Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Make sure the authorizer callback gets a valid pointer to "ROWID" for the column-name parameter when doing an UPDATE that changes the rowid. Fix for ticket [0eb70d77cb05bb2272]. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
26a59bb88d4082758eb281b365b57f9a |
| User & Date: | drh 2013-05-06 13:22:50 |
Context
|
2013-05-06
| ||
| 14:57 | Add an assert() to fts3_expr.c in order to silence a clang warning. check-in: d8dc2c5f user: drh tags: trunk | |
| 13:22 | Make sure the authorizer callback gets a valid pointer to "ROWID" for the column-name parameter when doing an UPDATE that changes the rowid. Fix for ticket [0eb70d77cb05bb2272]. check-in: 26a59bb8 user: drh tags: trunk | |
|
2013-05-03
| ||
| 20:08 | Add magic numbers for Bentley Systems application files. check-in: 9314b080 user: drh tags: trunk | |
Changes
Changes to src/update.c.
204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 |
}
aXRef[j] = i;
break;
}
}
if( j>=pTab->nCol ){
if( sqlite3IsRowid(pChanges->a[i].zName) ){
chngRowid = 1;
pRowidExpr = pChanges->a[i].pExpr;
}else{
sqlite3ErrorMsg(pParse, "no such column: %s", pChanges->a[i].zName);
pParse->checkSchema = 1;
goto update_cleanup;
}
}
#ifndef SQLITE_OMIT_AUTHORIZATION
{
int rc;
rc = sqlite3AuthCheck(pParse, SQLITE_UPDATE, pTab->zName,
pTab->aCol[j].zName, db->aDb[iDb].zName);
if( rc==SQLITE_DENY ){
goto update_cleanup;
}else if( rc==SQLITE_IGNORE ){
aXRef[j] = -1;
}
}
#endif
|
> > | |
204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 |
}
aXRef[j] = i;
break;
}
}
if( j>=pTab->nCol ){
if( sqlite3IsRowid(pChanges->a[i].zName) ){
j = -1;
chngRowid = 1;
pRowidExpr = pChanges->a[i].pExpr;
}else{
sqlite3ErrorMsg(pParse, "no such column: %s", pChanges->a[i].zName);
pParse->checkSchema = 1;
goto update_cleanup;
}
}
#ifndef SQLITE_OMIT_AUTHORIZATION
{
int rc;
rc = sqlite3AuthCheck(pParse, SQLITE_UPDATE, pTab->zName,
j<0 ? "ROWID" : pTab->aCol[j].zName,
db->aDb[iDb].zName);
if( rc==SQLITE_DENY ){
goto update_cleanup;
}else if( rc==SQLITE_IGNORE ){
aXRef[j] = -1;
}
}
#endif
|
Changes to test/auth.test.
2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 |
SQLITE_READ t5 x main t5_tr1 \
]
do_test auth-5.3.2 {
execsql { SELECT * FROM t5 }
} {1}
}
rename proc {}
rename proc_real proc
finish_test
|
> > > > > > > > > > > > > > > > > > > > > > > |
2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 |
SQLITE_READ t5 x main t5_tr1 \
]
do_test auth-5.3.2 {
execsql { SELECT * FROM t5 }
} {1}
}
# Ticket [0eb70d77cb05bb22720]: Invalid pointer passsed to the authorizer
# callback when updating a ROWID.
#
do_test auth-6.1 {
execsql {
CREATE TABLE t6(a,b,c,d,e,f,g,h);
INSERT INTO t6 VALUES(1,2,3,4,5,6,7,8);
}
} {}
set ::authargs [list]
proc auth {args} {
eval lappend ::authargs $args
return SQLITE_OK
}
do_test auth-6.2 {
execsql {UPDATE t6 SET rowID=rowID+100}
set ::authargs
} [list SQLITE_READ t6 ROWID main {} \
SQLITE_UPDATE t6 ROWID main {} \
]
do_test auth-6.3 {
execsql {SELECT rowid, * FROM t6}
} {101 1 2 3 4 5 6 7 8}
rename proc {}
rename proc_real proc
finish_test
|