mirrors/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

In LEMON, limit the size of the grammar file to 100MB. This ensures that

Browse Source 
the program will never experience integer overflow.  To be doubly sure,
use calloc() instead of malloc() when allocating arrays.

FossilOrigin-Name: 29ba458d849ad8864711cbe59fb10447a947e06a
This commit is contained in:
drh 2014-01-11 12:52:25 +00:00
parent f59b12fbc1
commit 03e1b1f5ff
3 changed files with 18 additions and 27 deletions

12
manifest

@ -1,5 +1,5 @@
C Optimizations\sto\sthe\sSQL\slanguage\sgrammar\sthat\sresult\sin\sa\ssmall\ssize\nreduction\sand\sspeed\sincrease.
D 2014-01-11T03:54:05.594
C In\sLEMON,\slimit\sthe\ssize\sof\sthe\sgrammar\sfile\sto\s100MB.\s\sThis\sensures\sthat\nthe\sprogram\swill\snever\sexperience\sinteger\soverflow.\s\sTo\sbe\sdoubly\ssure,\nuse\scalloc()\sinstead\sof\smalloc()\swhen\sallocating\sarrays.
D 2014-01-11T12:52:25.201
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
F Makefile.in 2ef13430cd359f7b361bb863504e227b25cc7f81
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@ -1109,7 +1109,7 @@ F tool/fragck.tcl 5265a95126abcf6ab357f7efa544787e5963f439
F tool/genfkey.README cf68fddd4643bbe3ff8e31b8b6d8b0a1b85e20f4
F tool/genfkey.test 4196a8928b78f51d54ef58e99e99401ab2f0a7e5
F tool/getlock.c f4c39b651370156cae979501a7b156bdba50e7ce
F tool/lemon.c 624b24c5dc048e09979f88a03e148bc728c70b73
F tool/lemon.c 6842b2e7af12835f9f6e55808a0b1861cd0696fe
F tool/lempar.c 01ca97f87610d1dac6d8cd96ab109ab1130e76dc
F tool/logest.c 7ad625cac3d54012b27d468b7af6612f78b9ba75
F tool/mkautoconfamal.sh f8d8dbf7d62f409ebed5134998bf5b51d7266383
@ -1148,7 +1148,7 @@ F tool/vdbe-compress.tcl 0cf56e9263a152b84da86e75a5c0cdcdb7a47891
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
P 8eb48c04bd0a14031488b3160fde67307eb8b35d
R 754b7dd57633ea486f18a04af0e67e46
P cb5d1f83e0a33d546d4c0cb817ef1f8440d1f738
R 28679f157b50c114aa03e50f74a7a104
U drh
Z 0bb5f8caa9532d2db9247df525167cc7
Z 608e7b6009060d93ac39bb2434b3c874

2
manifest.uuid

@ -1 +1 @@
cb5d1f83e0a33d546d4c0cb817ef1f8440d1f738
29ba458d849ad8864711cbe59fb10447a947e06a

