From: drh <drh@noemail.net>
Date: Fri, 17 Jan 2020 15:33:47 +0000 (+0000)
Subject: More restrictions on changes to shadow tables when in defensive mode.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=39ca0d51e5425e284de7df1aead589551fd61501;p=thirdparty%2Fsqlite.git

More restrictions on changes to shadow tables when in defensive mode.

FossilOrigin-Name: b302b260ca9a4ca3d84771d9157fb1fc0b0e1ba175638f0c006cdf94f92a19c9
---

diff --git a/manifest b/manifest
index 87411b8a72..50aea4655b 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Validate\sthe\stype,\sname,\sand\stbl_name\sfields\sof\sthe\ssqlite_master\stable\swhen\nloading\sthe\sschema,\sunless\swritable_schema\sis\sengaged.
-D 2020-01-17T15:24:13.730
+C More\srestrictions\son\schanges\sto\sshadow\stables\swhen\sin\sdefensive\smode.
+D 2020-01-17T15:33:47.016
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -452,7 +452,7 @@ F spec.template 86a4a43b99ebb3e75e6b9a735d5fd293a24e90ca
 F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b
 F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786
 F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a
-F src/alter.c 00814c584a2792dcb41004b4fbedda35dc16bc2295b0a2c0995e04ecc27244a4
+F src/alter.c d8f927946f25d6a39a344e18db52d1ca492ce561e9b8c4b985fc580bc050bb93
 F src/analyze.c 58db66344a5c58dcabb57f26696f6f2993956c830446da40b444051d2fdaf644
 F src/attach.c 78e986baee90cb7b83fb9eafa79c22581a8ada14030fd633b0683c95cf11213c
 F src/auth.c 0fac71038875693a937e506bceb492c5f136dd7b1249fbd4ae70b4e8da14f9df
@@ -462,14 +462,14 @@ F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
 F src/btree.c 958939f608e351a36756e3749596472baa0e5aae54eebd14e6beffe7a68aafc7
 F src/btree.h c11446f07ec0e9dc85af8041cb0855c52f5359c8b2a43e47e02a685282504d89
 F src/btreeInt.h 6111c15868b90669f79081039d19e7ea8674013f907710baa3c814dc3f8bfd3f
-F src/build.c 66af916c1c755b475f17a8c69ef550effd4750ad9be168b0a1a6d274635411dd
+F src/build.c 04bc5a6b6331a30348e59222ab132ecde7cf5dc04c0915a2182b0609d1ab3df0
 F src/callback.c 25dda5e1c2334a367b94a64077b1d06b2553369f616261ca6783c48bcb6bda73
 F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e
 F src/ctime.c 109e58d00f62e8e71ee1eb5944ac18b90171c928ab2e082e058056e1137cc20b
 F src/date.c ebe1dc7c8a347117bb02570f1a931c62dd78f4a2b1b516f4837d45b7d6426957
 F src/dbpage.c 135eb3b5e74f9ef74bde5cec2571192c90c86984fa534c88bf4a055076fa19b7
 F src/dbstat.c c12833de69cb655751487d2c5a59607e36be1c58ba1f4bd536609909ad47b319
-F src/delete.c d08c9e01a2664afd12edcfa3a9c6578517e8ff8735f35509582693adbe0edeaf
+F src/delete.c e12b572e82eb8127627f09acd5ff2b5f180d983922e2782f7c09ad455e7a547e
 F src/expr.c e100212835d20498780e7c6d2bdb16c677ecc04350fb75db3bf192a86ba48c92
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c bd0138acdc008c1845ccf92f8e73787880562de649471804801c06fed814c765
@@ -523,7 +523,7 @@ F src/shell.c.in c1986496062f9dba4ed5b70db06b5e0f32e1954cdcfab0b30372c6c18679681
 F src/sqlite.h.in 59f5e145b8d7a915ca29c6bf4a1f00e3112c1605c9ac5c627c45060110332ba2
 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
 F src/sqlite3ext.h 9ecc93b8493bd20c0c07d52e2ac0ed8bab9b549c7f7955b59869597b650dd8b5
-F src/sqliteInt.h 6013f8633a448ea08c8540ba3260ae6082817ea1fb230d54d74534d4d394df73
+F src/sqliteInt.h 1c6c05fa6463b3ab906385be3957b91f9ace0812e8cf5e3e0fef2460748954f3
 F src/sqliteLimit.h 1513bfb7b20378aa0041e7022d04acb73525de35b80b252f1b83fedb4de6a76b
 F src/status.c 46e7aec11f79dad50965a5ca5fa9de009f7d6bde08be2156f1538a0a296d4d0e
 F src/table.c b46ad567748f24a326d9de40e5b9659f96ffff34
@@ -626,7 +626,7 @@ F test/altercol.test 54374d2ba18af25bb24e23acf18a60270d4ec120b7ec0558078b59d5aa1
