From 406eb5a146e06c29a5f1d8b8e25c10d125945a20 Mon Sep 17 00:00:00 2001 From: dan Date: Tue, 23 Jan 2024 11:20:58 +0000 Subject: [PATCH] Add extra checks for the validity of a numeric literal to sqlite3DequoteNumber(). FossilOrigin-Name: d57407ef59baf699b72c8c4859abfaa7977dd41f6f16eb8fe1d53a68806eb966 --- manifest | 20 ++++++++++---------- manifest.uuid | 2 +- src/parse.y | 2 +- src/sqliteInt.h | 2 +- src/tokenize.c | 20 ++++---------------- src/util.c | 13 +++++++++---- test/literal.test | 4 ++-- 7 files changed, 28 insertions(+), 35 deletions(-) diff --git a/manifest b/manifest index f48cebcf73..0470957ccf 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\sproblem\sin\sthe\sprevious\scommit\swith\shex\sliterals\sthat\sstart\swith\s"0X"\sinstead\sof\s"0x". -D 2024-01-22T19:42:56.220 +C Add\sextra\schecks\sfor\sthe\svalidity\sof\sa\snumeric\sliteral\sto\ssqlite3DequoteNumber(). +D 2024-01-23T11:20:58.812 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -727,7 +727,7 @@ F src/os_win.c 4a50a154aeebc66a1f8fb79c1ff6dd5fe3d005556533361e0d460d41cb6a45a8 F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a F src/pager.c ff60e98138d2499082ac6230f01ac508aba545315debccfca2fd6042f5f10fcd F src/pager.h 4b1140d691860de0be1347474c51fee07d5420bd7f802d38cbab8ea4ab9f538a -F src/parse.y 2354aaf964e7c4154a9dbe56ea55a797a0fa3021c38b50afe491ea4a387bf971 +F src/parse.y d2823ae4a503f83b3e8629c31470686624e46851d576c1f2b7bbec2e7328bb05 F src/pcache.c 040b165f30622a21b7a9a77c6f2e4877a32fb7f22d4c7f0d2a6fa6833a156a75 F src/pcache.h 1497ce1b823cf00094bb0cf3bac37b345937e6f910890c626b16512316d3abf5 F src/pcache1.c 602acb23c471bb8d557a6f0083cc2be641d6cafcafa19e481eba7ef4c9ca0f00 @@ -743,7 +743,7 @@ F src/shell.c.in d1ed426aae2d547932971e8019939cacb4dfda8258e45b8924b250e488e2d53 F src/sqlite.h.in 61a60b4ea04db8ead15e1579b20b64cb56e9f55d52c5f9f9694de630110593a3 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 F src/sqlite3ext.h 3f046c04ea3595d6bfda99b781926b17e672fd6d27da2ba6d8d8fc39981dcb54 -F src/sqliteInt.h 6e5e330d84b4ace70e3163721601f01df84566e6db21e1fc45bd00636e3d6640 +F src/sqliteInt.h a1367a4cd90c90e5eb2e5ca7d1be96823507f63b43030deb394f90f4f8d9ac10 F src/sqliteLimit.h 6878ab64bdeb8c24a1d762d45635e34b96da21132179023338c93f820eee6728 F src/status.c cb11f8589a6912af2da3bb1ec509a94dd8ef27df4d4c1a97e0bcf2309ece972b F src/table.c 0f141b58a16de7e2fbe81c308379e7279f4c6b50eb08efeec5892794a0ba30d1 @@ -800,13 +800,13 @@ F src/test_windirent.h da2e5b73c32d09905fbdd00f27cd802212a32a58ead882736fe4f5eb7 F src/test_window.c cdae419fdcea5bad6dcd9368c685abdad6deb59e9fc8b84b153de513d394ba3f F src/test_wsd.c 41cadfd9d97fe8e3e4e44f61a4a8ccd6f7ca8fe9 F src/threads.c 4ae07fa022a3dc7c5beb373cf744a85d3c5c6c3c -F src/tokenize.c 3ea60fcd98a0eb1391592a080fb8871b0026eaffbdb5795ef3b19bb7d48e702a +F src/tokenize.c 3f703cacdab728d7741e5a6ac242006d74fe1c2754d4f03ed889d7253259bd68 F src/treeview.c c6fc972683fd00f975d8b32a81c1f25d2fb7d4035366bf45c9f5622d3ccd70ee F src/trigger.c 0905b96b04bb6658509f711a8207287f1315cdbc3df1a1b13ba6483c8e341c81 