mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-07-28 11:49:44 +00:00
LibSQL: Limit the allowed depth of an expression tree
According to the definition at https://sqlite.org/lang_expr.html, SQL expressions could be infinitely deep. For practicality, SQLite enforces a maxiumum expression tree depth of 1000. Apply the same limit in LibSQL to avoid stack overflow in the expression parser. Fixes https://crbug.com/oss-fuzz/34859.
This commit is contained in:
Timothy Flynn
Ali Mohammad Pur
parent
3d9bcb860e
commit
f8f36effc9
Notes:
sideshowbarker
2024-07-18 16:50:26 +09:00
Author: https://github.com/trflynn89
Commit: f8f36effc9
Pull-request: https://github.com/SerenityOS/serenity/pull/7814
3 changed files with 19 additions and 0 deletions
|
|
@ -602,3 +602,10 @@ TEST_CASE(in_selection_expression)
|
|||
validate("15 IN (SELECT * FROM table)", false);
|
||||
validate("15 NOT IN (SELECT * FROM table)", true);
|
||||
}
|
||||
|
||||
TEST_CASE(stack_limit)
|
||||
{
|
||||
auto too_deep_expression = String::formatted("{:+^{}}1", "", SQL::Limits::maximum_expression_tree_depth);
|
||||
EXPECT(!parse(too_deep_expression.substring_view(1)).is_error());
|
||||
EXPECT(parse(too_deep_expression).is_error());
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue