** X* zero or more occurrences of X
** X+ one or more occurrences of X
** X? zero or one occurrences of X
-** X{p,q} between p and q occurrences of X
+** X{p,q} between p and q occurrences of X, 0 <= p,q <= 999
** (X) match X
** X|Y X or Y
** ^X X occurring at the beginning of the string
** to p copies of X following by q-p copies of X? and that the size of the
** regular expression in the O(N*M) performance bound is computed after
** this expansion.
+**
+** To help prevent DoS attacks, the values of p and q in the "{p,q}" syntax
+** are limited to SQLITE_MAX_REGEXP_REPEAT, default 999.
*/
#include <string.h>
#include <stdlib.h>
#include "sqlite3ext.h"
SQLITE_EXTENSION_INIT1
+#ifndef SQLITE_MAX_REGEXP_REPEAT
+# define SQLITE_MAX_REGEXP_REPEAT 999
+#endif
+
/*
** The following #defines change the names of some functions implemented in
** this file to prevent name collisions with C-library functions of the
unsigned int m = 0, n = 0;
unsigned int sz, j;
if( iPrev<0 ) return "'{m,n}' without operand";
- while( (c=rePeek(p))>='0' && c<='9' ){ m = m*10 + c - '0'; p->sIn.i++; }
+ while( (c=rePeek(p))>='0' && c<='9' ){
+ m = m*10 + c - '0';
+ if( m>SQLITE_MAX_REGEXP_REPEAT ) return "integer too large";
+ p->sIn.i++;
+ }
n = m;
if( c==',' ){
p->sIn.i++;
n = 0;
- while( (c=rePeek(p))>='0' && c<='9' ){ n = n*10 + c-'0'; p->sIn.i++; }
+ while( (c=rePeek(p))>='0' && c<='9' ){
+ n = n*10 + c-'0';
+ if( n>SQLITE_MAX_REGEXP_REPEAT ) return "integer too large";
+ p->sIn.i++;
+ }
}
if( c!='}' ) return "unmatched '{'";
if( n<m ) return "n less than m in '{m,n}'";
-C Get\swasmfs\sbuild\sworking\sin\sthe\snew\ssetup.\sDisable\sthe\scustom\swasm\sloader\sbecause\sits\sgenerated\smakefile\scode\sis\scurrently\sbroken.
-D 2025-09-26T12:49:41.370
+C In\sthe\sregexp\sextension,\slimit\sthe\smaximum\svalue\sof\sintegers\sin\sthe\n"{p,q}"\ssyntax,\sas\sperformance\sof\sthe\sNFA\sused\sto\sdo\spattern\smatching\nis\slinear\sin\sthe\smaximum\ssuch\sinteger.\s\sThe\slimit\sis\sSQLITE_MAX_REGEXP_REPEAT\nwhich\sdefaults\sto\s999.\s\sThis\shelps\sto\sprevent\sDoS\sattacks\sin\ssystems\sthat\nmake\suse\sof\sthe\sregexp\sextension.
+D 2025-09-26T13:14:20.156
F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F ext/misc/prefixes.c 82645f79229877afab08c8b08ca1e7fa31921280906b90a61c294e4f540cd2a6
F ext/misc/qpvtab.c fc189e127f68f791af90a487f4460ec91539a716daf45a0c357e963fd47cc06c
F ext/misc/randomjson.c ef835fc64289e76ac4873b85fe12f9463a036168d7683cf2b773e36e6262c4ed
-F ext/misc/regexp.c fb3647ab48bf9e49dd4401e5168b6c13868018b4867ba95d5b84ef18851ee3da
+F ext/misc/regexp.c 8a762ed5d34a26f85fcaff687a405c38e85c541f5f489c964d99b5bc95aedbe1
F ext/misc/remember.c add730f0f7e7436cd15ea3fd6a90fd83c3f706ab44169f7f048438b7d6baa69c
F ext/misc/rot13.c 51ac5f51e9d5fd811db58a9c23c628ad5f333c173f1fc53c8491a3603d38556c
F ext/misc/scrub.c 2a44b0d44c69584c0580ad2553f6290a307a49df4668941d2812135bfb96a946
F test/readonly.test 0d307c335b3421898cfe64a783a376138aa003849b6bff61ee2d21e805bc0051
F test/recover.test c76d05f33f0271fba0f0752170e03b0ab5952dc61dcea7ab3ba40df03c4c42de
F test/regexp1.test 8f2a8bc1569666e29a4cee6c1a666cd224eb6d50e2470d1dc1df995170f3e0f1
-F test/regexp2.test 55ed41da802b0e284ac7e2fe944be3948f93ff25abbca0361a609acfed1368b5
+F test/regexp2.test 02ebe3cf5a06c5fcc40387d906875bafa1cdbe8d3289170a05e34bbb57dc2884
F test/reindex.test cd9d6021729910ece82267b4f5e1b5ac2911a7566c43b43c176a6a4732e2118d
F test/reservebytes.test 6163640b5a5120c0dee6591481e673a0fa0bf0d12d4da7513bad692c1a49a162
F test/resetdb.test 54c06f18bc832ac6d6319e5ab23d5c8dd49fdbeec7c696d791682a8006bd5fc3
F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
F tool/warnings.sh 1ad0169b022b280bcaaf94a7fa231591be96b514230ab5c98fbf15cd7df842dd
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 8f17e1d869685b51f3368feed03dc06543ec16bc8fd81b8daad2ac2dbf99c5d6
-R 5e672d86934b8320ca0a7d5b18bc23c5
-U stephan
-Z 1a1ba5bad861e833b8982957ff27b00f
+P 36bc2514f70af5608aa20903d9c38b316603e2f78f2cbf4a20c7c79b60c5b8d5
+R 8d76d36b83ffa10f8973f107bc375552
+U drh
+Z 3a7db3386aaa43ed8b2a45f636c561b9
# Remove this line to create a well-formed Fossil manifest.
do_execsql_test 4.17 {SELECT 'abc' REGEXP '\W{1,1}'} {0}
do_execsql_test 4.18 {SELECT 'abc' REGEXP '\W{1}'} {0}
+do_execsql_test 5.0 {
+ SELECT 'abc' REGEXP 'a{1,999}bc';
+} 1
+do_catchsql_test 5.1 {
+ SELECT 'abc' REGEXP 'a{1,1000}bc';
+} {1 {integer too large}}
+do_execsql_test 5.2 {
+ SELECT 'abc' REGEXP 'a{999}bc';
+} 0
+do_catchsql_test 5.3 {
+ SELECT 'abc' REGEXP 'a{1000}bc';
+} {1 {integer too large}}
+
+
+
finish_test
projects / thirdparty / sqlite.git / commitdiff
