From: drh Date: Wed, 26 Mar 2008 12:46:23 +0000 (+0000) Subject: Make sure an imbalance in the number of columns on a compound SELECT is X-Git-Tag: version-3.6.10~1260 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ad27e76110c003fefad8fbe3bc59dd6c68aa9317;p=thirdparty%2Fsqlite.git Make sure an imbalance in the number of columns on a compound SELECT is detected and reported as an error before it can cause an assertion fault or array-bounds overflow in the code generator. Oops: part of the fix for ticket #3015 got included with this check-in by mistake. (CVS 4917) FossilOrigin-Name: 50de87dc808820a70d3a99277f532e418a2f97e2 --- diff --git a/manifest b/manifest index 3b36663289..8b0fdd7b8c 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Modify\sthe\s{quote:\sIdxDelete}\sopcode\sso\sthat\sit\stakes\san\sarray\sof\sregisters\srather\r\nthan\sa\srecord\sformed\susing\s{quote:\sMakeRecord.}\s\sThis\savoids\sa\sneedless\spacking\r\nand\sunpacking\sof\sthe\srecord\sto\sbe\sdeleted.\s(CVS\s4916) -D 2008-03-25T17:23:33 +C Make\ssure\san\simbalance\sin\sthe\snumber\sof\scolumns\son\sa\scompound\sSELECT\sis\r\ndetected\sand\sreported\sas\san\serror\sbefore\sit\scan\scause\san\sassertion\sfault\r\nor\sarray-bounds\soverflow\sin\sthe\scode\sgenerator.\r\nOops:\spart\sof\sthe\sfix\sfor\sticket\s#3015\sgot\sincluded\swith\sthis\r\ncheck-in\sby\smistake.\s(CVS\s4917) +D 2008-03-26T12:46:24 F Makefile.arm-wince-mingw32ce-gcc ac5f7b2cef0cd850d6f755ba6ee4ab961b1fadf7 F Makefile.in cf434ce8ca902e69126ae0f94fc9f7dc7428a5fa F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -135,12 +135,12 @@ F src/pragma.c 99cec6d99d0241436494aab15b05da97b0e70683 F src/prepare.c 185fb47f1fb3e45a345d523eb391d673f5eb367c F src/printf.c 05d2b44d7b5b80c8a4a09108ddad9c20e254370d F src/random.c 2b2db2de4ab491f5a14d3480466f8f4b5a5db74a -F src/select.c 831714d4f09f4b9f4be43d2399eff12dcf281c86 +F src/select.c 84f9392a7b39bae8351b19cde74d6806e2c51984 F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96 F src/shell.c 22297fffa6f00a6c6d44020fa13b1184a1bb372d F src/sqlite.h.in 61d8d1cefcbf0803c03c2179be138a78bfd1d335 F src/sqlite3ext.h faacd0e6a81aabee0861c6d7883c9172e74ef5b3 -F src/sqliteInt.h 50a9313829041721d34f20c8be4562c3197dcff9 +F src/sqliteInt.h db668a07004d53a47c5d570963842489c6c4c3f3 F src/sqliteLimit.h eecbc288b410ae5565e71aaa4a439aae57bb0707 F src/table.c 2c48c575dd59b3a6c5c306bc55f51a9402cf429a F src/tclsqlite.c 1367762764772a233643524c3585b4711a9adcda @@ -423,7 +423,7 @@ F test/schema2.test 35e1c9696443d6694c8980c411497c2b5190d32e F test/select1.test 871df931cbbc0e78170605628e8b5fc60765e265 F test/select2.test f3c2678c3a9f3cf08ec4988a3845bda64be6d9e3 F test/select3.test 2ce595f8fb8e2ac10071d3b4e424cadd4634a054 -F test/select4.test ba1c276ce20376c3bfe682ad8233c0a63fac04c6 +F test/select4.test 7cc135c8343e6e433bdad185de6a720b112c40e7 F test/select5.test 5ad14ea338aada2e6394ba98fa9aa40e3e50aec0 F test/select6.test 399f14b9ba37b768afe5d2cd8c12e4f340a69db8 F test/select7.test 7906735805cfbee4dddc0bed4c14e68d7f5f9c5f @@ -617,7 +617,7 @@ F www/tclsqlite.tcl 8be95ee6dba05eabcd27a9d91331c803f2ce2130 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5 -P 24c3ebc0c5c53c234516d16dce761d713fb29578 -R 66dfc33f9c0d1eba54064363b17cc27e +P ee381b43563e1b0637ee74389d076dff77deddf9 +R f3e75355d329511babf6e18fb8f87503 U drh -Z 040d5190ae2e9926a42f3065a9864529 +Z bd0897ff66b66f3a439dad571ea8c95d diff --git a/manifest.uuid b/manifest.uuid index 6d2ac4b616..0a560ee356 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -ee381b43563e1b0637ee74389d076dff77deddf9 \ No newline at end of file +50de87dc808820a70d3a99277f532e418a2f97e2 \ No newline at end of file diff --git a/src/select.c b/src/select.c index 8167056ba4..57f6e40434 100644 --- a/src/select.c +++ b/src/select.c @@ -12,7 +12,7 @@ ** This file contains C code routines that are called by the parser ** to handle SELECT statements in SQLite. ** -** $Id: select.c,v 1.419 2008/03/25 17:23:33 drh Exp $ +** $Id: select.c,v 1.420 2008/03/26 12:46:24 drh Exp $ */ #include "sqliteInt.h" @@ -41,6 +41,7 @@ void sqlite3SelectDestInit(SelectDest *pDest, int eDest, int iParm){ pDest->iParm = iParm; pDest->affinity = 0; pDest->iMem = 0; + pDest->nMem = 0; } @@ -235,7 +236,8 @@ static void addWhereTerm( const Table *pTab2, /* Second table */ const char *zAlias2, /* Alias for second table. May be NULL */ int iRightJoinTable, /* VDBE cursor for the right table */ - Expr **ppExpr /* Add the equality term to this expression */ + Expr **ppExpr, /* Add the equality term to this expression */ + int isOuterJoin /* True if dealing with an OUTER join */ ){ Expr *pE1a, *pE1b, *pE1c; Expr *pE2a, *pE2b, *pE2c; @@ -254,7 +256,7 @@ static void addWhereTerm( pE1c = sqlite3PExpr(pParse, TK_DOT, pE1b, pE1a, 0); pE2c = sqlite3PExpr(pParse, TK_DOT, pE2b, pE2a, 0); pE = sqlite3PExpr(pParse, TK_EQ, pE1c, pE2c, 0); - if( pE ){ + if( pE && isOuterJoin ){ ExprSetProperty(pE, EP_FromJoin); pE->iRightJoinTable = iRightJoinTable; } @@ -322,8 +324,10 @@ static int sqliteProcessJoin(Parse *pParse, Select *p){ for(i=0; inSrc-1; i++, pRight++, pLeft++){ Table *pLeftTab = pLeft->pTab; Table *pRightTab = pRight->pTab; + int isOuter; if( pLeftTab==0 || pRightTab==0 ) continue; + isOuter = (pRight->jointype & JT_OUTER)!=0; /* When the NATURAL keyword is present, add WHERE clause terms for ** every column that the two tables have in common. @@ -339,7 +343,7 @@ static int sqliteProcessJoin(Parse *pParse, Select *p){ if( columnIndex(pRightTab, zName)>=0 ){ addWhereTerm(pParse, zName, pLeftTab, pLeft->zAlias, pRightTab, pRight->zAlias, - pRight->iCursor, &p->pWhere); + pRight->iCursor, &p->pWhere, isOuter); } } @@ -357,7 +361,7 @@ static int sqliteProcessJoin(Parse *pParse, Select *p){ ** an AND operator. */ if( pRight->pOn ){ - setJoinExpr(pRight->pOn, pRight->iCursor); + if( isOuter ) setJoinExpr(pRight->pOn, pRight->iCursor); p->pWhere = sqlite3ExprAnd(pParse->db, p->pWhere, pRight->pOn); pRight->pOn = 0; } @@ -380,7 +384,7 @@ static int sqliteProcessJoin(Parse *pParse, Select *p){ } addWhereTerm(pParse, zName, pLeftTab, pLeft->zAlias, pRightTab, pRight->zAlias, - pRight->iCursor, &p->pWhere); + pRight->iCursor, &p->pWhere, isOuter); } } } @@ -543,6 +547,9 @@ static void selectInnerLoop( } if( pDest->iMem==0 ){ pDest->iMem = sqlite3GetTempRange(pParse, nResultCol); + pDest->nMem = nResultCol; + }else if( pDest->nMem!=nResultCol ){ + return; } regResult = pDest->iMem; if( nColumn>0 ){ @@ -2268,6 +2275,7 @@ static int multiSelect( multi_select_end: pDest->iMem = dest.iMem; + pDest->nMem = dest.nMem; return rc; } #endif /* SQLITE_OMIT_COMPOUND_SELECT */ diff --git a/src/sqliteInt.h b/src/sqliteInt.h index b5abcd6612..1b94f61a06 100644 --- a/src/sqliteInt.h +++ b/src/sqliteInt.h @@ -11,7 +11,7 @@ ************************************************************************* ** Internal interface definitions for SQLite. ** -** @(#) $Id: sqliteInt.h,v 1.680 2008/03/25 17:23:33 drh Exp $ +** @(#) $Id: sqliteInt.h,v 1.681 2008/03/26 12:46:24 drh Exp $ */ #ifndef _SQLITEINT_H_ #define _SQLITEINT_H_ @@ -1423,6 +1423,7 @@ struct SelectDest { u8 affinity; /* Affinity used when eDest==SRT_Set */ int iParm; /* A parameter used by the eDest disposal method */ int iMem; /* Base register where results are written */ + int nMem; /* Number of registers allocated */ }; /* diff --git a/test/select4.test b/test/select4.test index 71feb3e94a..1d3b2c6dcd 100644 --- a/test/select4.test +++ b/test/select4.test @@ -12,7 +12,7 @@ # focus of this file is testing UNION, INTERSECT and EXCEPT operators # in SELECT statements. # -# $Id: