From: drh <> Date: Tue, 12 May 2026 19:33:04 +0000 (+0000) Subject: Do not allow internal-use-only functions to be used in CHECK constraints X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=1d2f71ce4a4a6ebe6dc33dea1341edf6d0f9ce1b;p=thirdparty%2Fsqlite.git Do not allow internal-use-only functions to be used in CHECK constraints that are added as part of ALTER TABLE ADD COLUMN. FossilOrigin-Name: 28272746fb13dcdbe2a4f21ef30446c316dfc843aa3d48f135f490abaee34198 --- diff --git a/manifest b/manifest index 143f5ae29a..df5e9b4b97 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\scopy/paste\serror\sin\sa\scomment.\s\sNo\schanges\sto\scode. -D 2026-05-12T18:06:44.577 +C Do\snot\sallow\sinternal-use-only\sfunctions\sto\sbe\sused\sin\sCHECK\sconstraints\nthat\sare\sadded\sas\spart\sof\sALTER\sTABLE\sADD\sCOLUMN. +D 2026-05-12T19:33:04.672 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -731,17 +731,17 @@ F src/pcache.c 588cc3c5ccaaadde689ed35ce5c5c891a1f7b1f4d1f56f6cf0143b74d8ee6484 F src/pcache.h 092b758d2c5e4dabb30eae46d8dfad77c0f70b16bf3ff1943f7a232b0fe0d4ba F src/pcache1.c 131ca0daf4e66b4608d2945ae76d6ed90de3f60539afbd5ef9ec65667a5f2fcd F src/pragma.c 789ef67117b74b5be0a2db6681f7f0c55e6913791b9da309aefd280de2c8a74d -F src/prepare.c f6a6e28a281bd1d1da12f47d370a81af46159b40f73bf7fa0b276b664f9c8b7d +F src/prepare.c 084a037fd3810cb7ffbfc001cd58c0ffac68ba36598a5084b55ea2a090014ebd F src/printf.c 7085e8504f519cf6cb23a84572f785b259769907fef94bbf90ef0a5a533ab89f F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c -F src/resolve.c fcc406bfb055bee9954ee77c023f4a2a66a24bcdf1573516a72280811a269c20 +F src/resolve.c c6a140e57b2453f010a7e9c4ae8c739d521a6da246542aa21a62624cc966db64 F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97 F src/select.c 4c05cde130f26991b7411d8c6809e0630625e18078742c963a047b4b9cc01d49 F src/shell.c.in 9ee66535e9da2ca2bd504a5925be1958c0e8f269d80a87109ffdc5ec6e9b4169 F src/sqlite.h.in 39d2e09114d2bdb7afd998f4a469c8f8cd065f8093835a7d0422f260fc78fb4f F src/sqlite3.rc 015537e6ac1eec6c7050e17b616c2ffe6f70fca241835a84a4f0d5937383c479 F src/sqlite3ext.h 9788c301f95370fa30e808861f1d2e6f022a816ddbe2a4f67486784c1b31db2e -F src/sqliteInt.h e0cdf7f4418e84fecf4826756867a9dfc4981f7cf5b3b294043c8c887a817729 +F src/sqliteInt.h 5bec8cfdc8346a122b35312452eb6af33fc750a6c901f2c651a2f53eba0b979f F src/sqliteLimit.h c70656b67ab5b96741a8f1c812bdd80c81f2b1c1e443d0cc3ea8c33bb1f1a092 F src/status.c 7565d63a79aa2f326339a24a0461a60096d0bd2bce711fefb50b5c89335f3592 F src/table.c 0f141b58a16de7e2fbe81c308379e7279f4c6b50eb08efeec5892794a0ba30d1 @@ -803,11 +803,11 @@ F src/upsert.c 215328c3f91623c520ec8672c44323553f12caeb4f01b1090ebdca99fdf7b4f1 F src/utf.c 7267c3fb9e2467020507601af3354c2446c61f444387e094c779dccd5ca62165 F src/util.c 98cf12c8ba65623a76c1eb6e6afa98ff40107c9919bf79af42f4bfc70e654232 F src/vacuum.c d3d35d8ae893d419ade5fa196d761a83bddcbb62137a1a157ae751ef38b26e82 -F src/vdbe.c 1cd55e8171e4e87054de196c3c4747d44b69041b5ec910cf547ae82a85beb3e4 +F src/vdbe.c b3038a711e33fef2c9813a9b7f8ad38c5f9e7c48d5b4b4dea1361046a2bd168e F src/vdbe.h 70e862ac8a11b590f8c1eaac17a0078429d42bc4ea3f757a9af0f451dd966a71 F src/vdbeInt.h c31ba4dc8d280c2b1dc89c6fcee68f2555e3813ab34279552c20b964c0e338b1 F src/vdbeapi.c 6cdcbe5c7afa754c998e73d2d5d2805556268362914b952811bdfb9c78a37cf1 -F src/vdbeaux.c 8749b5f4f6d65e048ba78143d2dfc6898f65010ecef213891094e8166d1557da +F src/vdbeaux.c f6ab3b2e238a01c69cbc72c8e4d3a07eab503a62f700102f70c20b239b03c0f2 F src/vdbeblob.c b3f0640db9642fbdc88bd6ebcc83d6009514cafc98f062f675f2c8d505d82692 F src/vdbemem.c efacb8f229422d2a4db0ed38e49b7f3897862a98d82b261aa3b43d7a2d98c6da F src/vdbesort.c b69220f4ea9ffea5fdef34d968c60305444eea909252a81933b54c296d9cca70 @@ -832,7 +832,7 @@ F test/aggnested.test 610b0ce2c3e8f3daee25f9752800ee8d785db10da4aa1fbeea0ea1aaba