From: drh <> Date: Wed, 6 Aug 2025 19:19:52 +0000 (+0000) Subject: Do not allow the number of terms in an ORDER BY or GROUP BY clause to X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c580b148b01c99c3eb296e5ff8764e8ef39fce82;p=thirdparty%2Fsqlite.git Do not allow the number of terms in an ORDER BY or GROUP BY clause to exceed the maximum number of columns in a table. FossilOrigin-Name: cb41512386dd6e97869f56fc7be020682d203950a481bc9ae5b9094116a0c52a --- diff --git a/manifest b/manifest index 626899335e..cf29e9ae40 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Improved\sdefenses\sagainst\scorrupt\sZIP\sarchives\sin\sthe\szipfile\sextension. -D 2025-08-05T01:58:20.832 +C Do\snot\sallow\sthe\snumber\sof\sterms\sin\san\sORDER\sBY\sor\sGROUP\sBY\sclause\sto\nexceed\sthe\smaximum\snumber\sof\scolumns\sin\sa\stable. +D 2025-08-06T19:19:52.023 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -736,7 +736,7 @@ F src/date.c 9db4d604e699a73e10b8e85a44db074a1f04c0591a77e2abfd77703f50dce1e9 F src/dbpage.c fcb1aafe00872a8aff9a7aa0ef7ff1b01e5817ec7bbd521f8f3e1e674ac8d609 F src/dbstat.c 73362c0df0f40ad5523a6f5501224959d0976757b511299bf892313e79d14f5c F src/delete.c 03a77ba20e54f0f42ebd8eddf15411ed6bdb06a2c472ac4b6b336521bf7cea42 -F src/expr.c d966479195c66a36c06196daadf6ecc587ec7bad7081026f7b168d80cfddf659 +F src/expr.c 439dcb9cdd34389e69de467dfcea30f3160feaf46f84c16dbf73128691fccfc4 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fkey.c 928ed2517e8732113d2b9821aa37af639688d752f4ea9ac6e0e393d713eeb76f F src/func.c de47a8295503aa130baae5e6d9868ecf4f7c4dbffa65d83ad1f70bdbac0ee2d6 @@ -785,7 +785,7 @@ F src/printf.c 3b91c334f528359145f4dde0dedd945bbb21044d0825ea064934d7222d61662c F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c F src/resolve.c d40fe18d7c2fd0339f5846ffcf7d6809866e380acdf14c76fb2af87e9fe13f64 F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97 -F src/select.c 5c129b669317a1d57283055482b9c1e105199a7e47d69526491ca165d3376999 +F src/select.c 11675a82af91deab946dc15e17ff6f70f5b007ccc7b638818d1e70f767fd2cde F src/shell.c.in ba53a52dafb167ac6320703da741386c34fbcabe8c078a188bb9f89808e3ef8f F src/sqlite.h.in 9ae373d11e1b11ac9c81c508523ae37f1619e739858280078ee9fb4e1e62d3ed F src/sqlite3.rc 015537e6ac1eec6c7050e17b616c2ffe6f70fca241835a84a4f0d5937383c479 @@ -880,7 +880,7 @@ F test/affinity3.test 9b7d1133e11d5edd7805573c4ab6f3ba73b0b74a1f280d5b130d4bf350 F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2 F test/aggfault.test 777f269d0da5b0c2524c7ff6d99ae9a93db4f1b1839a914dd2a12e3035c29829 F test/aggnested.test 610b0ce2c3e8f3daee25f9752800ee8d785db10da4aa1fbeea0ea1aabaf1d704 -F test/aggorderby.test cc3abf5de64d46ff66395ca8c2346b66c2576d5aedb7bffc5b0742508856e3bf +F test/aggorderby.test 7be65e743f82ee49ba62da1c799e59341d23884a99edfe093df0cdfaac94cbbb F test/alias.test 4529fbc152f190268a15f9384a5651bbbabc9d87 F test/all.test cf929f721e20960ca9db89471fa44f9176322ba8f25e97193f91881c223643b3 F test/alter.test 3c00eff1e2036b9f93e9cd0f3d3e63750ac87ecb5bc71b9d7bd07cbf2ac4c494 @@ -2209,9 +2209,9 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7 F tool/warnings.sh 1ad0169b022b280bcaaf94a7fa231591be96b514230ab5c98fbf15cd7df842dd F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P aba0285ff293a64b2409c79a9fe58dd2f18830ee121b9f0cd470647ecbc97e68 -Q +642e89191deaf75db236102248c662aeef65bcd3dcbdfea694256583556be75f -R 89dfde611c12556e5117113c45862a20 +P d04c30b9f25383a422620355a02edee550c31349624b76a5ce8c7e4a03ce0f9a +Q +139e587c7b349e771d67a8b4ee02ab3ad5d5712d4ff4713dad63cb765bdee248 +R ec9fc00419a99160a5df88bd600b4a48 U drh -Z a8d73835d2d4cbeb7413a7837e680fd3 +Z f0c2e9a9a43a6532f3433d3a035358dd # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 1f0a757383..15b5fba818 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -d04c30b9f25383a422620355a02edee550c31349624b76a5ce8c7e4a03ce0f9a +cb41512386dd6e97869f56fc7be020682d203950a481bc9ae5b9094116a0c52a diff --git a/src/expr.c b/src/expr.c index b74bc11b0f..5127b89e55 100644 --- a/src/expr.c +++ b/src/expr.c @@ -1239,6 +1239,11 @@ void sqlite3ExprAddFunctionOrderBy( sqlite3ExprListDelete(db, pOrderBy); return; } + if( pOrderBy->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){ + sqlite3ErrorMsg(pParse, "too many terms in ORDER BY clause"); + sqlite3ExprListDelete(db, pOrderBy); + return; + } pOB = sqlite3ExprAlloc(db, TK_ORDER, 0, 0); if( pOB==0 ){ diff --git a/src/select.c b/src/select.c index dc4e87393c..09e0d5149b 100644 --- a/src/select.c +++ b/src/select.c @@ -1546,7 +1546,10 @@ static void selectInnerLoop( */ KeyInfo *sqlite3KeyInfoAlloc(sqlite3 *db, int N, int X){ int nExtra = (N+X)*(sizeof(CollSeq*)+1); - KeyInfo *p = sqlite3DbMallocRawNN(db, SZ_KEYINFO(0) + nExtra); + KeyInfo *p; + assert( X>=0 ); + if( NEVER(N+X>0xffff) ) return (KeyInfo*)sqlite3OomFault(db); + p = sqlite3DbMallocRawNN(db, SZ_KEYINFO(0) + nExtra); if( p ){ p->aSortFlags = (u8*)&p->aColl[N+X]; p->nKeyField = (u16)N; diff --git a/test/aggorderby.test b/test/aggorderby.test index eed1f83a7e..466074815a 100644 --- a/test/aggorderby.test +++ b/test/aggorderby.test @@ -158,5 +158,17 @@ do_execsql_test aggorderby-9.3 { SELECT json_group_array(DISTINCT json(x) ORDER BY json(x)) FROM c; } {{[[1,1],[4,4],{"a":3},{"x":2}]}} +#------------------------------------------------------------------------- +reset_db +do_execsql_test aggorderby-10.0 { + CREATE TABLE t1(w, x); + INSERT INTO t1 VALUES(1, 2); +} + +for {set i 0} {$i < 70000} {incr i} { lappend lExpr x } +do_catchsql_test aggorderby-10.1 " + SELECT group_concat(w ORDER BY [join $lExpr ,]) FROM t1 +" {1 {too many terms in ORDER BY clause}} + finish_test