/ Check-in [d6be1f49]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:In the sqlite3_limit() interface, take out the feature where zero means use the hard upper bound. If an application wants the hard upper bound, it can set the limit to 0x7fffffff and the bound will be automatically truncated. (CVS 4900)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:d6be1f495ec57158f7bcca3e32145a9a8fde723a
User & Date: drh 2008-03-20 18:00:49
Context
2008-03-21
14:22
Add some more logging to the malloc system used when SQLITE_MEMDEBUG is defined. (CVS 4901) check-in: 79738f58 user: danielk1977 tags: trunk
2008-03-20
18:00
In the sqlite3_limit() interface, take out the feature where zero means use the hard upper bound. If an application wants the hard upper bound, it can set the limit to 0x7fffffff and the bound will be automatically truncated. (CVS 4900) check-in: d6be1f49 user: drh tags: trunk
16:30
Reinstate test cases for the limit tests. The sqlite3_limit() API is now tested and working. (CVS 4899) check-in: 4c4be4c3 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Show Whitespace Changes Patch

Changes to src/main.c.

    10     10   **
    11     11   *************************************************************************
    12     12   ** Main file for the SQLite library.  The routines in this file
    13     13   ** implement the programmer interface to the library.  Routines in
    14     14   ** other files are for internal use by SQLite and should not be
    15     15   ** accessed by users of the library.
    16     16   **
    17         -** $Id: main.c,v 1.427 2008/03/20 16:30:18 drh Exp $
           17  +** $Id: main.c,v 1.428 2008/03/20 18:00:49 drh Exp $
    18     18   */
    19     19   #include "sqliteInt.h"
    20     20   #include <ctype.h>
    21     21   #ifdef SQLITE_ENABLE_FTS3
    22     22   # include "fts3.h"
    23     23   #endif
    24     24   
................................................................................
   997    997   int sqlite3_limit(sqlite3 *db, int limitId, int newLimit){
   998    998     int oldLimit;
   999    999     if( limitId<0 || limitId>SQLITE_N_LIMIT ){
  1000   1000       return -1;
  1001   1001     }
  1002   1002     oldLimit = db->aLimit[limitId];
  1003   1003     if( newLimit>=0 ){
  1004         -    if( newLimit==0 ){
  1005         -      newLimit = aHardLimit[limitId];
  1006         -    }else if( aHardLimit[limitId]>0 && newLimit>aHardLimit[limitId] ){
         1004  +    if( newLimit>aHardLimit[limitId] ){
  1007   1005         newLimit = aHardLimit[limitId];
  1008   1006       }
  1009   1007       db->aLimit[limitId] = newLimit;
  1010   1008     }
  1011   1009     return oldLimit;
  1012   1010   }
  1013   1011   

Changes to src/sqlite.h.in.