31
tool/lemon.c

@ -2659,9 +2659,8 @@ void Parse(struct lemon *gp)
filesize = ftell(fp);
rewind(fp);
filebuf = (char *)malloc( filesize+1 );
if( filebuf==0 ){
ErrorMsg(ps.filename,0,"Can't allocate %d of memory to hold this file.",
filesize+1);
if( filesize>100000000 || filebuf==0 ){
ErrorMsg(ps.filename,0,"Input file too large.");
gp->errorcnt++;
fclose(fp);
return;
@ -4442,8 +4441,7 @@ void Strsafe_init(){
if( x1a ){
x1a->size = 1024;
x1a->count = 0;
x1a->tbl = (x1node*)malloc(
(sizeof(x1node) + sizeof(x1node*))*1024 );
x1a->tbl = (x1node*)calloc(1024, sizeof(x1node) + sizeof(x1node*));
if( x1a->tbl==0 ){
free(x1a);
x1a = 0;
@ -4480,8 +4478,7 @@ int Strsafe_insert(const char *data)
struct s_x1 array;
array.size = size = x1a->size*2;
array.count = x1a->count;
array.tbl = (x1node*)malloc(
(sizeof(x1node) + sizeof(x1node*))*size );
array.tbl = (x1node*)calloc(size, sizeof(x1node) + sizeof(x1node*));
if( array.tbl==0 ) return 0; /* Fail due to malloc failure */
array.ht = (x1node**)&(array.tbl[size]);
for(i=0; i<size; i++) array.ht[i] = 0;
@ -4611,8 +4608,7 @@ void Symbol_init(){
if( x2a ){
x2a->size = 128;
x2a->count = 0;
x2a->tbl = (x2node*)malloc(
(sizeof(x2node) + sizeof(x2node*))*128 );
x2a->tbl = (x2node*)calloc(128, sizeof(x2node) + sizeof(x2node*));
if( x2a->tbl==0 ){
free(x2a);
x2a = 0;
@ -4649,8 +4645,7 @@ int Symbol_insert(struct symbol *data, const char *key)
struct s_x2 array;
array.size = size = x2a->size*2;
array.count = x2a->count;
array.tbl = (x2node*)malloc(
(sizeof(x2node) + sizeof(x2node*))*size );
array.tbl = (x2node*)calloc(size, sizeof(x2node) + sizeof(x2node*));
if( array.tbl==0 ) return 0; /* Fail due to malloc failure */
array.ht = (x2node**)&(array.tbl[size]);
for(i=0; i<size; i++) array.ht[i] = 0;
@ -4810,8 +4805,7 @@ void State_init(){
if( x3a ){
x3a->size = 128;
x3a->count = 0;
x3a->tbl = (x3node*)malloc(
(sizeof(x3node) + sizeof(x3node*))*128 );
x3a->tbl = (x3node*)calloc(128, sizeof(x3node) + sizeof(x3node*));
if( x3a->tbl==0 ){
free(x3a);
x3a = 0;
@ -4848,8 +4842,7 @@ int State_insert(struct state *data, struct config *key)
struct s_x3 array;
array.size = size = x3a->size*2;
array.count = x3a->count;
array.tbl = (x3node*)malloc(
(sizeof(x3node) + sizeof(x3node*))*size );
array.tbl = (x3node*)calloc(size, sizeof(x3node) + sizeof(x3node*));
if( array.tbl==0 ) return 0; /* Fail due to malloc failure */
array.ht = (x3node**)&(array.tbl[size]);
for(i=0; i<size; i++) array.ht[i] = 0;
@ -4906,7 +4899,7 @@ struct state **State_arrayof()
int i,size;
if( x3a==0 ) return 0;
size = x3a->count;
array = (struct state **)malloc( sizeof(struct state *)*size );
array = (struct state **)calloc(size, sizeof(struct state *));
if( array ){
for(i=0; i<size; i++) array[i] = x3a->tbl[i].data;
}
@ -4952,8 +4945,7 @@ void Configtable_init(){
if( x4a ){
x4a->size = 64;
x4a->count = 0;
x4a->tbl = (x4node*)malloc(
(sizeof(x4node) + sizeof(x4node*))*64 );
x4a->tbl = (x4node*)calloc(64, sizeof(x4node) + sizeof(x4node*));
if( x4a->tbl==0 ){
free(x4a);
x4a = 0;
@ -4990,8 +4982,7 @@ int Configtable_insert(struct config *data)
struct s_x4 array;
array.size = size = x4a->size*2;
array.count = x4a->count;
array.tbl = (x4node*)malloc(
(sizeof(x4node) + sizeof(x4node*))*size );
array.tbl = (x4node*)calloc(size, sizeof(x4node) + sizeof(x4node*));
if( array.tbl==0 ) return 0; /* Fail due to malloc failure */
array.ht = (x4node**)&(array.tbl[size]);
for(i=0; i<size; i++) array.ht[i] = 0;