F src/update.c 6904814dd62a7a93bbb86d9f1419c7f134a9119582645854ab02b36b676d9f92 F src/upsert.c fa125a8d3410ce9a97b02cb50f7ae68a2476c405c76aa692d3acf6b8586e9242 F src/utf.c f23165685a67b4caf8ec08fb274cb3f319103decfb2a980b7cfd55d18dfa855e -F src/util.c ef37d377684d6f725773c15bfc1ef5b75483b4f3b6b6198d4b8b969831623be0 +F src/util.c 88484a62e2465728288ca6e5b10f30489058e66266f52c70e87663310298793b F src/vacuum.c 604fcdaebe76f3497c855afcbf91b8fa5046b32de3045bab89cc008d68e40104 F src/vdbe.c 92910d536e0b77505599cd6ae5d9d449e4a5d31ada61da4c0bb84f6ccb2c3189 F src/vdbe.h 88e19a982df9027ec1c177c793d1a5d34dc23d8f06e3b2d997f43688b05ee0eb @@ -1355,7 +1355,7 @@ F test/like2.test d3be15fefee3e02fc88942a9b98f26c5339bbdef7783c90023c092c4955fe3 F test/like3.test a76e5938fadbe6d32807284c796bafd869974a961057bc5fc5a28e06de98745c F test/limit.test 350f5d03c29e7dff9a2cde016f84f8d368d40bcd02fa2b2a52fa10c4bf3cbfaf F test/limit2.test 9409b033284642a859fafc95f29a5a6a557bd57c1f0d7c3f554bd64ed69df77e -F test/literal.test e3d65d4091126cb008f31f57a324364511a83dd9461df31f60b5df6bd1f1f846 +F test/literal.test c4f6f281964ac5ab48a32bd978e80644affac822664879d7558762b2fad7aff5 F test/literal2.tcl 1499037beaf661aeecdbe48801220a181d805372a64c6128d5f26bb6a4a8f0ce F test/literal2.test b149e16b5fc9ee6249069a8858ed41052f222014fe0ba7ad43c2fb989c2dada2 F test/loadext.test faa4f6eed07a5aac35d57fdd7bc07f8fc82464cfd327567c10cf0ba3c86cde04 @@ -2161,8 +2161,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 81a56229460cc5b6acfd3c3729fcf89ea3cccb546ca2b4f4035b140c60911e18 -R 8fee7748a406cec8844b4286c6b28b8f +P c063c89b11487e6e712b97de604db316fa97bcf91ed810bb2dcbbcb54c68dbf4 +R 92b3c6e9a0a36e247ccad3d6a5b99b6c U dan -Z 6bae334234c9987a328b3a9421e4a531 +Z 62284248efaccf35cb9923c551aa2ba1 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index de37a7858c..66162263f5 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -c063c89b11487e6e712b97de604db316fa97bcf91ed810bb2dcbbcb54c68dbf4 \ No newline at end of file +d57407ef59baf699b72c8c4859abfaa7977dd41f6f16eb8fe1d53a68806eb966 \ No newline at end of file diff --git a/src/parse.y b/src/parse.y index b0d03a04ee..c26a9bccc2 100644 --- a/src/parse.y +++ b/src/parse.y @@ -1926,7 +1926,7 @@ filter_clause(A) ::= FILTER LP WHERE expr(X) RP. { A = X; } term(A) ::= QNUMBER(X). { A=tokenExpr(pParse,@X,X); - sqlite3DequoteNumber(A); + sqlite3DequoteNumber(pParse, A); } /* There must be no more than 255 tokens defined above. If this grammar diff --git a/src/sqliteInt.h b/src/sqliteInt.h index c4aaf9d203..2db491fc81 100644 --- a/src/sqliteInt.h +++ b/src/sqliteInt.h @@ -4794,7 +4794,7 @@ int sqlite3ErrorToParser(sqlite3*,int); void sqlite3Dequote(char*); void sqlite3DequoteExpr(Expr*); void sqlite3DequoteToken(Token*); -void sqlite3DequoteNumber(Expr*); +void sqlite3DequoteNumber(Parse*, Expr*); void sqlite3TokenInit(Token*,char*); int sqlite3KeywordCode(const unsigned char*, int); int sqlite3RunParser(Parse*, const char*); diff --git a/src/tokenize.c b/src/tokenize.c index f01548d4cb..65d1fbf350 