F test/aggorderby.test 7be65e743f82ee49ba62da1c799e59341d23884a99edfe093df0cdfaac94cbbb F test/alias.test 4529fbc152f190268a15f9384a5651bbbabc9d87 F test/all.test cf929f721e20960ca9db89471fa44f9176322ba8f25e97193f91881c223643b3 -F test/alter.test 3c00eff1e2036b9f93e9cd0f3d3e63750ac87ecb5bc71b9d7bd07cbf2ac4c494 +F test/alter.test 3acf3819d2cb1f0524a1b64c42b50a6b0d395c4f890f24dde5ec9e0d2e2eacc3 F test/alter2.test 7e3d26ab409df52df887b366a63902c3429b935c41cb962fd58ffc25784f2f19 F test/alter3.test dcdd5f850f30656a45a0f05e41abfb52b74bbf6ccba165d0f7adf6b0116e4fd6 F test/alter4.test 37cafe164067a6590a0ee4cec780bddbbaa33dc50b11542dcfbe0e65626494fd @@ -2204,8 +2204,11 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c -P bff9db9b5eb05ec3f99e35cb4c198d24bcb9ee7ceb2401bf55627788ac2b96db -R 852861e2b81cf0ca8aa8c224723f706f +P 2741193e81750512cae8bb14ebc03fa11dde100da144488b4da1c81a351e4ff6 +R 0d08738ee56857f49fce4efcf85a46b2 +T *branch * add-column-safety +T *sym-add-column-safety * +T -sym-trunk * U drh -Z f2a1c09491e8f12c62b204209b7c8f58 +Z e082c045463c5a8ad5ae4361411f935c # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.tags b/manifest.tags index bec971799f..e8bde8855b 100644 --- a/manifest.tags +++ b/manifest.tags @@ -1,2 +1,2 @@ -branch trunk -tag trunk +branch add-column-safety +tag add-column-safety diff --git a/manifest.uuid b/manifest.uuid index ab42093350..bde5b58c04 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -2741193e81750512cae8bb14ebc03fa11dde100da144488b4da1c81a351e4ff6 +28272746fb13dcdbe2a4f21ef30446c316dfc843aa3d48f135f490abaee34198 diff --git a/src/prepare.c b/src/prepare.c index be9e496f11..4d1295821d 100644 --- a/src/prepare.c +++ b/src/prepare.c @@ -216,7 +216,13 @@ int sqlite3InitOne(sqlite3 *db, int iDb, char **pzErrMsg, u32 mFlags){ assert( sqlite3_mutex_held(db->mutex) ); assert( iDb==1 || sqlite3BtreeHoldsMutex(db->aDb[iDb].pBt) ); - db->init.busy = 1; + db->init.busy = 1 + ((mFlags & INITFLAG_AlterAdd)!=0); + /* ^--- Any non-zero value for init.busy means that we are scanning + ** the sqlite_schema table to build the internal schema representation, + ** rather than running actual CREATE statements. init.busy==2 has the + ** additional meaning that the scan is happening as part of + ** ALTER TABLE ADD COLUMN, which is stricter in its enforcement of + ** function name resolution. */ /* Construct the in-memory representation schema tables (sqlite_schema or ** sqlite_temp_schema) by invoking the parser directly. The appropriate diff --git a/src/resolve.c b/src/resolve.c index ced15e9249..b76bf38c00 100644 --- a/src/resolve.c +++ b/src/resolve.c @@ -1217,8 +1217,13 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){ /* Internal-use-only functions are disallowed unless the ** SQL is being compiled using sqlite3NestedParse() or ** the SQLITE_TESTCTRL_INTERNAL_FUNCTIONS test-control has be - ** used to activate internal functions for testing purposes */ - no_such_func = 1; + ** used to activate internal functions for testing purposes. + ** + ** The 2 value for no_such_func means that the function is + ** an internal-use-only function which should be treated as a + ** non-existant function for name resolution purposes. + */ + no_such_func = 2; pDef = 0; }else if( (pDef->funcFlags & (SQLITE_FUNC_DIRECT|SQLITE_FUNC_UNSAFE))!