Add extra checks for the validity of a numeric literal to sqlite3DequoteNumber().

author dan <Dan Kennedy>

Tue, 23 Jan 2024 11:20:58 +0000 (11:20 +0000)

committer dan <Dan Kennedy>

Tue, 23 Jan 2024 11:20:58 +0000 (11:20 +0000)
author dan <Dan Kennedy>
Tue, 23 Jan 2024 11:20:58 +0000 (11:20 +0000)
committer dan <Dan Kennedy>
Tue, 23 Jan 2024 11:20:58 +0000 (11:20 +0000)
diff --git a/manifest b/manifest

index f48cebcf73cd8e1c030ef39ba42113884ac3f95f..0470957ccf27d9898ee17023ba50d4021823f035 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sproblem\sin\sthe\sprevious\scommit\swith\shex\sliterals\sthat\sstart\swith\s"0X"\sinstead\sof\s"0x".
-D 2024-01-22T19:42:56.220
+C Add\sextra\schecks\sfor\sthe\svalidity\sof\sa\snumeric\sliteral\sto\ssqlite3DequoteNumber().
+D 2024-01-23T11:20:58.812
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -727,7 +727,7 @@ F src/os_win.c 4a50a154aeebc66a1f8fb79c1ff6dd5fe3d005556533361e0d460d41cb6a45a8
  F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a
  F src/pager.c ff60e98138d2499082ac6230f01ac508aba545315debccfca2fd6042f5f10fcd
  F src/pager.h 4b1140d691860de0be1347474c51fee07d5420bd7f802d38cbab8ea4ab9f538a
-F src/parse.y 2354aaf964e7c4154a9dbe56ea55a797a0fa3021c38b50afe491ea4a387bf971
+F src/parse.y d2823ae4a503f83b3e8629c31470686624e46851d576c1f2b7bbec2e7328bb05
  F src/pcache.c 040b165f30622a21b7a9a77c6f2e4877a32fb7f22d4c7f0d2a6fa6833a156a75
  F src/pcache.h 1497ce1b823cf00094bb0cf3bac37b345937e6f910890c626b16512316d3abf5
  F src/pcache1.c 602acb23c471bb8d557a6f0083cc2be641d6cafcafa19e481eba7ef4c9ca0f00
@@ -743,7 +743,7 @@ F src/shell.c.in d1ed426aae2d547932971e8019939cacb4dfda8258e45b8924b250e488e2d53
  F src/sqlite.h.in 61a60b4ea04db8ead15e1579b20b64cb56e9f55d52c5f9f9694de630110593a3
  F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
  F src/sqlite3ext.h 3f046c04ea3595d6bfda99b781926b17e672fd6d27da2ba6d8d8fc39981dcb54
-F src/sqliteInt.h 6e5e330d84b4ace70e3163721601f01df84566e6db21e1fc45bd00636e3d6640
+F src/sqliteInt.h a1367a4cd90c90e5eb2e5ca7d1be96823507f63b43030deb394f90f4f8d9ac10
  F src/sqliteLimit.h 6878ab64bdeb8c24a1d762d45635e34b96da21132179023338c93f820eee6728
  F src/status.c cb11f8589a6912af2da3bb1ec509a94dd8ef27df4d4c1a97e0bcf2309ece972b
  F src/table.c 0f141b58a16de7e2fbe81c308379e7279f4c6b50eb08efeec5892794a0ba30d1
@@ -800,13 +800,13 @@ F src/test_windirent.h da2e5b73c32d09905fbdd00f27cd802212a32a58ead882736fe4f5eb7
  F src/test_window.c cdae419fdcea5bad6dcd9368c685abdad6deb59e9fc8b84b153de513d394ba3f
  F src/test_wsd.c 41cadfd9d97fe8e3e4e44f61a4a8ccd6f7ca8fe9
  F src/threads.c 4ae07fa022a3dc7c5beb373cf744a85d3c5c6c3c
-F src/tokenize.c 3ea60fcd98a0eb1391592a080fb8871b0026eaffbdb5795ef3b19bb7d48e702a
+F src/tokenize.c 3f703cacdab728d7741e5a6ac242006d74fe1c2754d4f03ed889d7253259bd68
  F src/treeview.c c6fc972683fd00f975d8b32a81c1f25d2fb7d4035366bf45c9f5622d3ccd70ee
  F src/trigger.c 0905b96b04bb6658509f711a8207287f1315cdbc3df1a1b13ba6483c8e341c81
  F src/update.c 6904814dd62a7a93bbb86d9f1419c7f134a9119582645854ab02b36b676d9f92
  F src/upsert.c fa125a8d3410ce9a97b02cb50f7ae68a2476c405c76aa692d3acf6b8586e9242
  F src/utf.c f23165685a67b4caf8ec08fb274cb3f319103decfb2a980b7cfd55d18dfa855e
-F src/util.c ef37d377684d6f725773c15bfc1ef5b75483b4f3b6b6198d4b8b969831623be0
+F src/util.c 88484a62e2465728288ca6e5b10f30489058e66266f52c70e87663310298793b
  F src/vacuum.c 604fcdaebe76f3497c855afcbf91b8fa5046b32de3045bab89cc008d68e40104
  F src/vdbe.c 92910d536e0b77505599cd6ae5d9d449e4a5d31ada61da4c0bb84f6ccb2c3189
  F src/vdbe.h 88e19a982df9027ec1c177c793d1a5d34dc23d8f06e3b2d997f43688b05ee0eb
@@ -1355,7 +1355,7 @@ F test/like2.test d3be15fefee3e02fc88942a9b98f26c5339bbdef7783c90023c092c4955fe3
  F test/like3.test a76e5938fadbe6d32807284c796bafd869974a961057bc5fc5a28e06de98745c
  F test/limit.test 350f5d03c29e7dff9a2cde016f84f8d368d40bcd02fa2b2a52fa10c4bf3cbfaf
  F test/limit2.test 9409b033284642a859fafc95f29a5a6a557bd57c1f0d7c3f554bd64ed69df77e
-F test/literal.test e3d65d4091126cb008f31f57a324364511a83dd9461df31f60b5df6bd1f1f846
+F test/literal.test c4f6f281964ac5ab48a32bd978e80644affac822664879d7558762b2fad7aff5
  F test/literal2.tcl 1499037beaf661aeecdbe48801220a181d805372a64c6128d5f26bb6a4a8f0ce
  F test/literal2.test b149e16b5fc9ee6249069a8858ed41052f222014fe0ba7ad43c2fb989c2dada2
  F test/loadext.test faa4f6eed07a5aac35d57fdd7bc07f8fc82464cfd327567c10cf0ba3c86cde04
@@ -2161,8 +2161,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 81a56229460cc5b6acfd3c3729fcf89ea3cccb546ca2b4f4035b140c60911e18
-R 8fee7748a406cec8844b4286c6b28b8f
+P c063c89b11487e6e712b97de604db316fa97bcf91ed810bb2dcbbcb54c68dbf4
+R 92b3c6e9a0a36e247ccad3d6a5b99b6c
  U dan
-Z 6bae334234c9987a328b3a9421e4a531
+Z 62284248efaccf35cb9923c551aa2ba1
  # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid

