RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 08:58:11 +00:00
Code Issues Activity Actions

LibSQL: Limit the allowed depth of an expression tree

Browse source 
According to the definition at https://sqlite.org/lang_expr.html, SQL
expressions could be infinitely deep. For practicality, SQLite enforces
a maxiumum expression tree depth of 1000. Apply the same limit in
LibSQL to avoid stack overflow in the expression parser.

Fixes https://crbug.com/oss-fuzz/34859.
This commit is contained in:
Timothy Flynn 2021-06-05 09:55:16 -04:00 committed by Ali Mohammad Pur
parent 3d9bcb860e
commit f8f36effc9
3 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Userland/Libraries/LibSQL/Parser.h
View file

@ -14,6 +14,11 @@
namespace SQL {
namespace Limits {
// https://www.sqlite.org/limits.html
constexpr size_t maximum_expression_tree_depth = 1000;
}
class Parser {
struct Position {
size_t line { 0 };
@ -48,6 +53,7 @@ private:
Lexer m_lexer;
Token m_token;
Vector<Error> m_errors;
size_t m_current_expression_depth { 0 };
};
NonnullRefPtr<Statement> parse_statement();