RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 19:17:44 +00:00
Code Issues Activity Actions

LibSQL: Limit the number of nested subqueries

Browse source 
SQLite hasn't documented a limit on https://www.sqlite.org/limits.html
for the maximum number of nested subqueries. However, its parser is
generated with Yacc and has an internal limit of 100 for general nested
statements.

Fixes https://crbug.com/oss-fuzz/35022.
This commit is contained in:
Timothy Flynn 2021-06-08 09:22:06 -04:00 committed by Andreas Kling
parent 4e974e6d60
commit c7cd81bce8
3 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibSQL/Parser.h
View file

@ -17,6 +17,7 @@ namespace SQL {
namespace Limits {
// https://www.sqlite.org/limits.html
constexpr size_t maximum_expression_tree_depth = 1000;
constexpr size_t maximum_subquery_depth = 100;
}
class Parser {
@ -54,6 +55,7 @@ private:
Token m_token;
Vector<Error> m_errors;
size_t m_current_expression_depth { 0 };
size_t m_current_subquery_depth { 0 };
};
NonnullRefPtr<Statement> parse_statement();