Add more code to enforce the limits specified in limits.h. (CVS 3946)

FossilOrigin-Name: c59d436095b5258d7132a432c0cb6cd5a7990d85
author: drh <drh@noemail.net> 2007-05-08 13:58:26 +0000
committer: drh <drh@noemail.net> 2007-05-08 13:58:26 +0000
commit: e5c941b83b07a418748fd63870017d6ca67730f4 (patch)
tree: ff93e5035c132f9ce1488a33127dd9646633cf55 /src
parent: 4b5710e4861ed3f051dff8ec5389e8ff9b1258c7 (diff)
download: sqlite-e5c941b83b07a418748fd63870017d6ca67730f4.tar.gz
sqlite-e5c941b83b07a418748fd63870017d6ca67730f4.zip
6 files changed, 38 insertions, 12 deletions
diff --git a/src/build.c b/src/build.c
index 60f910fad..f8ef21259 100644
--- a/src/build.c
+++ b/src/build.c
@@ -22,7 +22,7 @@
 **     COMMIT
 **     ROLLBACK
 **
-** $Id: build.c,v 1.426 2007/05/08 01:08:49 drh Exp $
+** $Id: build.c,v 1.427 2007/05/08 13:58:27 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -910,6 +910,10 @@ void sqlite3AddColumn(Parse *pParse, Token *pName){
   char *z;
   Column *pCol;
   if( (p = pParse->pNewTable)==0 ) return;
+  if( p->nCol+1>SQLITE_MAX_COLUMN ){
+    sqlite3ErrorMsg(pParse, "too many columns on %s", p->zName);
+    return;
+  }
   z = sqlite3NameFromToken(pName);
   if( z==0 ) return;
   for(i=0; i<p->nCol; i++){
diff --git a/src/limits.h b/src/limits.h
index 64b2c2a78..90f289465 100644
--- a/src/limits.h
+++ b/src/limits.h
@@ -12,7 +12,7 @@
 ** 
 ** This file defines various limits of what SQLite can process.
 **
-** @(#) $Id: limits.h,v 1.1 2007/05/08 01:08:49 drh Exp $
+** @(#) $Id: limits.h,v 1.2 2007/05/08 13:58:28 drh Exp $
 */
 
 /*
@@ -44,7 +44,7 @@
 ** dozen values in any of the other situations described above.
 */
 #ifndef SQLITE_MAX_COLUMN
-# define SQLITE_MAX_COLUMN 1000
+# define SQLITE_MAX_COLUMN 2000
 #endif
 
 /*
diff --git a/src/parse.y b/src/parse.y
index b69727118..4cfd154bc 100644
--- a/src/parse.y
+++ b/src/parse.y
@@ -14,7 +14,7 @@
 ** the parser.  Lemon will also generate a header file containing
 ** numeric codes for all of the tokens.
 **
-** @(#) $Id: parse.y,v 1.222 2007/05/04 18:30:41 drh Exp $
+** @(#) $Id: parse.y,v 1.223 2007/05/08 13:58:28 drh Exp $
 */
 