    26     26   ** on how SQLite interfaces are suppose to operate.
    27     27   **
    28     28   ** The name of this file under configuration management is "sqlite.h.in".
    29     29   ** The makefile makes some minor changes to this file (such as inserting
    30     30   ** the version number) and changes its name to "sqlite3.h" as
    31     31   ** part of the build process.
    32     32   **
    33         -** @(#) $Id: sqlite.h.in,v 1.297 2008/03/20 16:30:18 drh Exp $
           33  +** @(#) $Id: sqlite.h.in,v 1.298 2008/03/20 18:00:49 drh Exp $
    34     34   */
    35     35   #ifndef _SQLITE3_H_
    36     36   #define _SQLITE3_H_
    37     37   #include <stdarg.h>     /* Needed for the definition of va_list */
    38     38   
    39     39   /*
    40     40   ** Make sure we can call this stuff from C++.
................................................................................
  1615   1615   */
  1616   1616   void sqlite3_randomness(int N, void *P);
  1617   1617   
  1618   1618   /*
  1619   1619   ** CAPI3REF: Compile-Time Authorization Callbacks {F12500}
  1620   1620   **
  1621   1621   ** This routine registers a authorizer callback with a particular
  1622         -** database connection, supplied in the first argument.
         1622  +** [database connection], supplied in the first argument.
  1623   1623   ** The authorizer callback is invoked as SQL statements are being compiled
  1624   1624   ** by [sqlite3_prepare()] or its variants [sqlite3_prepare_v2()],
  1625   1625   ** [sqlite3_prepare16()] and [sqlite3_prepare16_v2()].  At various
  1626   1626   ** points during the compilation process, as logic is being created
  1627   1627   ** to perform various actions, the authorizer callback is invoked to
  1628   1628   ** see if those actions are allowed.  The authorizer callback should
  1629         -** return SQLITE_OK to allow the action, [SQLITE_IGNORE] to disallow the
         1629  +** return [SQLITE_OK] to allow the action, [SQLITE_IGNORE] to disallow the
  1630   1630   ** specific action but allow the SQL statement to continue to be
  1631   1631   ** compiled, or [SQLITE_DENY] to cause the entire SQL statement to be
  1632   1632   ** rejected with an error.   If the authorizer callback returns
  1633   1633   ** any value other than [SQLITE_IGNORE], [SQLITE_OK], or [SQLITE_DENY]
  1634   1634   ** then [sqlite3_prepare_v2()] or equivalent call that triggered
  1635   1635   ** the authorizer will fail with an error message.
  1636   1636   **
  1637   1637   ** When the callback returns [SQLITE_OK], that means the operation
  1638   1638   ** requested is ok.  When the callback returns [SQLITE_DENY], the
  1639   1639   ** [sqlite3_prepare_v2()] or equivalent call that triggered the
  1640   1640   ** authorizer will fail with an error message explaining that
  1641   1641   ** access is denied.  If the authorizer code is [SQLITE_READ]
  1642         -** and the callback returns [SQLITE_IGNORE] then the prepared
  1643         -** statement is constructed to insert a NULL value in place of
  1644         -** the table column that would have
         1642  +** and the callback returns [SQLITE_IGNORE] then the
         1643  +** [prepared statement] statement is constructed to substitute
         1644  +** a NULL value in place of the table column that would have
  1645   1645   ** been read if [SQLITE_OK] had been returned.  The [SQLITE_IGNORE]
  1646   1646   ** return can be used to deny an untrusted user access to individual
  1647   1647   ** columns of a table.
  1648   1648   **
  1649   1649   ** The first parameter to the authorizer callback is a copy of
  1650   1650   ** the third parameter to the sqlite3_set_authorizer() interface.
  1651   1651   ** The second parameter to the callback is an integer 
  1652   1652   ** [SQLITE_COPY | action code] that specifies the particular action
  1653   1653   ** to be authorized. The third through sixth
  1654   1654   ** parameters to the callback are zero-terminated strings that contain 
  1655   1655   ** additional details about the action to be authorized.
  1656   1656   **
  1657         -** An authorizer is used when preparing SQL statements from an untrusted
         1657  +** An authorizer is used when [sqlite3_prepare | preparing]
         1658  +** SQL statements from an untrusted
  1658   1659   ** source, to ensure that the SQL statements do not try to access data
  1659   1660   ** that they are not allowed to see, or that they do not try to
  1660   1661   ** execute malicious statements that damage the database.  For
  1661   1662   ** example, an application may allow a user to enter arbitrary
  1662   1663   ** SQL queries for evaluation by a database.  But the application does
  1663   1664   ** not want the user to be able to make arbitrary changes to the
  1664   1665   ** database.  An authorizer could then be put in place while the
  1665         -** user-entered SQL is being prepared that disallows everything
  1666         -** except SELECT statements.  
         1666  +** user-entered SQL is being [sqlite3_prepare | prepared] that
         1667  +** disallows everything except [SELECT] statements.
         1668  +**
         1669  +** Applications that need to process SQL from untrusted sources
         1670  +** might also consider lowering resource limits using [sqlite3_limit()]
         1671  +** and limiting database size using the [max_page_count] [PRAGMA]
         1672  +** in addition to using an authorizer.
  1667   1673   **
  1668   1674   ** Only a single authorizer can be in place on a database connection
  1669   1675   ** at a time.  Each call to sqlite3_set_authorizer overrides the
  1670   1676   ** previous call.  Disable the authorizer by installing a NULL callback.
  1671   1677   ** The authorizer is disabled by default.
  1672   1678   **
  1673   1679   ** Note that the authorizer callback is invoked only during 
................................................................................
  2162   2168   ** on a connection by connection basis.  The first parameter is the
  2163   2169   ** [database connection] whose limit is to be set or queried.  The
  2164   2170   ** second parameter is one of the [limit categories] that define a
  2165   2171   ** class of constructs to be size limited.  The third parameter is the
  2166   2172   ** new limit for that construct.  The function returns the old limit.
  2167   2173   **
  2168   2174   ** If the new limit is a negative number, the limit is unchanged.
  2169         -** If the new limit is zero, the construct becomes unlimited.  Actually,
  2170         -** there is a hard upper bound on the size of all constructs that
  2171         -** is determined at compile-time.  For the limit category of 
  2172         -** SQLITE_LIMIT_XYZ the hard upper bound is the compile-time
  2173         -** constant SQLITE_MAX_XYZ.  Attempts to increase a limit above its
  2174         -** hard upper bound are silently truncated.
         2175  +** For the limit category of SQLITE_LIMIT_XYZ there is a hard upper
         2176  +** bound set by a compile-time C-preprocess macro named SQLITE_MAX_XYZ.
         2177  +** (The "_LIMIT_" in the name is changed to "_MAX_".)
         2178  +** Attempts to increase a limit above its hard upper bound are
         2179  +** silently truncated to the hard upper limit.
  2175   2180   **
  2176   2181   ** Run time limits are intended for use in applications that manage
  2177   2182   ** both their own internal database and also databases that are controlled
  2178   2183   ** by untrusted external sources.  An example application might be a
  2179   2184   ** webbrowser that has its own databases for storing history and
  2180   2185   ** separate databases controlled by javascript applications downloaded
  2181         -** of the internet.  The internal databases can be given the
         2186  +** off the internet.  The internal databases can be given the
  2182   2187   ** large, default limits.  Databases managed by external sources can
  2183   2188   ** be given much smaller limits designed to prevent a denial of service
  2184         -** attach.
         2189  +** attach.  Developers might also want to use the [sqlite3_set_authorizer()]
         2190  +** interface to further control untrusted SQL.  The size of the database
         2191  +** created by an untrusted script can be contained using the
         2192  +** [max_page_count] [PRAGMA].
  2185   2193   **
  2186   2194   ** This interface is currently considered experimental and is subject
  2187   2195   ** to change or removal without prior notice.
  2188   2196   **
  2189   2197   ** INVARIANTS:
  2190   2198   **
  2191         -** {F12763} A successful call to [sqlite3_limit(D,C,V)] where V is
         2199  +** {F12762} A successful call to [sqlite3_limit(D,C,V)] where V is
  2192   2200   **          positive changes the
  2193   2201   **          limit on the size of construct C in [database connection] D
  2194   2202   **          to the lessor of V and the hard upper bound on the size
  2195   2203   **          of C that is set at compile-time.
  2196   2204   **
  2197         -** {F12763} A successful call to [sqlite3_limit(D,C,V)] where V is zero
         2205  +** {F12764} A successful call to [sqlite3_limit(D,C,V)] where V is zero
  2198   2206   **          changes the limit on the size of construct C in
  2199   2207   **          [database connection] D to be the hard upper bound on the size
  2200   2208   **          of C that is set at compile-time.
  2201   2209   **
  2202   2210   ** {F12766} A successful call to [sqlite3_limit(D,C,V)] where V is negative
  2203   2211   **          leaves the state of [database connection] D unchanged.
  2204   2212   **