 F test/alterlegacy.test 82022721ce0de29cedc9a7af63bc9fcc078b0ee000f8283b4b6ea9c3eab2f44b
 F test/altermalloc.test 167a47de41b5c638f5f5c6efb59784002b196fff70f98d9b4ed3cd74a3fb80c9
 F test/altermalloc2.test fa7b1c1139ea39b8dec407cf1feb032ca8e0076bd429574969b619175ad0174b
-F test/altertab.test d85205b033f897665a99395ac351acad2f1a2de8d683540c73bfb6023e026d40
+F test/altertab.test 784e2afcff47b32cb828f8255eda9af7209fb780de9be6663d9db2343e90e966
 F test/altertab2.test 5d423a2d1006085b05cc1b788863d5a860ea2da21c4f892d15e2f2a34c78348a
 F test/altertab3.test 40f2ce9be675e354d3e55c72f8baf38813be975ff4dd9e6b3144493c3c5bc033
 F test/amatch1.test b5ae7065f042b7f4c1c922933f4700add50cdb9f
@@ -1819,8 +1819,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P ad1f760f164c819eac24597dd621586933c8ca77f79efd2e4773f5599e089c5e
-Q +724f4df9ccc2b683f7091a3f7a8c20ee210f44d7a610cd1b4c49da1c274add08
-R dca847b9ecccaa71c64d4a1b4d2ddb68
+P 3d13fbf248e6bcb997c301530ee834c6f1fc21add7f46b673d0f63e986c60680
+Q +bae76a5c40703871e5ce4cd23d6fae5a3836606f524a63b01ac828c7a602c5e9
+R 7230baf225f211623f4374c603bd2984
 U drh
-Z 54c6427e345328d9cbde0765658ffd7c
+Z e1f180b43db8438d3863baaa86946231
diff --git a/manifest.uuid b/manifest.uuid
index 27d5caa111..21a6e227cb 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-3d13fbf248e6bcb997c301530ee834c6f1fc21add7f46b673d0f63e986c60680
\ No newline at end of file
+b302b260ca9a4ca3d84771d9157fb1fc0b0e1ba175638f0c006cdf94f92a19c9
\ No newline at end of file
diff --git a/src/alter.c b/src/alter.c
index 5d910bb985..6d846084d1 100644
--- a/src/alter.c
+++ b/src/alter.c
@@ -31,9 +31,8 @@
 static int isAlterableTable(Parse *pParse, Table *pTab){
   if( 0==sqlite3StrNICmp(pTab->zName, "sqlite_", 7) 
 #ifndef SQLITE_OMIT_VIRTUALTABLE
-   || ( (pTab->tabFlags & TF_Shadow) 
-     && (pParse->db->flags & SQLITE_Defensive)
-     && pParse->db->nVdbeExec==0
+   || ( (pTab->tabFlags & TF_Shadow)!=0
+        && sqlite3ReadOnlyShadowTables(pParse->db)
    )
 #endif
   ){
diff --git a/src/build.c b/src/build.c
index c16f6032a0..b4434d080f 100644
--- a/src/build.c
+++ b/src/build.c
@@ -850,13 +850,14 @@ int sqlite3CheckObjectName(
       return SQLITE_ERROR;
     }
   }else{
-    if( pParse->nested==0 
-     && 0==sqlite3StrNICmp(zName, "sqlite_", 7)
+    if( (pParse->nested==0 && 0==sqlite3StrNICmp(zName, "sqlite_", 7))
+     || (sqlite3ReadOnlyShadowTables(db) && sqlite3ShadowTableName(db, zName))
     ){
       sqlite3ErrorMsg(pParse, "object name reserved for internal use: %s",
                       zName);
       return SQLITE_ERROR;
     }
+
   }
   return SQLITE_OK;
 }
@@ -1939,7 +1940,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
 ** zName is temporarily modified while this routine is running, but is
 ** restored to its original value prior to this routine returning.
 */
-static int isShadowTableName(sqlite3 *db, char *zName){
+int sqlite3ShadowTableName(sqlite3 *db, const char *zName){
   char *zTail;                  /* Pointer to the last "_" in zName */
   Table *pTab;                  /* Table that zName is a shadow of */
   Module *pMod;                 /* Module for the virtual table */
@@ -1957,8 +1958,6 @@ static int isShadowTableName(sqlite3 *db, char *zName){
   if( pMod->pModule->xShadowName==0 ) return 0;
   return pMod->pModule->xShadowName(zTail+1);
 }
-#else
-# define isShadowTableName(x,y) 0
 #endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
 
 /*
@@ -2000,7 +1999,7 @@ void sqlite3EndTable(
   p = pParse->pNewTable;
   if( p==0 ) return;
 
-  if( pSelect==0 && isShadowTableName(db, p->zName) ){
+  if( pSelect==0 && sqlite3ShadowTableName(db, p->zName) ){
     p->tabFlags |= TF_Shadow;
   }
 