index de37a7858c8868a0b6d34e49070a92bd03354921..66162263f58d4fa0749c82c26987d7af706f21ab 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-c063c89b11487e6e712b97de604db316fa97bcf91ed810bb2dcbbcb54c68dbf4
-\ No newline at end of file
+d57407ef59baf699b72c8c4859abfaa7977dd41f6f16eb8fe1d53a68806eb966
+\ No newline at end of file
diff --git a/src/parse.y b/src/parse.y

index b0d03a04eeede08f7c6532f61f4e0c4619b418ca..c26a9bccc24d4ebd44fbbd44247dffaf823417ca 100644 (file)
--- a/src/parse.y
+++ b/src/parse.y
@@ -1926,7 +1926,7 @@ filter_clause(A) ::= FILTER LP WHERE expr(X) RP.  { A = X; }
  
  term(A) ::= QNUMBER(X). {
    A=tokenExpr(pParse,@X,X);
-  sqlite3DequoteNumber(A);
+  sqlite3DequoteNumber(pParse, A);
  }
  
  /* There must be no more than 255 tokens defined above.  If this grammar
diff --git a/src/sqliteInt.h b/src/sqliteInt.h

index c4aaf9d2033a8997a07cc3c725a62cfb2eb4e7f8..2db491fc8126c85c4d9c8367be1cc42a64bafcb1 100644 (file)
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -4794,7 +4794,7 @@ int sqlite3ErrorToParser(sqlite3*,int);
  void sqlite3Dequote(char*);
  void sqlite3DequoteExpr(Expr*);
  void sqlite3DequoteToken(Token*);
-void sqlite3DequoteNumber(Expr*);
+void sqlite3DequoteNumber(Parse*, Expr*);
  void sqlite3TokenInit(Token*,char*);
  int sqlite3KeywordCode(const unsigned char*, int);
  int sqlite3RunParser(Parse*, const char*);
diff --git a/src/tokenize.c b/src/tokenize.c