100644 --- a/src/tokenize.c +++ b/src/tokenize.c @@ -439,10 +439,7 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){ if( z[0]=='0' && (z[1]=='x' || z[1]=='X') && sqlite3Isxdigit(z[2]) ){ for(i=3; 1; i++){ if( sqlite3Isxdigit(z[i])==0 ){ - if( z[i]==SQLITE_DIGIT_SEPARATOR - && sqlite3Isxdigit(z[i-1]) - && sqlite3Isxdigit(z[i+1]) - ){ + if( z[i]==SQLITE_DIGIT_SEPARATOR ){ *tokenType = TK_QNUMBER; }else{ break; @@ -454,10 +451,7 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){ { for(i=0; 1; i++){ if( sqlite3Isdigit(z[i])==0 ){ - if( z[i]==SQLITE_DIGIT_SEPARATOR - && sqlite3Isdigit(z[i-1]) - && sqlite3Isdigit(z[i+1]) - ){ + if( z[i]==SQLITE_DIGIT_SEPARATOR ){ *tokenType = TK_QNUMBER; }else{ break; @@ -469,10 +463,7 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){ if( *tokenType==TK_INTEGER ) *tokenType = TK_FLOAT; for(i++; 1; i++){ if( sqlite3Isdigit(z[i])==0 ){ - if( z[i]==SQLITE_DIGIT_SEPARATOR - && sqlite3Isdigit(z[i-1]) - && sqlite3Isdigit(z[i+1]) - ){ + if( z[i]==SQLITE_DIGIT_SEPARATOR ){ *tokenType = TK_QNUMBER; }else{ break; @@ -488,10 +479,7 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){ if( *tokenType==TK_INTEGER ) *tokenType = TK_FLOAT; for(i+=2; 1; i++){ if( sqlite3Isdigit(z[i])==0 ){ - if( z[i]==SQLITE_DIGIT_SEPARATOR - && sqlite3Isdigit(z[i-1]) - && sqlite3Isdigit(z[i+1]) - ){ + if( z[i]==SQLITE_DIGIT_SEPARATOR ){ *tokenType = TK_QNUMBER; }else{ break; diff --git a/src/util.c b/src/util.c index ed7789591b..5a88979fe4 100644 --- a/src/util.c +++ b/src/util.c @@ -316,21 +316,26 @@ void sqlite3DequoteExpr(Expr *p){ ** and set the type to INTEGER or FLOAT. "Quoted" integers or floats are those ** that contain '_' characters that must be removed before further processing. */ -void sqlite3DequoteNumber(Expr *p){ +void sqlite3DequoteNumber(Parse *pParse, Expr *p){ if( p ){ const char *pIn = p->u.zToken; char *pOut = p->u.zToken; + int bHex = (pIn[0]=='0' && (pIn[1]=='x' || pIn[1]=='X')); assert( p->op==TK_QNUMBER ); p->op = TK_INTEGER; do { if( *pIn!=SQLITE_DIGIT_SEPARATOR ){ *pOut++ = *pIn; if( *pIn=='e' || *pIn=='E' || *pIn=='.' ) p->op = TK_FLOAT; + }else{ + if( (bHex==0 && (!sqlite3Isdigit(pIn[-1]) || !sqlite3Isdigit(pIn[1]))) + || (bHex==1 && (!sqlite3Isxdigit(pIn[-1]) || !sqlite3Isxdigit(pIn[1]))) + ){ + sqlite3ErrorMsg(pParse, "unrecognized token: \"%s\"", p->u.zToken); + } } }while( *pIn++ ); - if( p->u.zToken[0]=='0' && (p->u.zToken[1]=='x' || p->u.zToken[1]=='X') ){ - p->op = TK_INTEGER; - } + if( bHex ) p->op = TK_INTEGER; } } diff --git a/test/literal.test b/test/literal.test index fe6b70acf7..30205692c9 100644 --- a/test/literal.test +++ b/test/literal.test @@ -74,7 +74,7 @@ test_literal 3.8 -9_223_372_036_854_775_808 integer -9223372036854775808 foreach {tn lit unrec} { 0 123a456 123a456 1 1_ 1_ - 2 1_.4 1_ + 2 1_.4 1_.4 3 1e_4 1e_4 4 1_e4 1_e4 5 1.4_e4 1.4_e4 @@ -86,7 +86,7 @@ foreach {tn lit unrec} { 11 12__34 12__34 12 1234_ 1234_ 13 12._34 12._34 - 14 12_.34 12_ + 14 12_.34 12_.34 15 12.34_ 12.34_ 16 1.0e1_______2 1.0e1_______2 } {