From a870eac0eb5b9ae2261554f5b40f1711c867cc1d Mon Sep 17 00:00:00 2001
From: Timothy Flynn <trflynn89@pm.me>
Date: Wed, 2 Jun 2021 21:23:40 -0400
Subject: [PATCH] LibSQL: Report a syntax error for unsupported LIMIT clause
 syntax

Rather than aborting when a LIMIT clause of the form 'LIMIT expr, expr'
is encountered, fail the parser with a syntax error. This will be nicer
for the user and fixes the following fuzzer bug:
https://crbug.com/oss-fuzz/34837
---
 Tests/LibSQL/TestSqlStatementParser.cpp | 1 +
 Userland/Libraries/LibSQL/Parser.cpp    | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Tests/LibSQL/TestSqlStatementParser.cpp b/Tests/LibSQL/TestSqlStatementParser.cpp
index 64fbe3fb3e..bf262d4907 100644
--- a/Tests/LibSQL/TestSqlStatementParser.cpp
+++ b/Tests/LibSQL/TestSqlStatementParser.cpp
@@ -547,6 +547,7 @@ TEST_CASE(select)
     EXPECT(parse("SELECT * FROM table LIMIT 12").is_error());
     EXPECT(parse("SELECT * FROM table LIMIT 12 OFFSET;").is_error());
     EXPECT(parse("SELECT * FROM table LIMIT 12 OFFSET 15").is_error());
+    EXPECT(parse("SELECT * FROM table LIMIT 15, 16;").is_error());
 
     struct Type {
         SQL::ResultType type;
diff --git a/Userland/Libraries/LibSQL/Parser.cpp b/Userland/Libraries/LibSQL/Parser.cpp
index b12ed59717..26d3fac53f 100644
--- a/Userland/Libraries/LibSQL/Parser.cpp
+++ b/Userland/Libraries/LibSQL/Parser.cpp
@@ -321,11 +321,11 @@ NonnullRefPtr<Select> Parser::parse_select_statement(RefPtr<CommonTableExpressio
         RefPtr<Expression> offset_expression;
         if (consume_if(TokenType::Offset)) {
             offset_expression = parse_expression();
-        } else {
+        } else if (consume_if(TokenType::Comma)) {
             // Note: The limit clause may instead be defined as "offset-expression, limit-expression", effectively reversing the
             // order of the expressions. SQLite notes "this is counter-intuitive" and "to avoid confusion, programmers are strongly
             // encouraged to ... avoid using a LIMIT clause with a comma-separated offset."
-            VERIFY(!consume_if(TokenType::Comma));
+            syntax_error("LIMIT clauses of the form 'LIMIT <expr>, <expr>' are not supported");
         }
 
         limit_clause = create_ast_node<LimitClause>(move(limit_expression), move(offset_expression));