206           break;
   207    207         }
   208    208       }
   209    209       if( j>=pTab->nCol ){
   210    210         if( sqlite3IsRowid(pChanges->a[i].zName) ){
          211  +        j = -1;
   211    212           chngRowid = 1;
   212    213           pRowidExpr = pChanges->a[i].pExpr;
   213    214         }else{
   214    215           sqlite3ErrorMsg(pParse, "no such column: %s", pChanges->a[i].zName);
   215    216           pParse->checkSchema = 1;
   216    217           goto update_cleanup;
   217    218         }
   218    219       }
   219    220   #ifndef SQLITE_OMIT_AUTHORIZATION
   220    221       {
   221    222         int rc;
   222    223         rc = sqlite3AuthCheck(pParse, SQLITE_UPDATE, pTab->zName,
   223         -                           pTab->aCol[j].zName, db->aDb[iDb].zName);
          224  +                            j<0 ? "ROWID" : pTab->aCol[j].zName,
          225  +                            db->aDb[iDb].zName);
   224    226         if( rc==SQLITE_DENY ){
   225    227           goto update_cleanup;
   226    228         }else if( rc==SQLITE_IGNORE ){
   227    229           aXRef[j] = -1;
   228    230         }
   229    231       }
   230    232   #endif

Changes to test/auth.test.

  2364   2364             SQLITE_READ t5 x main t5_tr1   \
  2365   2365       ]
  2366   2366     do_test auth-5.3.2 {
  2367   2367       execsql { SELECT * FROM t5 }
  2368   2368     } {1}
  2369   2369   }
  2370   2370   
         2371  +# Ticket [0eb70d77cb05bb22720]:  Invalid pointer passsed to the authorizer
         2372  +# callback when updating a ROWID.
         2373  +#
         2374  +do_test auth-6.1 {
         2375  +  execsql {
         2376  +    CREATE TABLE t6(a,b,c,d,e,f,g,h);
         2377  +    INSERT INTO t6 VALUES(1,2,3,4,5,6,7,8);
         2378  +  }
         2379  +} {}
         2380  +set ::authargs [list]
         2381  +proc auth {args} {
         2382  +  eval lappend ::authargs $args
         2383  +  return SQLITE_OK
         2384  +}
         2385  +do_test auth-6.2 {
         2386  +  execsql {UPDATE t6 SET rowID=rowID+100}
         2387  +  set ::authargs
         2388  +} [list SQLITE_READ   t6 ROWID main {} \
         2389  +        SQLITE_UPDATE t6 ROWID main {} \
         2390  +]
         2391  +do_test auth-6.3 {
         2392  +  execsql {SELECT rowid, * FROM t6}
         2393  +} {101 1 2 3 4 5 6 7 8}
  2371   2394   
  2372   2395   rename proc {}
  2373   2396   rename proc_real proc
  2374   2397   
  2375   2398   
  2376   2399   finish_test