select4.test,v 1.26 2008/01/16 18:20:42 danielk1977 Exp $ +# $Id: select4.test,v 1.27 2008/03/26 12:46:25 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl @@ -662,11 +662,135 @@ do_test select4-10.8 { } } {} do_test select4-10.9 { -breakpoint execsql { SELECT DISTINCT max(n), log FROM t1 ORDER BY +log; -- LIMIT 2 OFFSET 1 } } {31 5} +# Make sure compound SELECTs with wildly different numbers of columns +# do not cause assertion faults due to register allocation issues. +# +do_test select4-11.1 { + catchsql { + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + UNION + SELECT x FROM t2 + } +} {1 {SELECTs to the left and right of UNION do not have the same number of result columns}} +do_test select4-11.2 { + catchsql { + SELECT x FROM t2 + UNION + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + } +} {1 {SELECTs to the left and right of UNION do not have the same number of result columns}} +do_test select4-11.3 { + catchsql { + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + UNION ALL + SELECT x FROM t2 + } +} {1 {SELECTs to the left and right of UNION ALL do not have the same number of result columns}} +do_test select4-11.4 { + catchsql { + SELECT x FROM t2 + UNION ALL + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + } +} {1 {SELECTs to the left and right of UNION ALL do not have the same number of result columns}} +do_test select4-11.5 { + catchsql { + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + EXCEPT + SELECT x FROM t2 + } +} {1 {SELECTs to the left and right of EXCEPT do not have the same number of result columns}} +do_test select4-11.6 { + catchsql { + SELECT x FROM t2 + EXCEPT + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + } +} {1 {SELECTs to the left and right of EXCEPT do not have the same number of result columns}} +do_test select4-11.7 { + catchsql { + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + INTERSECT + SELECT x FROM t2 + } +} {1 {SELECTs to the left and right of INTERSECT do not have the same number of result columns}} +do_test select4-11.8 { + catchsql { + SELECT x FROM t2 + INTERSECT + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + } +} {1 {SELECTs to the left and right of INTERSECT do not have the same number of result columns}} + +do_test select4-11.11 { + catchsql { + SELECT x FROM t2 + UNION + SELECT x FROM t2 + UNION ALL + SELECT x FROM t2 + EXCEPT + SELECT x FROM t2 + INTERSECT + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + } +} {1 {SELECTs to the left and right of INTERSECT do not have the same number of result columns}} +do_test select4-11.12 { + catchsql { + SELECT x FROM t2 + UNION + SELECT x FROM t2 + UNION ALL + SELECT x FROM t2 + EXCEPT + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + EXCEPT + SELECT x FROM t2 + } +} {1 {SELECTs to the left and right of EXCEPT do not have the same number of result columns}} +do_test select4-11.13 { + catchsql { + SELECT x FROM t2 + UNION + SELECT x FROM t2 + UNION ALL + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + UNION ALL + SELECT x FROM t2 + EXCEPT + SELECT x FROM t2 + } +} {1 {SELECTs to the left and right of UNION ALL do not have the same number of result columns}} +do_test select4-11.14 { + catchsql { + SELECT x FROM t2 + UNION + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + UNION + SELECT x FROM t2 + UNION ALL + SELECT x FROM t2 + EXCEPT + SELECT x FROM t2 + } +} {1 {SELECTs to the left and right of UNION do not have the same number of result columns}} +do_test select4-11.15 { + catchsql { + SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2 + UNION + SELECT x FROM t2 + INTERSECT + SELECT x FROM t2 + UNION ALL + SELECT x FROM t2 + EXCEPT + SELECT x FROM t2 + } +} {1 {SELECTs to the left and right of UNION do not have the same number of result columns}} finish_test