From: drh Date: Tue, 15 May 2007 09:00:14 +0000 (+0000) Subject: Do not allow bytes 0x80 through 0xBF to be the first character of an X-Git-Tag: version-3.4.0~82 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eab7f3fe8db327632dbef21188c07e3618410470;p=thirdparty%2Fsqlite.git Do not allow bytes 0x80 through 0xBF to be the first character of an identifer because no valid UTF-8 character can begin with those bytes. If we allowed an identifier to begin with one of those bytes, then the substr() function in ALTER TABLE will not work correctly. (CVS 4003) FossilOrigin-Name: 252810424d8c4dcd19b369d62027094df7cf0bcc --- diff --git a/manifest b/manifest index bec706efd8..a85aa833da 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\ssome\stest\sscript\serrors\sin\sfuzz.test.\s(CVS\s4002) -D 2007-05-15T07:14:33 +C Do\snot\sallow\sbytes\s0x80\sthrough\s0xBF\sto\sbe\sthe\sfirst\scharacter\sof\san\nidentifer\sbecause\sno\svalid\sUTF-8\scharacter\scan\sbegin\swith\sthose\sbytes.\nIf\swe\sallowed\san\sidentifier\sto\sbegin\swith\sone\sof\sthose\sbytes,\sthen\sthe\nsubstr()\sfunction\sin\sALTER\sTABLE\swill\snot\swork\scorrectly.\s(CVS\s4003) +D 2007-05-15T09:00:15 F Makefile.in 87b200ad9970907f76df734d29dff3d294c10935 F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028 @@ -126,7 +126,7 @@ F src/test_md5.c 6c42bc0a3c0b54be34623ff77a0eec32b2fa96e3 F src/test_schema.c ced72140a3a25c148975428e170ec1850d3c3a7d F src/test_server.c a6460daed0b92ecbc2531b6dc73717470e7a648c F src/test_tclvar.c 315e77c17f128ff8c06b38c08617fd07c825a95b -F src/tokenize.c be3524e7f626340032108f40eecd6f6eb39b4b73 +F src/tokenize.c 9aa8e3f06f56a700ef498582dae431be3d5c4f4c F src/trigger.c 420192efe3e6f03addf7897c60c3c8bf913d3493 F src/update.c 3359041db390a8f856d67272f299600e2104f350 F src/utf.c be7c64eed83fa3c01e0c42905e1c311dcd1be704 @@ -145,7 +145,7 @@ F src/where.c f3920748cc650fc25ac916215500bdb90dee568e F tclinstaller.tcl 4356d9d94d2b5ed5e68f9f0c80c4df3048dd7617 F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2 F test/all.test 93a40a7612b3c5e6efd1f5b98496a8b02a45cfdb -F test/alter.test 1513354e75cad76180d2ac06a20665193210c0d7 +F test/alter.test e2b5ccf30f11cfe61693c7e8620a6691e6a504e1 F test/alter2.test 50c3f554b8236d179d72511c0a4f23c5eb7f2af3 F test/alter3.test a6eec8f454be9b6ce73d8d7dc711453675a10ce7 F test/altermalloc.test 19323e0f452834044c27a54c6e78554d706de7ba @@ -491,7 +491,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5 -P da0c1ab4deedd2b952a43b3af6962a9403f8c9ee -R a07fd7fed8eb4a7544695a85e91db0c4 -U danielk1977 -Z 156ec1d1638adadb1b9b333874a71edf +P 51eeae7b7ad5a0fbdd9d4418120dbdb6cd577cd5 +R 710324b40f5e54ea717a1562c7c07a4d +U drh +Z 6fd77513c09320f6a39989f1ee4db43a diff --git a/manifest.uuid b/manifest.uuid index ac8e941d34..67e4bd7b6d 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -51eeae7b7ad5a0fbdd9d4418120dbdb6cd577cd5 \ No newline at end of file +252810424d8c4dcd19b369d62027094df7cf0bcc \ No newline at end of file diff --git a/src/tokenize.c b/src/tokenize.c index 86c286c3d7..a9e0167b56 100644 --- a/src/tokenize.c +++ b/src/tokenize.c @@ -15,7 +15,7 @@ ** individual tokens and sends those tokens one-by-one over to the ** parser for analysis. ** -** $Id: tokenize.c,v 1.127 2007/05/08 13:58:28 drh Exp $ +** $Id: tokenize.c,v 1.128 2007/05/15 09:00:15 drh Exp $ */ #include "sqliteInt.h" #include "os.h" @@ -365,7 +365,7 @@ static int getToken(const unsigned char *z, int *tokenType){ } #endif default: { - if( !IdChar(*z) ){ + if( !IdChar(*z) || (*z & 0xc0)==0x80 ){ break; } for(i=1; IdChar(z[i]); i++){} diff --git a/test/alter.test b/test/alter.test index 41234677dc..8bd1931b23 100644 --- a/test/alter.test +++ b/test/alter.test @@ -11,7 +11,7 @@ # This file implements regression tests for SQLite library. The # focus of this script is testing the ALTER TABLE statement. # -# $Id: alter.test,v 1.22 2007/05/15 03:56:50 drh Exp $ +# $Id: alter.test,v 1.23 2007/05/15 09:00:16 drh Exp $ # set testdir [file dirname $argv0] @@ -702,5 +702,18 @@ do_test alter-11.1 { ALTER TABLE t11 ADD COLUMN abc; } } {1 {duplicate column name: abc}} +do_test alter-11.2 { + sqlite3_exec db {CREATE TABLE t11b("%81%82%83" text)} + execsql { + ALTER TABLE t11b ADD COLUMN abc; + } + catchsql { + ALTER TABLE t11b ADD COLUMN abc; + } +} {1 {duplicate column name: abc}} +do_test alter-11.3 { + set v [sqlite3_exec db {CREATE TABLE t11c(%81%82%83 text)}] + set v [string range $v 0 20]\175 +} {1 {unrecognized token}} finish_test