From: drh Date: Tue, 8 May 2007 15:34:47 +0000 (+0000) Subject: Limit the length of the patterns on LIKE and GLOB to avoid problems with X-Git-Tag: version-3.4.0~131 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=beb818d1fdaf0d78c32b661aa52f239f2fc44b2a;p=thirdparty%2Fsqlite.git Limit the length of the patterns on LIKE and GLOB to avoid problems with deep recursion and N^2 behavior. (CVS 3950) FossilOrigin-Name: 42e6c826998e69462462b0787d3650246d36f3b5 --- diff --git a/manifest b/manifest index c06640c6dd..aca0229391 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Introduce\sthe\s(experimental)\ssqlite3_result_error_toobig()\sAPI\sthat\nfunction\simplementations\scan\suse\sto\ssignal\sSQLite\sthat\sthe\sfunction\nresult\sis\stoo\sbig\sto\srepresent.\s(CVS\s3949) -D 2007-05-08T15:15:02 +C Limit\sthe\slength\sof\sthe\spatterns\son\sLIKE\sand\sGLOB\sto\savoid\sproblems\swith\ndeep\srecursion\sand\sN^2\sbehavior.\s(CVS\s3950) +D 2007-05-08T15:34:48 F Makefile.in 87b200ad9970907f76df734d29dff3d294c10935 F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028 @@ -71,12 +71,12 @@ F src/date.c 263ef5b81b4ffdd80e8a830645798967bbbcfd05 F src/delete.c 5c0d89b3ef7d48fe1f5124bfe8341f982747fe29 F src/experimental.c 1b2d1a6cd62ecc39610e97670332ca073c50792b F src/expr.c 2f0f9f89efe9170e5e6ca5d5e93a9d5896fff5ac -F src/func.c f06e14b427725c1e07f59018cefc6178df0eb09d +F src/func.c 21a7e73009510e90f09759b5097481c68ca8dcd3 F src/hash.c 67b23e14f0257b69a3e8aa663e4eeadc1a2b6fd5 F src/hash.h 1b3f7e2609141fd571f62199fc38687d262e9564 F src/insert.c e595ca26805dfb3a9ebaabc28e7947c479f3b14d F src/legacy.c 388c71ad7fbcd898ba1bcbfc98a3ac954bfa5d01 -F src/limits.h a912a42c164f4e3dca1fbb2f062d503f523390be +F src/limits.h 6226e6157ee798b3f19c3fc969a0ae4832393476 F src/loadext.c afe4f4755dc49c36ef505748bbdddecb9f1d02a2 F src/main.c 35b340716319e88817493172aa63abe8be13b543 F src/malloc.c b89e31258a85158d15795bf87ae3ba007e56329b @@ -485,7 +485,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5 -P b1b74f06688fd90fcaf54cf95e2e7beeb5fc1040 -R 40ca2b4e3466e1b036e5014d465b679f +P 17c4235c492f746867c1d2b8621043b93f8aa10e +R 0a41035fc5149b0f6c2804cac4e2cff2 U drh -Z 55ff99acd1ae44d56a185a619d6a1cda +Z a17f2a395ca2369e7d20c7284dc12ad3 diff --git a/manifest.uuid b/manifest.uuid index 7e06b26b83..35366db907 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -17c4235c492f746867c1d2b8621043b93f8aa10e \ No newline at end of file +42e6c826998e69462462b0787d3650246d36f3b5 \ No newline at end of file diff --git a/src/func.c b/src/func.c index 6c3cfdb785..1326f2dd74 100644 --- a/src/func.c +++ b/src/func.c @@ -16,7 +16,7 @@ ** sqliteRegisterBuildinFunctions() found at the bottom of the file. ** All other code has file scope. ** -** $Id: func.c,v 1.149 2007/05/08 15:15:02 drh Exp $ +** $Id: func.c,v 1.150 2007/05/08 15:34:48 drh Exp $ */ #include "sqliteInt.h" #include @@ -535,8 +535,19 @@ static void likeFunc( int argc, sqlite3_value **argv ){ - const unsigned char *zA = sqlite3_value_text(argv[0]); - const unsigned char *zB = sqlite3_value_text(argv[1]); + const unsigned char *zA, *zB; + + /* Limit the length of the LIKE or GLOB pattern to avoid problems + ** of deep recursion and N*N behavior in patternCompare(). + */ + if( sqlite3_value_bytes(argv[1])>SQLITE_MAX_LIKE_PATTERN_LENGTH ){ + sqlite3_result_error(context, "LIKE or GLOB pattern too complex", -1); + return; + } + + + zA = sqlite3_value_text(argv[0]); + zB = sqlite3_value_text(argv[1]); int escape = 0; if( argc==3 ){ /* The escape character string must consist of a single UTF-8 character. @@ -556,6 +567,7 @@ static void likeFunc( #ifdef SQLITE_TEST sqlite3_like_count++; #endif + sqlite3_result_int(context, patternCompare(zA, zB, pInfo, escape)); } } diff --git a/src/limits.h b/src/limits.h index 6b4c9f6f66..ff7bdfde09 100644 --- a/src/limits.h +++ b/src/limits.h @@ -12,7 +12,7 @@ ** ** This file defines various limits of what SQLite can process. ** -** @(#) $Id: limits.h,v 1.4 2007/05/08 15:15:02 drh Exp $ +** @(#) $Id: limits.h,v 1.5 2007/05/08 15:34:48 drh Exp $ */ /* @@ -134,3 +134,11 @@ #ifndef SQLITE_MAX_PAGE_COUNT # define SQLITE_MAX_PAGE_COUNT 1073741823 #endif + +/* +** Maximum length (in bytes) of the pattern in a LIKE or GLOB +** operator. +*/ +#ifndef SQLITE_MAX_LIKE_PATTERN_LENGTH +# define SQLITE_MAX_LIKE_PATTERN_LENGTH 50000 +#endif