=0 @@ -1262,9 +1267,16 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){ is_agg = 0; } #endif - else if( no_such_func && pParse->db->init.busy==0 + else if( no_such_func + && (pParse->db->init.busy==0 || + (no_such_func==2 && pParse->db->init.busy==2)) + /* Suppress "no such function" errors when reading + ** the sqlite_schema table. Except, do raise the error + ** if init.busy is 2, meaning the schema parse is due + ** to an ALTER TABLE ADD COLUMN statement, and the function + ** is an internal-use-only function (no_such_func==2). */ #ifdef SQLITE_ENABLE_UNKNOWN_SQL_FUNCTION - && pParse->explain==0 + && pParse->explain==0 #endif ){ sqlite3ErrorMsg(pParse, "no such function: %#T", pExpr); diff --git a/src/sqliteInt.h b/src/sqliteInt.h index fecf1add3c..6845b2ac9d 100644 --- a/src/sqliteInt.h +++ b/src/sqliteInt.h @@ -1700,7 +1700,7 @@ struct sqlite3 { struct sqlite3InitInfo { /* Information used during initialization */ Pgno newTnum; /* Rootpage of table being initialized */ u8 iDb; /* Which db file is being initialized */ - u8 busy; /* TRUE if currently initializing */ + u8 busy; /* TRUE if initing. 2 if due to ADD COLUMN */ unsigned orphanTrigger : 1; /* Last statement is orphaned TEMP trigger */ unsigned imposterTable : 2; /* Building an imposter table */ unsigned reopenMemdb : 1; /* ATTACH is really a reopen using MemDB */ diff --git a/src/vdbe.c b/src/vdbe.c index 098c592cfc..6b0eedf243 100644 --- a/src/vdbe.c +++ b/src/vdbe.c @@ -7147,12 +7147,19 @@ case OP_SqlExec: { break; } -/* Opcode: ParseSchema P1 * * P4 * +/* Opcode: ParseSchema P1 * * P4 P5 ** ** Read and parse all entries from the schema table of database P1 ** that match the WHERE clause P4. If P4 is a NULL pointer, then the ** entire schema for P1 is reparsed. ** +** When P4 is NULL, the P5 value is used as the mFlags argument +** to sqlite3InitOne(). In other words, P5 should be a mask composed +** of INITFLAG_* values. +** +** The P4==0 case is only used by ALTER TABLE and P5!=0 for all such +** cases. For uses other than ALTER TABLE, P4<>0 and P5==0. +** ** This opcode invokes the parser to create a new virtual machine, ** then runs the new virtual machine. It is thus a re-entrant opcode. */ @@ -7180,6 +7187,7 @@ case OP_ParseSchema: { #ifndef SQLITE_OMIT_ALTERTABLE if( pOp->p4.z==0 ){ + assert( pOp->p5!=0 ); sqlite3SchemaClear(db->aDb[iDb].pSchema); db->mDbFlags &= ~DBFLAG_SchemaKnownOk; rc = sqlite3InitOne(db, iDb, &p->zErrMsg, pOp->p5); @@ -7188,6 +7196,7 @@ case OP_ParseSchema: { }else #endif { + assert( pOp->p5==0 ); zSchema = LEGACY_SCHEMA_TABLE; initData.db = db; initData.iDb = iDb; diff --git a/src/vdbeaux.c b/src/vdbeaux.c index 79ab70c46a..796876d06e 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -556,11 +556,21 @@ void sqlite3VdbeExplainPop(Parse *pParse){ ** sqlite3VdbeAddOp4() since it needs to also needs to mark all btrees ** as having been used. ** -** The zWhere string must have been obtained from sqlite3_malloc(). +** zWhere is a WHERE clause that defines which entries of the schema +** to reparse. If zWhere==0, that means all entries. p5 is a mask +** of INITFLAG_* values for the parse. +** +** In the current usage, the following are always true: +** +** ALTER TABLE: zWhere==0, p5!=0 +** Otherwise: zWhere!=0, p5==0 +** +** The zWhere string must have been obtained from sqlite3DbMalloc(). ** This routine will take ownership of the allocated memory. */ void sqlite3VdbeAddParseSchemaOp(Vdbe *p, int iDb, char *zWhere, u16 p5){ int j; + assert( (zWhere==0)==(p5!=0) || p->db->mallocFailed ); sqlite3VdbeAddOp4(p, OP_ParseSchema, iDb, 0, 0, zWhere, P4_DYNAMIC); sqlite3VdbeChangeP5(p, p5); for(j=0; jdb->nDb; j++) sqlite3VdbeUsesBtree(p, j); diff --git a/test/alter.test b/test/alter.test index 9201f40adc..723a1976e3 100644 --- a/test/alter.test +++ b/test/alter.test @@ -981,6 +981,15 @@ do_execsql_test alter-21.4 { SELECT name, type FROM sqlite_schema ORDER BY name; } {r2 trigger t1 table t99 table} - +# 2026-05-12 Verify that ADD COLUMN cannot insert internal-use-only +# functions. +# +reset_db +do_execsql_test alter-22.1 { + CREATE TABLE t1(a,b); +} +do_catchsql_test alter-22.2 { + ALTER TABLE t1 ADD COLUMN c CHECK( if(c<10,1,sqlite_fail('bummer',1))); +} {1 {error in table t1 after add column: no such function: sqlite_fail}} finish_test