Changes to test/sqllimits1.test.

     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #***********************************************************************
    11     11   #
    12     12   # This file contains tests to verify that the limits defined in
    13     13   # sqlite source file limits.h are enforced.
    14     14   #
    15         -# $Id: sqllimits1.test,v 1.25 2008/03/20 16:30:18 drh Exp $
           15  +# $Id: sqllimits1.test,v 1.26 2008/03/20 18:00:49 drh Exp $
    16     16   
    17     17   set testdir [file dirname $argv0]
    18     18   source $testdir/tester.tcl
    19     19   
    20     20   # Verify that the default per-connection limits are the same as
    21     21   # the compile-time hard limits.
    22     22   #
................................................................................
   219    219     sqlite3_limit db SQLITE_LIMIT_LIKE_PATTERN_LENGTH -1
   220    220   } $SQLITE_MAX_LIKE_PATTERN_LENGTH
   221    221   do_test sqllimits1-4.10.1 {
   222    222     sqlite3_limit db SQLITE_LIMIT_VARIABLE_NUMBER 0x7fffffff
   223    223     sqlite3_limit db SQLITE_LIMIT_VARIABLE_NUMBER -1
   224    224   } $SQLITE_MAX_VARIABLE_NUMBER
   225    225   
   226         -
   227         -
   228    226   #--------------------------------------------------------------------
   229    227   # Test cases sqllimits1-5.* test that the SQLITE_MAX_LENGTH limit
   230    228   # is enforced.
   231    229   #
   232    230   db close
   233    231   sqlite3 db test.db
   234    232   set LARGESIZE 99999
................................................................................
   351    349     set tail " /* A comment to take up space in order to make the string\
   352    350                   longer without increasing the expression depth */\
   353    351                   AND   1  ==  1"
   354    352     set N [expr {(50000 / [string length $tail])+1}]
   355    353     append sql [string repeat $tail $N]
   356    354     catchsql $sql
   357    355   } {1 {String or BLOB exceeded size limit}}
   358         -do_test sqllimits1-6.2 {
   359         -  sqlite3_limit db SQLITE_LIMIT_SQL_LENGTH 0
   360         -  catchsql $sql
   361         -} {0 1}
   362    356   do_test sqllimits1-6.3 {
   363    357     sqlite3_limit db SQLITE_LIMIT_SQL_LENGTH 50000
   364    358     set sql "SELECT 1 WHERE 1==1"
   365    359     set tail " /* A comment to take up space in order to make the string\
   366    360                   longer without increasing the expression depth */\
   367    361                   AND   1  ==  1"
   368    362     set N [expr {(50000 / [string length $tail])+1}]