diff options
| author | drh <drh@noemail.net> | 2018-06-02 11:31:15 +0000 |
|---|---|---|
| committer | drh <drh@noemail.net> | 2018-06-02 11:31:15 +0000 |
| commit | 4344dbd3abd137c184aa77e106a61db2514a06c4 (patch) | |
| tree | 54b5b9073c2a4a4e605c3033798739b01f69b217 /src/resolve.c | |
| parent | 0f86c9d8fa7301f0e0c79dae25dcabedfbfa3cc3 (diff) | |
| download | sqlite-4344dbd3abd137c184aa77e106a61db2514a06c4.tar.gz sqlite-4344dbd3abd137c184aa77e106a61db2514a06c4.zip | |
Ensure that sqlite3AuthRead() is only call for TK_COLUMN and TK_TRIGGER
expression nodes. This fixes a harmless assert() identified by OSSFuzz.
Move the assert() into a position where it is tested even if the authorizer
is disabled.
FossilOrigin-Name: d0c3beef7cdc680c0768ddd18f766a4ca7be822c1eb1776b2f73b7433d9962dc
Diffstat (limited to 'src/resolve.c')
| -rw-r--r-- | src/resolve.c | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/src/resolve.c b/src/resolve.c index 4ed36a479..d9ce28682 100644 --- a/src/resolve.c +++ b/src/resolve.c @@ -75,29 +75,31 @@ static void resolveAlias( assert( pOrig!=0 ); db = pParse->db; pDup = sqlite3ExprDup(db, pOrig, 0); - if( pDup==0 ) return; - if( zType[0]!='G' ) incrAggFunctionDepth(pDup, nSubquery); - if( pExpr->op==TK_COLLATE ){ - pDup = sqlite3ExprAddCollateString(pParse, pDup, pExpr->u.zToken); - } - ExprSetProperty(pDup, EP_Alias); - - /* Before calling sqlite3ExprDelete(), set the EP_Static flag. This - ** prevents ExprDelete() from deleting the Expr structure itself, - ** allowing it to be repopulated by the memcpy() on the following line. - ** The pExpr->u.zToken might point into memory that will be freed by the - ** sqlite3DbFree(db, pDup) on the last line of this block, so be sure to - ** make a copy of the token before doing the sqlite3DbFree(). - */ - ExprSetProperty(pExpr, EP_Static); - sqlite3ExprDelete(db, pExpr); - memcpy(pExpr, pDup, sizeof(*pExpr)); - if( !ExprHasProperty(pExpr, EP_IntValue) && pExpr->u.zToken!=0 ){ - assert( (pExpr->flags & (EP_Reduced|EP_TokenOnly))==0 ); - pExpr->u.zToken = sqlite3DbStrDup(db, pExpr->u.zToken); - pExpr->flags |= EP_MemToken; + if( pDup!=0 ){ + if( zType[0]!='G' ) incrAggFunctionDepth(pDup, nSubquery); + if( pExpr->op==TK_COLLATE ){ + pDup = sqlite3ExprAddCollateString(pParse, pDup, pExpr->u.zToken); + } + ExprSetProperty(pDup, EP_Alias); + + /* Before calling sqlite3ExprDelete(), set the EP_Static flag. This + ** prevents ExprDelete() from deleting the Expr structure itself, + ** allowing it to be repopulated by the memcpy() on the following line. + ** The pExpr->u.zToken might point into memory that will be freed by the + ** sqlite3DbFree(db, pDup) on the last line of this block, so be sure to + ** make a copy of the token before doing the sqlite3DbFree(). + */ + ExprSetProperty(pExpr, EP_Static); + sqlite3ExprDelete(db, pExpr); + memcpy(pExpr, pDup, sizeof(*pExpr)); + if( !ExprHasProperty(pExpr, EP_IntValue) && pExpr->u.zToken!=0 ){ + assert( (pExpr->flags & (EP_Reduced|EP_TokenOnly))==0 ); + pExpr->u.zToken = sqlite3DbStrDup(db, pExpr->u.zToken); + pExpr->flags |= EP_MemToken; + } + sqlite3DbFree(db, pDup); } - sqlite3DbFree(db, pDup); + ExprSetProperty(pExpr, EP_Alias); } @@ -349,6 +351,7 @@ static int lookupName( testcase( iCol==(-1) ); pExpr->iTable = pNC->uNC.pUpsert->regData + iCol; eNewExprOp = TK_REGISTER; + ExprSetProperty(pExpr, EP_Alias); }else #endif /* SQLITE_OMIT_UPSERT */ { |