From: drh <> Date: Thu, 10 Mar 2022 21:14:35 +0000 (+0000) Subject: Stronger defenses against corrupt schemas in the ALTER TABLE logic. X-Git-Tag: version-3.38.1~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=401697bb54d574110624e08bd28aab2adc08c413;p=thirdparty%2Fsqlite.git Stronger defenses against corrupt schemas in the ALTER TABLE logic. FossilOrigin-Name: 29744e69f473638796877bd073468046d4aeff209c0a0f30beee8c5f102112b6 --- diff --git a/manifest b/manifest index afc148ce10..9e56c96a54 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Doc\simprovements\sre\ssqlite3_column_text*()\sendianness\s(no\scode\schange) -D 2022-03-10T19:53:49.324 +C Stronger\sdefenses\sagainst\scorrupt\sschemas\sin\sthe\sALTER\sTABLE\slogic. +D 2022-03-10T21:14:35.345 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -485,7 +485,7 @@ F spec.template 86a4a43b99ebb3e75e6b9a735d5fd293a24e90ca F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786 F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a -F src/alter.c e31cae888bc3077e34f9a82c6b4a96e4e44d37861eeb6472d68a378f1e8e46ba +F src/alter.c 006325f8844c65d885b3ba469b4c08d9dd0cd3e9ec481d5bcff621f224cb2302 F src/analyze.c 7518b99e07c5494111fe3bd867f28f804b6c5c1ad0703ec3d116de9bab3fa516 F src/attach.c f26d400f3ffe2cdca01406bca70e5f58c5488bf165b4fc37c228136dfcf1b583 F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf @@ -495,7 +495,7 @@ F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 F src/btree.c 259413ef3018ff795f7934dcebc1268ed3d5e3076fb9ad645774002e8ed92940 F src/btree.h 74d64b8f28cfa4a894d14d4ed64fa432cd697b98b61708d4351482ae15913e22 F src/btreeInt.h 8be97d3939d626f734ec1b577efa4e6e186da00daf5b3227af199ca1c24cdd71 -F src/build.c 9891c2160886cf7e344d7e8f1f7177f9612916c7c67ffeacd64cb34a92d387a8 +F src/build.c a0cc68fe8172c0a31b54576f9c6c0fe6f7c82b1b5e1387afdd6a5a13132bc131 F src/callback.c 4c19af69835787bfe790ac560f3071a824eb629f34e41f97b52ce5235c77de1c F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e F src/ctime.c 2cce39df1a13e05b7633e6d21b651f21492471f991dd7b323a4ee4e7b7f0b7f1 @@ -643,7 +643,7 @@ F src/where.c baec5c64db111227b6c7f07f65d91706a51d9f8c72d3f3ec7e65c39450b592d0 F src/whereInt.h 15d2975c3b4c193c78c26674400a840da8647fe1777ae3b026e2d15937b38a03 F src/wherecode.c 84be340684393248b9f3ecbce9b87c8a6f818149b52302702ea0b8d2a9d51faf F src/whereexpr.c 2a71f5491798460c9590317329234d332d9eb1717cba4f3403122189a75c465e -F src/window.c 2eea25240cfe1bdbd23970d34b007ac29e31f808bef54c1e2df0e93fe3308ce6 +F src/window.c 731980c0887f7ec9859f5e0d3c69d5fbeb6e512a9e1d338935f53938eaba431e F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2 F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627 F test/affinity3.test eecb0dabee4b7765a8465439d5e99429279ffba23ca74a7eae270a452799f9e7 @@ -666,7 +666,7 @@ F test/alterlegacy.test f38c6d06cda39e1f7b955bbce57f2e3ef5b7cb566d3d1234502093e2 F test/altermalloc.test 167a47de41b5c638f5f5c6efb59784002b196fff70f98d9b4ed3cd74a3fb80c9 F test/altermalloc2.test 17fb3724c4b004c469c27dc4ef181608aa644555fbd3f3236767584f73747c81 F test/altermalloc3.test 55e606edf4b0acfbbd851ddfe93cfdddfae43d103644dcfd6008ae4ab3c44adf -F test/alterqf.test 3008318ba9e16b4ac0b5f83cf7683caa4b0a3154aafe3b4099838a250d4ba74a +F test/alterqf.test ff6c6f881485c29ed699b8ef4774864ca1b0c01a6c08f5cdd624a008e4b40fca F test/altertab.test 7273b8506eab46342be016af78028df49f3bd99037412f997a8f1011b37a6912 F test/altertab2.test 62597b6fd08feaba1b6bfe7d31dac6117c67e06dc9ce9c478a3abe75b5926de0 F test/altertab3.test 5929f522fd6fd708396ad9f317d4af9ff1a93e460df85bb1d54d4499eeb94960 @@ -1944,10 +1944,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 2c393228257490efcf609f3e428f0d02c74cbea48a28763b2414e69a4ced66da -Q +1f473099776249f774a285fa117316636e00c3ff030ba0f22ed5bd05641c1bc9 -Q +25b7f88fcb2bb1908abde109c1167c462efbb156b4a8a8f94d36202bd93ea433 -R d04b5609ab6e8e6c106630371a1e077f -U larrybr -Z 1a60ea63ca750484d919d79c98674151 +P a37c20d40f97570575abb1f1db31dbc934300e7f2294d38fe41850baedb3766f +Q +13fbde28173332522a7ad307c1aad2b83c9aa1fe737583afa2b29f6da4de6370 +R fe263abb91e610bebd0ba34714076a45 +U drh +Z 6c9414a267f7bdb0feace5f05a04d250 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 77cecce219..b037392f5a 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -a37c20d40f97570575abb1f1db31dbc934300e7f2294d38fe41850baedb3766f \ No newline at end of file +29744e69f473638796877bd073468046d4aeff209c0a0f30beee8c5f102112b6 \ No newline at end of file diff --git a/src/alter.c b/src/alter.c index 59b3bf0303..1ec74cdcc7 100644 --- a/src/alter.c +++ b/src/alter.c @@ -1131,19 +1131,21 @@ static int renameParseSql( ){ int rc; - db->init.iDb = bTemp ? 1 : sqlite3FindDbName(db, zDb); - - /* Parse the SQL statement passed as the first argument. If no error - ** occurs and the parse does not result in a new table, index or - ** trigger object, the database must be corrupt. */ sqlite3ParseObjectInit(p, db); + if( zSql==0 ){ + return SQLITE_NOMEM; + } + if( sqlite3StrNICmp(zSql,"CREATE ",7)!=0 ){ + return SQLITE_CORRUPT_BKPT; + } + db->init.iDb = bTemp ? 1 : sqlite3FindDbName(db, zDb); p->eParseMode = PARSE_MODE_RENAME; p->db = db; p->nQueryLoop = 1; - rc = zSql ? sqlite3RunParser(p, zSql) : SQLITE_NOMEM; + rc = sqlite3RunParser(p, zSql); if( db->mallocFailed ) rc = SQLITE_NOMEM; if( rc==SQLITE_OK - && p->pNewTable==0 && p->pNewIndex==0 && p->pNewTrigger==0 + && NEVER(p->pNewTable==0 && p->pNewIndex==0 && p->pNewTrigger==0) ){ rc = SQLITE_CORRUPT_BKPT; } diff --git a/src/build.c b/src/build.c index 58b0710660..f7614af625 100644 --- a/src/build.c +++ b/src/build.c @@ -2826,6 +2826,11 @@ void sqlite3EndTable( int addrInsLoop; /* Top of the loop for inserting rows */ Table *pSelTab; /* A table that describes the SELECT results */ + if( IN_SPECIAL_PARSE ){ + pParse->rc = SQLITE_ERROR; + pParse->nErr++; + return; + } regYield = ++pParse->nMem; regRec = ++pParse->nMem; regRowid = ++pParse->nMem; diff --git a/src/window.c b/src/window.c index 165d6c8f38..bed6ab636c 100644 --- a/src/window.c +++ b/src/window.c @@ -960,7 +960,7 @@ int sqlite3WindowRewrite(Parse *pParse, Select *p){ if( p->pWin && p->pPrior==0 && ALWAYS((p->selFlags & SF_WinRewrite)==0) - && !IN_RENAME_OBJECT + && ALWAYS(!IN_RENAME_OBJECT) ){ Vdbe *v = sqlite3GetVdbe(pParse); sqlite3 *db = pParse->db; diff --git a/test/alterqf.test b/test/alterqf.test index 400c4b6e79..423a9fa865 100644 --- a/test/alterqf.test +++ b/test/alterqf.test @@ -63,8 +63,7 @@ foreach {tn before after} { 10 {CREATE TABLE t2(abc, xyz CHECK (xyz != "123"))} {CREATE TABLE t2(abc, xyz CHECK (xyz != '123'))} - 11 { - CREATE TRIGGER ott AFTER UPDATE ON t1 BEGIN + 11 {CREATE TRIGGER ott AFTER UPDATE ON t1 BEGIN SELECT max("str", new."a") FROM t1 WHERE group_concat("b", ",") OVER (ORDER BY c||"str"); UPDATE t1 SET c= b + "str"; @@ -72,8 +71,7 @@ foreach {tn before after} { SELECT 1 FROM t1 AS o WHERE o."a" = "o.a" AND t1.b IN("t1.b") ); END; - } { - CREATE TRIGGER ott AFTER UPDATE ON t1 BEGIN + } {CREATE TRIGGER ott AFTER UPDATE ON t1 BEGIN SELECT max('str', new."a") FROM t1 WHERE group_concat("b", ',') OVER (ORDER BY c||'str'); UPDATE t1 SET c= b + 'str';