aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/select.c16
-rw-r--r--src/sqlite.h.in2
2 files changed, 13 insertions, 5 deletions
diff --git a/src/select.c b/src/select.c
index 57d0b93fb..eabbcc8c9 100644
--- a/src/select.c
+++ b/src/select.c
@@ -5124,15 +5124,23 @@ int sqlite3Select(
SelectDest dest;
Select *pSub;
- /* Issue SQLITE_READ authorizations with a NULL column name for any tables that
+ /* Issue SQLITE_READ authorizations with a fake column name for any tables that
** are referenced but from which no values are extracted. Examples of where these
** kinds of null SQLITE_READ authorizations would occur:
**
- ** SELECT count(*) FROM t1; -- SQLITE_READ t1 null
- ** SELECT t1.* FROM t1, t2; -- SQLITE_READ t2 null
+ ** SELECT count(*) FROM t1; -- SQLITE_READ t1.""
+ ** SELECT t1.* FROM t1, t2; -- SQLITE_READ t2.""
+ **
+ ** The fake column name is an empty string. It is possible for a table to
+ ** have a column named by the empty string, in which case there is no way to
+ ** distinguish between an unreferenced table and an actual reference to the
+ ** "" column. The original design was for the fake column name to be a NULL,
+ ** which would be unambiguous. But legacy authorization callbacks might
+ ** assume the column name is non-NULL and segfault. The use of an empty string
+ ** for the fake column name seems safer.
*/
if( pItem->colUsed==0 ){
- sqlite3AuthCheck(pParse, SQLITE_READ, pItem->zName, pItem->zDatabase, 0);
+ sqlite3AuthCheck(pParse, SQLITE_READ, pItem->zName, "", pItem->zDatabase);
}
#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
diff --git a/src/sqlite.h.in b/src/sqlite.h.in
index 2761ce66d..74edcb56b 100644
--- a/src/sqlite.h.in
+++ b/src/sqlite.h.in
@@ -2714,7 +2714,7 @@ void sqlite3_randomness(int N, void *P);
** ^When a table is referenced by a [SELECT] but no column values are
** extracted from that table (for example in a query like
** "SELECT count(*) FROM tab") then the [SQLITE_READ] authorizer callback
-** is invoked once for that table with a NULL column name.
+** is invoked once for that table with a column name that is an empty string.
** ^If the action code is [SQLITE_DELETE] and the callback returns
** [SQLITE_IGNORE] then the [DELETE] operation proceeds but the
** [truncate optimization] is disabled and all rows are deleted individually.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 14:25:22 +0000