From: drh Date: Wed, 9 May 2007 20:31:29 +0000 (+0000) Subject: Fix a problem with strange expressions being fed to an ATTACH or DETACH X-Git-Tag: version-3.4.0~116 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b63f274589ae7b07bf5a448dc05532ccf5fc4386;p=thirdparty%2Fsqlite.git Fix a problem with strange expressions being fed to an ATTACH or DETACH statement. (CVS 3965) FossilOrigin-Name: 0c91dc9ee0c5d441a7789b631476515260cb887f --- diff --git a/manifest b/manifest index fbc3bd3483..90ccb17646 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\san\sobscure\scache\scorruption\sthat\scould\soccur\safter\san\sSQLITE_FULL\serror.\s(CVS\s3964) -D 2007-05-09T15:56:40 +C Fix\sa\sproblem\swith\sstrange\sexpressions\sbeing\sfed\sto\san\sATTACH\sor\sDETACH\nstatement.\s(CVS\s3965) +D 2007-05-09T20:31:30 F Makefile.in 87b200ad9970907f76df734d29dff3d294c10935 F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028 @@ -59,7 +59,7 @@ F sqlite3.def a96c1d0d39362b763d2ddba220a32da41a15c4b4 F sqlite3.pc.in 985b9bf34192a549d7d370e0f0b6b34a4f61369a F src/alter.c ca8fc4a3c7359379598dc12589b65c32eb88defd F src/analyze.c 4bbf5ddf9680587c6d4917e02e378b6037be3651 -F src/attach.c a674f72b5e4a02b81d0ae7e6e14c1a2f48e36491 +F src/attach.c ba628db0c2b6a362f036d017bf1196cdfe4ebb37 F src/auth.c 902f4722661c796b97f007d9606bd7529c02597f F src/btree.c ec0943dd89a7209ea3326ff29df7708f98c5596f F src/btree.h 1d527bf61ed176f980c34999d5793a0fd45dcf8c @@ -152,7 +152,7 @@ F test/altermalloc.test 19323e0f452834044c27a54c6e78554d706de7ba F test/analyze.test 2f55535aa335785db1a2f97d3f3831c16c09f8b0 F test/async.test 464dc7c7ccb144e8c82ecca429e6d7cd1c96bd6e F test/async2.test 81e4a1fd010c903eb3b763fdb4c4cad7a99afb14 -F test/attach.test c616a88eab6b6fd99b7b2fcf449420f14628bc0b +F test/attach.test cf289abdb120053136649efd1306ab9d47fa41b2 F test/attach2.test 0e6a7c54343c85dd877a1e86073a05176043ed40 F test/attach3.test eafcafb107585aecc2ed1569a77914138eef46a9 F test/attachmalloc.test 03eeddd06e685ddbe975efd51824e4941847e5f4 @@ -486,7 +486,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5 -P 9bf2c594a48a4661700f0833562ee2b3ff7b761c -R e6e433ce97807ce8e1a14237202d778b -U danielk1977 -Z 5e57374f56d07a6eac9a76bd05073c8d +P e8e879aca67dee959bab42627028964c474da72f +R d85fded0d2876aeef51189f8bdd48649 +U drh +Z 136b1067dae497c5894f3596fcc6c47e diff --git a/manifest.uuid b/manifest.uuid index 42a3f4d97a..9f9bffd5b2 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -e8e879aca67dee959bab42627028964c474da72f \ No newline at end of file +0c91dc9ee0c5d441a7789b631476515260cb887f \ No newline at end of file diff --git a/src/attach.c b/src/attach.c index c5f539a9fc..e3645d9392 100644 --- a/src/attach.c +++ b/src/attach.c @@ -11,7 +11,7 @@ ************************************************************************* ** This file contains code used to implement the ATTACH and DETACH commands. ** -** $Id: attach.c,v 1.59 2007/05/08 01:08:49 drh Exp $ +** $Id: attach.c,v 1.60 2007/05/09 20:31:30 drh Exp $ */ #include "sqliteInt.h" @@ -40,6 +40,10 @@ static int resolveAttachExpr(NameContext *pName, Expr *pExpr) if( pExpr ){ if( pExpr->op!=TK_ID ){ rc = sqlite3ExprResolveNames(pName, pExpr); + if( rc==SQLITE_OK && !sqlite3ExprIsConstant(pExpr) ){ + sqlite3ErrorMsg(pName->pParse, "invalid name: \"%T\"", &pExpr->span); + return SQLITE_ERROR; + } }else{ pExpr->op = TK_STRING; } diff --git a/test/attach.test b/test/attach.test index 6d93af1a5f..b0b7870b3d 100644 --- a/test/attach.test +++ b/test/attach.test @@ -12,7 +12,7 @@ # focus of this script is testing the ATTACH and DETACH commands # and related functionality. # -# $Id: attach.test,v 1.43 2006/05/25 12:17:32 drh Exp $ +# $Id: attach.test,v 1.44 2007/05/09 20:31:30 drh Exp $ # set testdir [file dirname $argv0] @@ -735,4 +735,13 @@ db close file delete -force test2.db file delete -force no-such-file +do_test attach-7.1 { + file delete -force test.db test.db-journal + sqlite3 db test.db + catchsql { + DETACH RAISE ( IGNORE ) IN ( SELECT "AAAAAA" . * ORDER BY + REGISTER LIMIT "AAAAAA" . "AAAAAA" OFFSET RAISE ( IGNORE ) NOT NULL ) + } +} {1 {invalid name: "RAISE ( IGNORE ) IN ( SELECT "AAAAAA" . * ORDER BY + REGISTER LIMIT "AAAAAA" . "AAAAAA" OFFSET RAISE ( IGNORE ) NOT NULL )"}} finish_test