@@ -2682,18 +2681,33 @@ void sqlite3CodeDropTable(Parse *pParse, Table *pTab, int iDb, int isView){
   sqliteViewResetAll(db, iDb);
 }
 
+/*
+** Return TRUE if shadow tables should be read-only in the current
+** context.
+*/
+int sqlite3ReadOnlyShadowTables(sqlite3 *db){
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if( (db->flags & SQLITE_Defensive)!=0
+   && db->pVtabCtx==0
+   && db->nVdbeExec==0
+  ){
+    return 1;
+  }
+#endif
+  return 0;
+}
+
 /*
 ** Return true if it is not allowed to drop the given table
 */
-static int tableMayNotBeDropped(Parse *pParse, Table *pTab){
+static int tableMayNotBeDropped(sqlite3 *db, Table *pTab){
   if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0 ){
     if( sqlite3StrNICmp(pTab->zName+7, "stat", 4)==0 ) return 0;
     if( sqlite3StrNICmp(pTab->zName+7, "parameters", 10)==0 ) return 0;
     return 1;
   }
-  if( pTab->tabFlags & TF_Shadow ){
-    sqlite3 *db = pParse->db;
-    if( (db->flags & SQLITE_Defensive)!=0 && db->nVdbeExec==0 ) return 1;
+  if( (pTab->tabFlags & TF_Shadow)!=0 && sqlite3ReadOnlyShadowTables(db) ){
+    return 1;
   }
   return 0;
 }
@@ -2767,7 +2781,7 @@ void sqlite3DropTable(Parse *pParse, SrcList *pName, int isView, int noErr){
     }
   }
 #endif
-  if( tableMayNotBeDropped(pParse, pTab) ){
+  if( tableMayNotBeDropped(db, pTab) ){
     sqlite3ErrorMsg(pParse, "table %s may not be dropped", pTab->zName);
     goto exit_drop_table;
   }
diff --git a/src/delete.c b/src/delete.c
index e3a0abc2c0..e03cc22ebb 100644
--- a/src/delete.c
+++ b/src/delete.c
@@ -70,11 +70,7 @@ static int tabIsReadOnly(Parse *pParse, Table *pTab){
     return sqlite3WritableSchema(db)==0 && pParse->nested==0;
   }
   assert( pTab->tabFlags & TF_Shadow );
-  return (db->flags & SQLITE_Defensive)!=0 
-#ifndef SQLITE_OMIT_VIRTUALTABLE
-          && db->pVtabCtx==0
-#endif
-          && db->nVdbeExec==0;
+  return sqlite3ReadOnlyShadowTables(db);
 }
 
 /*
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index 9ce759f9de..5dab3e7a4c 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -4437,6 +4437,12 @@ void sqlite3AutoLoadExtensions(sqlite3*);
    );
 #  define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0)
 #endif
+int sqlite3ReadOnlyShadowTables(sqlite3 *db);
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  int sqlite3ShadowTableName(sqlite3 *db, const char *zName);
+#else
+# define sqlite3ShadowTableName(A,B) 0
+#endif
 int sqlite3VtabEponymousTableInit(Parse*,Module*);
 void sqlite3VtabEponymousTableClear(sqlite3*,Module*);
 void sqlite3VtabMakeWritable(Parse*,Table*);
diff --git a/test/altertab.test b/test/altertab.test
index 891b081500..0705abc267 100644
--- a/test/altertab.test
+++ b/test/altertab.test
@@ -547,13 +547,29 @@ ifcapable fts3 {
   } {1 {table y1_segments may not be modified}}
 
   do_catchsql_test 16.20 {
-    ALTER TABLE y1_segments RENAME TO abc;
-  } {1 {table y1_segments may not be altered}}
-
-  do_catchsql_test 16.21 {
     DROP TABLE y1_segments;
   } {1 {table y1_segments may not be dropped}}
 
+  do_catchsql_test 16.20 {
+    ALTER TABLE y1_segments RENAME TO abc;
+  } {1 {table y1_segments may not be altered}}
+  sqlite3_db_config db DEFENSIVE 0
+  do_catchsql_test 16.22 {
+    ALTER TABLE y1_segments RENAME TO abc;
+  } {0 {}}
+  sqlite3_db_config db DEFENSIVE 1
+  do_catchsql_test 16.23 {
+    CREATE TABLE y1_segments AS SELECT * FROM abc;
+  } {1 {object name reserved for internal use: y1_segments}}
+  do_catchsql_test 16.24 {
+    CREATE VIEW y1_segments AS SELECT * FROM abc;
+  } {1 {object name reserved for internal use: y1_segments}}
+  sqlite3_db_config db DEFENSIVE 0
+  do_catchsql_test 16.25 {
+    ALTER TABLE abc RENAME TO y1_segments;
+  } {0 {}}
+  sqlite3_db_config db DEFENSIVE 1
+
   do_execsql_test 16.30 {
     ALTER TABLE y1 RENAME TO z1;
   }