fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2026-03-06 13:35:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibSQL: Limit the allowed depth of an expression tree

Browse Source 
According to the definition at https://sqlite.org/lang_expr.html, SQL
expressions could be infinitely deep. For practicality, SQLite enforces
a maxiumum expression tree depth of 1000. Apply the same limit in
LibSQL to avoid stack overflow in the expression parser.

Fixes https://crbug.com/oss-fuzz/34859.
This commit is contained in:
Timothy Flynn
2021-06-05 09:55:16 -04:00
committed by Ali Mohammad Pur
parent 3d9bcb860e
commit f8f36effc9
3 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Userland/Libraries/LibSQL/Parser.cpp
View File

@@ -352,6 +352,11 @@ RefPtr<CommonTableExpressionList> Parser::parse_common_table_expression_list()
NonnullRefPtr<Expression> Parser::parse_expression()
{
if (++m_parser_state.m_current_expression_depth > Limits::maximum_expression_tree_depth) {
syntax_error(String::formatted("Exceeded maximum expression tree depth of {}", Limits::maximum_expression_tree_depth));
return create_ast_node<ErrorExpression>();
}
// https://sqlite.org/lang_expr.html
auto expression = parse_primary_expression();
@@ -362,6 +367,7 @@ NonnullRefPtr<Expression> Parser::parse_expression()
// FIXME: Parse 'function-name'.
// FIXME: Parse 'raise-function'.
--m_parser_state.m_current_expression_depth;
return expression;
}