LibSQL: Limit the allowed depth of an expression tree

According to the definition at https://sqlite.org/lang_expr.html, SQL
expressions could be infinitely deep. For practicality, SQLite enforces
a maxiumum expression tree depth of 1000. Apply the same limit in
LibSQL to avoid stack overflow in the expression parser.

Fixes https://crbug.com/oss-fuzz/34859.
This commit is contained in:
Timothy Flynn 2021-06-05 09:55:16 -04:00 committed by Ali Mohammad Pur
commit f8f36effc9
Notes: sideshowbarker 2024-07-18 16:50:26 +09:00
3 changed files with 19 additions and 0 deletions

View file

@ -602,3 +602,10 @@ TEST_CASE(in_selection_expression)
validate("15 IN (SELECT * FROM table)", false);
validate("15 NOT IN (SELECT * FROM table)", true);
}
TEST_CASE(stack_limit)
{
auto too_deep_expression = String::formatted("{:+^{}}1", "", SQL::Limits::maximum_expression_tree_depth);
EXPECT(!parse(too_deep_expression.substring_view(1)).is_error());
EXPECT(parse(too_deep_expression).is_error());
}