 // All token codes are small integers with #defines that begin with "TK_"
@@ -657,10 +657,16 @@ expr(A) ::= CAST(X) LP expr(E) AS typetoken(T) RP(Y). {
 }
 %endif  SQLITE_OMIT_CAST
 expr(A) ::= ID(X) LP distinct(D) exprlist(Y) RP(E). {
-  A = sqlite3ExprFunction(Y, &X);
-  sqlite3ExprSpan(A,&X,&E);
-  if( D && A ){
-    A->flags |= EP_Distinct;
+  if( Y->nExpr>SQLITE_MAX_FUNCTION_ARG ){
+    sqlite3ErrorMsg(pParse, "too many arguments on function %T", &X);
+    sqlite3ExprListDelete(Y);
+    A = 0;
+  }else{
+    A = sqlite3ExprFunction(Y, &X);
+    sqlite3ExprSpan(A,&X,&E);
+    if( D && A ){
+      A->flags |= EP_Distinct;
+    }
   }
 }
 expr(A) ::= ID(X) LP STAR RP(E). {
diff --git a/src/prepare.c b/src/prepare.c
index 7b4bfe963..407895209 100644
--- a/src/prepare.c
+++ b/src/prepare.c
@@ -13,7 +13,7 @@
 ** interface, and routines that contribute to loading the database schema
 ** from disk.
 **
-** $Id: prepare.c,v 1.48 2007/05/08 01:08:49 drh Exp $
+** $Id: prepare.c,v 1.49 2007/05/08 13:58:28 drh Exp $
 */
 #include "sqliteInt.h"
 #include "os.h"
@@ -490,7 +490,11 @@ int sqlite3Prepare(
   memset(&sParse, 0, sizeof(sParse));
   sParse.db = db;
   if( nBytes>=0 && zSql[nBytes]!=0 ){
-    char *zSqlCopy = sqlite3StrNDup(zSql, nBytes);
+    char *zSqlCopy;
+    if( nBytes>SQLITE_MAX_SQL_LENGTH ){
+      return SQLITE_TOOBIG;
+    }
+    zSqlCopy = sqlite3StrNDup(zSql, nBytes);
     if( zSqlCopy ){
       sqlite3RunParser(&sParse, zSqlCopy, &zErrMsg);
       sqliteFree(zSqlCopy);
diff --git a/src/select.c b/src/select.c
index 66b9a2462..489cb55e9 100644
--- a/src/select.c
+++ b/src/select.c
@@ -12,7 +12,7 @@
 ** This file contains C code routines that are called by the parser
 ** to handle SELECT statements in SQLite.
 **
-** $Id: select.c,v 1.341 2007/05/06 20:04:25 drh Exp $
+** $Id: select.c,v 1.342 2007/05/08 13:58:28 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -1359,6 +1359,10 @@ static int prepSelectStmt(Parse *pParse, Select *p){
     sqlite3ExprListDelete(pEList);
     p->pEList = pNew;
   }
+  if( p->pEList && p->pEList->nExpr>SQLITE_MAX_COLUMN ){
+    sqlite3ErrorMsg(pParse, "too many columns in result set");
+    rc = SQLITE_ERROR;
+  }
   return rc;
 }
 
@@ -2500,6 +2504,10 @@ static int processOrderGroupBy(
   assert( pEList );
 
   if( pOrderBy==0 ) return 0;
+  if( pOrderBy->nExpr>SQLITE_MAX_COLUMN ){
+    sqlite3ErrorMsg(pParse, "too many terms in %s BY clause", zType);
+    return 1;
+  }
   for(i=0; i<pOrderBy->nExpr; i++){
     int iCol;
     Expr *pE = pOrderBy->a[i].pExpr;
diff --git a/src/tokenize.c b/src/tokenize.c
index 4e915bdf8..86c286c3d 100644
--- a/src/tokenize.c
+++ b/src/tokenize.c
@@ -15,7 +15,7 @@
 ** individual tokens and sends those tokens one-by-one over to the
 ** parser for analysis.
 **
-** $Id: tokenize.c,v 1.126 2007/04/16 15:06:25 danielk1977 Exp $
+** $Id: tokenize.c,v 1.127 2007/05/08 13:58:28 drh Exp $
 */
 #include "sqliteInt.h"
 #include "os.h"
@@ -421,6 +421,10 @@ int sqlite3RunParser(Parse *pParse, const char *zSql, char **pzErrMsg){
     assert( pParse->sLastToken.dyn==0 );
     pParse->sLastToken.n = getToken((unsigned char*)&zSql[i],&tokenType);
     i += pParse->sLastToken.n;
+    if( i>SQLITE_MAX_SQL_LENGTH ){
+      pParse->rc = SQLITE_TOOBIG;
+      break;
+    }
     switch( tokenType ){
       case TK_SPACE:
       case TK_COMMENT: {
author	drh <drh@noemail.net>	2007-05-08 13:58:26 +0000
committer	drh <drh@noemail.net>	2007-05-08 13:58:26 +0000
commit	e5c941b83b07a418748fd63870017d6ca67730f4 (patch)
tree	ff93e5035c132f9ce1488a33127dd9646633cf55 /src
parent	4b5710e4861ed3f051dff8ec5389e8ff9b1258c7 (diff)
download	sqlite-e5c941b83b07a418748fd63870017d6ca67730f4.tar.gz sqlite-e5c941b83b07a418748fd63870017d6ca67730f4.zip