index f01548d4cb56424dbc6ffa4dfd117d5f26489961..65d1fbf350bc234de4d62b77b12ee86027ad71b3 100644 (file)
--- a/src/tokenize.c
+++ b/src/tokenize.c
@@ -439,10 +439,7 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){
        if( z[0]=='0' && (z[1]=='x' || z[1]=='X') && sqlite3Isxdigit(z[2]) ){
          for(i=3; 1; i++){
            if( sqlite3Isxdigit(z[i])==0 ){
-            if( z[i]==SQLITE_DIGIT_SEPARATOR
-             && sqlite3Isxdigit(z[i-1])
-             && sqlite3Isxdigit(z[i+1])
-            ){
+            if( z[i]==SQLITE_DIGIT_SEPARATOR ){
                *tokenType = TK_QNUMBER;
              }else{
                break;
@@ -454,10 +451,7 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){
          {
          for(i=0; 1; i++){
            if( sqlite3Isdigit(z[i])==0 ){
-            if( z[i]==SQLITE_DIGIT_SEPARATOR
-             && sqlite3Isdigit(z[i-1])
-             && sqlite3Isdigit(z[i+1])
-            ){
+            if( z[i]==SQLITE_DIGIT_SEPARATOR ){
                *tokenType = TK_QNUMBER;
              }else{
                break;
@@ -469,10 +463,7 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){
            if( *tokenType==TK_INTEGER ) *tokenType = TK_FLOAT;
            for(i++; 1; i++){
              if( sqlite3Isdigit(z[i])==0 ){
-              if( z[i]==SQLITE_DIGIT_SEPARATOR
-               && sqlite3Isdigit(z[i-1])
-               && sqlite3Isdigit(z[i+1])
-              ){
+              if( z[i]==SQLITE_DIGIT_SEPARATOR ){
                  *tokenType = TK_QNUMBER;
                }else{
                  break;
@@ -488,10 +479,7 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){
            if( *tokenType==TK_INTEGER ) *tokenType = TK_FLOAT;
            for(i+=2; 1; i++){
              if( sqlite3Isdigit(z[i])==0 ){
-              if( z[i]==SQLITE_DIGIT_SEPARATOR
-               && sqlite3Isdigit(z[i-1])
-               && sqlite3Isdigit(z[i+1])
-              ){
+              if( z[i]==SQLITE_DIGIT_SEPARATOR ){
                  *tokenType = TK_QNUMBER;
                }else{
                  break;
diff --git a/src/util.c b/src/util.c

index ed7789591b9ee4586c802dfb27e6c03490aceeb6..5a88979fe47100a55cebf842ad98b1941de7ac84 100644 (file)
--- a/src/util.c
+++ b/src/util.c
@@ -316,21 +316,26 @@ void sqlite3DequoteExpr(Expr *p){
  ** and set the type to INTEGER or FLOAT. "Quoted" integers or floats are those
  ** that contain '_' characters that must be removed before further processing.
  */
-void sqlite3DequoteNumber(Expr *p){
+void sqlite3DequoteNumber(Parse *pParse, Expr *p){
    if( p ){
      const char *pIn = p->u.zToken;
      char *pOut = p->u.zToken;
+    int bHex = (pIn[0]=='0' && (pIn[1]=='x' || pIn[1]=='X'));
      assert( p->op==TK_QNUMBER );
      p->op = TK_INTEGER;
      do {
        if( *pIn!=SQLITE_DIGIT_SEPARATOR ){
          *pOut++ = *pIn;
          if( *pIn=='e' || *pIn=='E' || *pIn=='.' ) p->op = TK_FLOAT;
+      }else{
+        if( (bHex==0 && (!sqlite3Isdigit(pIn[-1]) || !sqlite3Isdigit(pIn[1])))
+         || (bHex==1 && (!sqlite3Isxdigit(pIn[-1]) || !sqlite3Isxdigit(pIn[1])))
+        ){
+          sqlite3ErrorMsg(pParse, "unrecognized token: \"%s\"", p->u.zToken);
+        }
        }
      }while( *pIn++ );
-    if( p->u.zToken[0]=='0' && (p->u.zToken[1]=='x' || p->u.zToken[1]=='X') ){
-      p->op = TK_INTEGER;
-    }
+    if( bHex ) p->op = TK_INTEGER;
    }
  }
  
diff --git a/test/literal.test b/test/literal.test

index fe6b70acf7af5652978b0af5306c04da42eb33e1..30205692c9d2f661643eec3b207e21f7220ce6a1 100644 (file)
--- a/test/literal.test
+++ b/test/literal.test
@@ -74,7 +74,7 @@ test_literal 3.8  -9_223_372_036_854_775_808 integer -9223372036854775808
  foreach {tn lit unrec} {
    0    123a456       123a456
    1    1_            1_
-  2    1_.4          1_
+  2    1_.4          1_.4
    3    1e_4          1e_4
    4    1_e4          1_e4
    5    1.4_e4        1.4_e4
@@ -86,7 +86,7 @@ foreach {tn lit unrec} {
    11   12__34        12__34
    12   1234_         1234_
    13   12._34        12._34
-  14   12_.34        12_
+  14   12_.34        12_.34
    15   12.34_        12.34_
    16   1.0e1_______2 1.0e1_______2 
  } {
author	dan <Dan Kennedy>
	Tue, 23 Jan 2024 11:20:58 +0000 (11:20 +0000)
committer	dan <Dan Kennedy>
	Tue, 23 Jan 2024 11:20:58 +0000 (11:20 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/parse.y		patch \| blob \| blame \| history
src/sqliteInt.h		patch \| blob \| blame \| history
src/tokenize.c		patch \| blob \| blame \| history
src/util.c		patch \| blob \| blame \| history
test/literal.test		patch \| blob \| blame \| history