From: drh <> Date: Wed, 6 Aug 2025 19:12:10 +0000 (+0000) Subject: Do not allow the number of terms in an ORDER BY or GROUP BY clause to X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e7440380c27a7c2bc2f37d8c8b0c654323060562;p=thirdparty%2Fsqlite.git Do not allow the number of terms in an ORDER BY or GROUP BY clause to exceed the maximum number of columns in a table. FossilOrigin-Name: 139e587c7b349e771d67a8b4ee02ab3ad5d5712d4ff4713dad63cb765bdee248 --- diff --git a/manifest b/manifest index 9b2b42e5bc..efb71e6679 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sWindows\smakefile\sbreakage\scaused\sby\s[ae9d7c9c922bb241]. -D 2025-08-06T19:05:39.163 +C Do\snot\sallow\sthe\snumber\sof\sterms\sin\san\sORDER\sBY\sor\sGROUP\sBY\sclause\sto\nexceed\sthe\smaximum\snumber\sof\scolumns\sin\sa\stable. +D 2025-08-06T19:12:10.640 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -692,7 +692,7 @@ F src/date.c 9db4d604e699a73e10b8e85a44db074a1f04c0591a77e2abfd77703f50dce1e9 F src/dbpage.c b3e218f8ed74fcbb7fa805df8ca669a3718d397617b3d8a8aac3307dc315c4d6 F src/dbstat.c 73362c0df0f40ad5523a6f5501224959d0976757b511299bf892313e79d14f5c F src/delete.c 03a77ba20e54f0f42ebd8eddf15411ed6bdb06a2c472ac4b6b336521bf7cea42 -F src/expr.c 12aeb13773920b48831d7b53018d5cc79e47b3bd8ae7c0fdfd28e6aab977821a +F src/expr.c 0cad74107489c688449d7fec47b605c61a75c6da707031dfc4c76d1ac75667b3 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fkey.c 928ed2517e8732113d2b9821aa37af639688d752f4ea9ac6e0e393d713eeb76f F src/func.c de47a8295503aa130baae5e6d9868ecf4f7c4dbffa65d83ad1f70bdbac0ee2d6 @@ -741,7 +741,7 @@ F src/printf.c 5f0c957af9699e849d786e8fbaa3baab648ca5612230dc17916434c14bc8698f F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c F src/resolve.c f8d1d011aba0964ff1bdccd049d4d2c2fec217efd90d202a4bb775e926b2c25d F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97 -F src/select.c a6be657216e1fb72f85dad7df0dba0eb79fe76527c08caa65da8fe44f0e4db44 +F src/select.c 639bac342c1fdc6be97ee806f5e9e4b0ed325889a3f24a17e955a6e9be99f510 F src/shell.c.in 7918c9355667b3b348e5850f0dad9095476ef942ee3b96ee9b8bc2710adda1da F src/sqlite.h.in b526a1eaa60096c9c043d7b128daf2764571e77413873888ee5582ca0141804c F src/sqlite3.rc 015537e6ac1eec6c7050e17b616c2ffe6f70fca241835a84a4f0d5937383c479 @@ -834,7 +834,7 @@ F test/affinity3.test 9b7d1133e11d5edd7805573c4ab6f3ba73b0b74a1f280d5b130d4bf350 F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2 F test/aggfault.test 777f269d0da5b0c2524c7ff6d99ae9a93db4f1b1839a914dd2a12e3035c29829 F test/aggnested.test 610b0ce2c3e8f3daee25f9752800ee8d785db10da4aa1fbeea0ea1aabaf1d704 -F test/aggorderby.test cc3abf5de64d46ff66395ca8c2346b66c2576d5aedb7bffc5b0742508856e3bf +F test/aggorderby.test 7be65e743f82ee49ba62da1c799e59341d23884a99edfe093df0cdfaac94cbbb F test/alias.test 4529fbc152f190268a15f9384a5651bbbabc9d87 F test/all.test cf929f721e20960ca9db89471fa44f9176322ba8f25e97193f91881c223643b3 F test/alter.test 3c00eff1e2036b9f93e9cd0f3d3e63750ac87ecb5bc71b9d7bd07cbf2ac4c494 @@ -2169,8 +2169,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7 F tool/warnings.sh 1ad0169b022b280bcaaf94a7fa231591be96b514230ab5c98fbf15cd7df842dd F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P da07e0c02fe7de7b67f2564c29f49f251ae2374c0e269d246bd13e68a9a73328 -R b5216907e49e2b01f564bdbfd4b1e713 +P c41324139d6a75b0d37aeec2b0572c63207dd0b06e6a99e4fb221be564e73024 +R ff8fc7a0636f2891dad81ba7e07039e4 U drh -Z dea4777b257de656f41a34569efd6ff5 +Z b671d1a9840887adc2a0dda22b668f5f # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 131ad1bc98..f21269ec6d 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -c41324139d6a75b0d37aeec2b0572c63207dd0b06e6a99e4fb221be564e73024 +139e587c7b349e771d67a8b4ee02ab3ad5d5712d4ff4713dad63cb765bdee248 diff --git a/src/expr.c b/src/expr.c index 67c97930da..f53e45cda7 100644 --- a/src/expr.c +++ b/src/expr.c @@ -1239,6 +1239,11 @@ void sqlite3ExprAddFunctionOrderBy( sqlite3ExprListDelete(db, pOrderBy); return; } + if( pOrderBy->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){ + sqlite3ErrorMsg(pParse, "too many terms in ORDER BY clause"); + sqlite3ExprListDelete(db, pOrderBy); + return; + } pOB = sqlite3ExprAlloc(db, TK_ORDER, 0, 0); if( pOB==0 ){ diff --git a/src/select.c b/src/select.c index db41cb493f..fb9425bf76 100644 --- a/src/select.c +++ b/src/select.c @@ -1546,7 +1546,10 @@ static void selectInnerLoop( */ KeyInfo *sqlite3KeyInfoAlloc(sqlite3 *db, int N, int X){ int nExtra = (N+X)*(sizeof(CollSeq*)+1); - KeyInfo *p = sqlite3DbMallocRawNN(db, SZ_KEYINFO(0) + nExtra); + KeyInfo *p; + assert( X>=0 ); + if( NEVER(N+X>0xffff) ) return (KeyInfo*)sqlite3OomFault(db); + p = sqlite3DbMallocRawNN(db, SZ_KEYINFO(0) + nExtra); if( p ){ p->aSortFlags = (u8*)&p->aColl[N+X]; p->nKeyField = (u16)N; diff --git a/test/aggorderby.test b/test/aggorderby.test index eed1f83a7e..466074815a 100644 --- a/test/aggorderby.test +++ b/test/aggorderby.test @@ -158,5 +158,17 @@ do_execsql_test aggorderby-9.3 { SELECT json_group_array(DISTINCT json(x) ORDER BY json(x)) FROM c; } {{[[1,1],[4,4],{"a":3},{"x":2}]}} +#------------------------------------------------------------------------- +reset_db +do_execsql_test aggorderby-10.0 { + CREATE TABLE t1(w, x); + INSERT INTO t1 VALUES(1, 2); +} + +for {set i 0} {$i < 70000} {incr i} { lappend lExpr x } +do_catchsql_test aggorderby-10.1 " + SELECT group_concat(w ORDER BY [join $lExpr ,]) FROM t1 +" {1 {too many terms in ORDER BY clause}} + finish_test