LibSQL: Limit the number of nested subqueries

SQLite hasn't documented a limit on https://www.sqlite.org/limits.html
for the maximum number of nested subqueries. However, its parser is
generated with Yacc and has an internal limit of 100 for general nested
statements.

Fixes https://crbug.com/oss-fuzz/35022.
This commit is contained in:
Timothy Flynn 2021-06-08 09:22:06 -04:00 committed by Andreas Kling
commit c7cd81bce8
Notes: sideshowbarker 2024-07-18 12:37:11 +09:00
3 changed files with 15 additions and 0 deletions

View file

@ -5,6 +5,7 @@
*/
#include "Parser.h"
#include <AK/ScopeGuard.h>
#include <AK/TypeCasts.h>
namespace SQL {
@ -946,6 +947,11 @@ NonnullRefPtr<ResultColumn> Parser::parse_result_column()
NonnullRefPtr<TableOrSubquery> Parser::parse_table_or_subquery()
{
if (++m_parser_state.m_current_subquery_depth > Limits::maximum_subquery_depth)
syntax_error(String::formatted("Exceeded maximum subquery depth of {}", Limits::maximum_subquery_depth));
ScopeGuard guard([&]() { --m_parser_state.m_current_subquery_depth; });
// https://sqlite.org/syntax/table-or-subquery.html
if (match(TokenType::Identifier)) {
String schema_name;