Update of /cvsroot/monetdb/sql/src/server
In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv20012/src/server
Modified Files:
Tag: SQL_2-16
sql_mvc.mx sql_scan.mx sql_schema.mx sql_select.mx
Log Message:
protection against many recursive views
fixed bug in scanner related properly handling block boundaries
Index: sql_mvc.mx
===================================================================
RCS file: /cvsroot/monetdb/sql/src/server/sql_mvc.mx,v
retrieving revision 1.172.2.2
retrieving revision 1.172.2.3
diff -u -d -r1.172.2.2 -r1.172.2.3
--- sql_mvc.mx 2 Feb 2007 16:26:27 -0000 1.172.2.2
+++ sql_mvc.mx 14 Mar 2007 15:55:00 -0000 1.172.2.3
@@ -37,6 +37,8 @@
#include <sql_keyword.h>
#include <sql_atom.h>
+#define SQL_MAXDEPTH ((THREAD_STACK_SIZE/4096)/4)
+
#define ERRSIZE 8192
typedef enum modes_t {
Index: sql_scan.mx
===================================================================
RCS file: /cvsroot/monetdb/sql/src/server/sql_scan.mx,v
retrieving revision 1.122.2.1
retrieving revision 1.122.2.2
diff -u -d -r1.122.2.1 -r1.122.2.2
--- sql_scan.mx 6 Mar 2007 19:42:57 -0000 1.122.2.1
+++ sql_scan.mx 14 Mar 2007 15:55:01 -0000 1.122.2.2
@@ -711,14 +711,16 @@
{
struct scanner *lc = &c->scanner;
int next = 0;
+ int started = lc->started;
if (cur == '/') {
+ lc->started = 1;
next = scanner_getc(lc);
if (next == '*') {
+ lc->started = started;
cur = skip_c_comment(lc);
return tokenize(c, cur);
} else {
- lc->started = 1;
utf8_putchar(lc, next);
return scanner_token(lc, cur);
}
@@ -733,8 +735,10 @@
}
switch (cur) {
case '-':
+ lc->started = 1;
next = scanner_getc(lc);
if (next == '-') {
+ lc->started = started;
if ((cur = skip_sql_comment(lc)) == EOF)
return cur;
return tokenize(c, cur);
@@ -892,7 +896,7 @@
if (token == IDENT || token == COMPARISON || token == AGGR || token ==
RANK || token == aTYPE || token == ALIAS)
yylval->sval = sa_strndup(c->sa, yylval->sval,
lc->yycur-lc->yysval);
- if (token == STRING) {
+ else if (token == STRING) {
char quote = *yylval->sval;
char *str = sa_alloc( c->sa, (lc->yycur-lc->yysval-2)*2 +1 );
assert(quote == '"' || quote == '\'');
Index: sql_select.mx
===================================================================
RCS file: /cvsroot/monetdb/sql/src/server/sql_select.mx,v
retrieving revision 1.175.2.3
retrieving revision 1.175.2.4
diff -u -d -r1.175.2.3 -r1.175.2.4
--- sql_select.mx 15 Feb 2007 15:32:10 -0000 1.175.2.3
+++ sql_select.mx 14 Mar 2007 15:55:02 -0000 1.175.2.4
@@ -982,9 +982,6 @@
return ls;
}
-
-#define SQL_MAXDEPTH ((THREAD_STACK_SIZE/4096)/4)
-
static stmt *
sql_binop(mvc *sql, scope *scp, symbol *se, group *grp, stmt *subset, int f)
{
Index: sql_schema.mx
===================================================================
RCS file: /cvsroot/monetdb/sql/src/server/sql_schema.mx,v
retrieving revision 1.111.2.2
retrieving revision 1.111.2.3
diff -u -d -r1.111.2.2 -r1.111.2.3
--- sql_schema.mx 2 Feb 2007 15:23:48 -0000 1.111.2.2
+++ sql_schema.mx 14 Mar 2007 15:55:02 -0000 1.111.2.3
@@ -763,11 +763,14 @@
return sql_error(sql, 01, "CREATE VIEW: ORDER
BY not supported");
}
+ sql->depth++;
+ if (sql->depth > SQL_MAXDEPTH)
+ return sql_error(sql, 02, "CREATE VIEW: too many nested
VIEWS");
sq = scope_subquery(sql, NULL, query, ek );
+ sql->depth--;
if (!sq)
return NULL;
-
if (!instantiate) {
t = mvc_create_view(sql, s, name, q, 0);
as_subquery( sql, t, sq, column_spec );
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Monetdb-sql-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/monetdb-sql-checkins
