firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-22 21:23:04 +01:00
Code Issues

Fixed CORE-4781 - Maximum string length (32765 bytes) is not validated.

Browse Source
This commit is contained in:
asfernandes 2015-05-04 16:24:10 +00:00
parent 7400866d99
commit bdbdc30efc
11 changed files with 45 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lang_helpers/gds_codes.ftn
View File

@ -2332,6 +2332,8 @@ C --
PARAMETER (GDS__dsql_wlock_conflict = 336397329)
INTEGER*4 GDS__dsql_max_exception_arguments
PARAMETER (GDS__dsql_max_exception_arguments = 336397330)
INTEGER*4 GDS__dsql_string_length
PARAMETER (GDS__dsql_string_length = 336397331)
INTEGER*4 GDS__gsec_cant_open_db
PARAMETER (GDS__gsec_cant_open_db = 336723983)
INTEGER*4 GDS__gsec_switches_error

1
lang_helpers/gds_codes.pas
View File

@ -1173,6 +1173,7 @@ const
gds_dsql_wlock_aggregates = 336397328;
gds_dsql_wlock_conflict = 336397329;
gds_dsql_max_exception_arguments = 336397330;
gds_dsql_string_length = 336397331;
gds_gsec_cant_open_db = 336723983;
gds_gsec_switches_error = 336723984;
gds_gsec_no_op_spec = 336723985;

33
src/dsql/Parser.cpp
View File

@ -483,6 +483,18 @@ int Parser::yylexAux()
}
*p = *lex.ptr++;
}
if (p - buffer > MAX_COLUMN_SIZE - sizeof(USHORT))
{
if (buffer != string)
gds__free (buffer);
ERRD_post(Arg::Gds(isc_sqlerr) << Arg::Num(-104) <<
Arg::Gds(isc_dsql_string_length) <<
Arg::Num(p - buffer) <<
Arg::Num(MAX_COLUMN_SIZE - sizeof(USHORT)));
}
if (c == '"')
{
stmt_ambiguous = true;
@ -654,6 +666,14 @@ int Parser::yylexAux()
byte = c;
}
if (temp.length() > MAX_COLUMN_SIZE - sizeof(USHORT))
{
ERRD_post(Arg::Gds(isc_sqlerr) << Arg::Num(-104) <<
Arg::Gds(isc_dsql_string_length) <<
Arg::Num(temp.length()) <<
Arg::Num(MAX_COLUMN_SIZE - sizeof(USHORT)));
}
yylval.intlStringPtr = newIntlString(temp, "BINARY");
return STRING;
@ -693,8 +713,17 @@ int Parser::yylexAux()
{
if (*lex.ptr == endChar && *++lex.ptr == '\'')
{
yylval.intlStringPtr = newIntlString(
Firebird::string(lex.last_token + 3, lex.ptr - lex.last_token - 4));
size_t len = lex.ptr - lex.last_token - 4;
if (len > MAX_COLUMN_SIZE - sizeof(USHORT))
{
ERRD_post(Arg::Gds(isc_sqlerr) << Arg::Num(-104) <<
Arg::Gds(isc_dsql_string_length) <<
Arg::Num(len) <<
Arg::Num(MAX_COLUMN_SIZE - sizeof(USHORT)));
}
yylval.intlStringPtr = newIntlString(Firebird::string(lex.last_token + 3, len));
++lex.ptr;

1
src/include/gen/codetext.h
View File

@ -1162,6 +1162,7 @@ static const struct {
{"dsql_wlock_aggregates", 336397328},
{"dsql_wlock_conflict", 336397329},
{"dsql_max_exception_arguments", 336397330},
{"dsql_string_length", 336397331},
{"gsec_cant_open_db", 336723983},
{"gsec_switches_error", 336723984},
{"gsec_no_op_spec", 336723985},

6
src/include/gen/iberror.h
View File

@ -1196,6 +1196,7 @@ const ISC_STATUS isc_dsql_firstskip_rows = 336397327L;
const ISC_STATUS isc_dsql_wlock_aggregates = 336397328L;
const ISC_STATUS isc_dsql_wlock_conflict = 336397329L;
const ISC_STATUS isc_dsql_max_exception_arguments = 336397330L;
const ISC_STATUS isc_dsql_string_length = 336397331L;
const ISC_STATUS isc_gsec_cant_open_db = 336723983L;
const ISC_STATUS isc_gsec_switches_error = 336723984L;
const ISC_STATUS isc_gsec_no_op_spec = 336723985L;
@ -1298,7 +1299,7 @@ const ISC_STATUS isc_trace_switch_user_only = 337182757L;
const ISC_STATUS isc_trace_switch_param_miss = 337182758L;
const ISC_STATUS isc_trace_param_act_notcompat = 337182759L;
const ISC_STATUS isc_trace_mandatory_switch_miss = 337182760L;
const ISC_STATUS isc_err_max = 1242;
const ISC_STATUS isc_err_max = 1243;
#else /* c definitions */
@ -2464,6 +2465,7 @@ const ISC_STATUS isc_err_max = 1242;
#define isc_dsql_wlock_aggregates 336397328L
#define isc_dsql_wlock_conflict 336397329L
#define isc_dsql_max_exception_arguments 336397330L
#define isc_dsql_string_length 336397331L
#define isc_gsec_cant_open_db 336723983L
#define isc_gsec_switches_error 336723984L
#define isc_gsec_no_op_spec 336723985L
@ -2566,7 +2568,7 @@ const ISC_STATUS isc_err_max = 1242;
#define isc_trace_switch_param_miss 337182758L
#define isc_trace_param_act_notcompat 337182759L
#define isc_trace_mandatory_switch_miss 337182760L
#define isc_err_max 1242
#define isc_err_max 1243
#endif

1
src/include/gen/msgs.h
View File

@ -1165,6 +1165,7 @@ Data source : @4"}, /* eds_statement */
{336397328, "WITH LOCK cannot be used with aggregates"}, /* dsql_wlock_aggregates */
{336397329, "WITH LOCK cannot be used with @1"}, /* dsql_wlock_conflict */
{336397330, "Number of arguments (@1) exceeds the maximum (@2) number of EXCEPTION USING arguments"}, /* dsql_max_exception_arguments */
{336397331, "String literal with @1 bytes exceeds the maximum length of @2 bytes"}, /* dsql_string_length */
{336723983, "unable to open database"}, /* gsec_cant_open_db */
{336723984, "error in switch specifications"}, /* gsec_switches_error */
{336723985, "no operation specified"}, /* gsec_no_op_spec */

1
src/include/gen/sql_code.h
View File

@ -1161,6 +1161,7 @@ static const struct {
{336397328, -104}, /* 1040 dsql_wlock_aggregates */
{336397329, -104}, /* 1041 dsql_wlock_conflict */
{336397330, -901}, /* 1042 dsql_max_exception_arguments */
{336397331, -901}, /* 1043 dsql_string_length */
{336723983, -901}, /* 15 gsec_cant_open_db */
{336723984, -901}, /* 16 gsec_switches_error */
{336723985, -901}, /* 17 gsec_no_op_spec */

1
src/include/gen/sql_state.h
View File

@ -1161,6 +1161,7 @@ static const struct {
{336397328, "42000"}, // 1040 dsql_wlock_aggregates
{336397329, "42000"}, // 1041 dsql_wlock_conflict
{336397330, "07002"}, // 1042 dsql_max_exception_arguments
{336397331, "42000"}, // 1043 dsql_string_length
{336723983, "00000"}, // 15 gsec_cant_open_db
{336723984, "00000"}, // 16 gsec_switches_error
{336723985, "00000"}, // 17 gsec_no_op_spec

2
src/msgs/facilities2.sql
View File

@ -10,7 +10,7 @@ set bulk_insert INSERT INTO FACILITIES (LAST_CHANGE, FACILITY, FAC_CODE, MAX_NUM
('1996-11-07 13:39:40', 'INSTALL', 10, 1)
('1996-11-07 13:38:41', 'TEST', 11, 4)
('2014-05-09 01:30:36', 'GBAK', 12, 361)
('2015-04-29 12:27:00', 'SQLERR', 13, 1043)
('2015-04-29 12:27:00', 'SQLERR', 13, 1044)
('1996-11-07 13:38:42', 'SQLWARN', 14, 613)
('2006-09-10 03:04:31', 'JRD_BUGCHK', 15, 307)
('2014-05-07 03:04:46', 'ISQL', 17, 190)

1
src/msgs/messages2.sql
View File

@ -2618,6 +2618,7 @@ ERROR: Backup incomplete', NULL, NULL);
('dsql_wlock_aggregates', 'pass1_rse_impl', 'pass1.cpp', NULL, 13, 1040, NULL, 'WITH LOCK cannot be used with aggregates', NULL, NULL);
('dsql_wlock_conflict', NULL, 'pass1.cpp', NULL, 13, 1041, NULL, 'WITH LOCK cannot be used with @1', NULL, NULL);
('dsql_max_exception_arguments', NULL, 'StmtNodes.cpp', NULL, 13, 1042, NULL, 'Number of arguments (@1) exceeds the maximum (@2) number of EXCEPTION USING arguments', NULL, NULL);
('dsql_string_length', NULL, 'Parser.cpp', NULL, 13, 1043, NULL, 'String literal with @1 bytes exceeds the maximum length of @2 bytes', NULL, NULL);
-- SQLWARN
(NULL, NULL, NULL, NULL, 14, 100, NULL, 'Row not found for fetch, update or delete, or the result of a query is an empty table.', NULL, NULL);
(NULL, NULL, NULL, NULL, 14, 101, NULL, 'segment buffer length shorter than expected', NULL, NULL);

1
src/msgs/system_errors2.sql
View File

@ -1155,6 +1155,7 @@ COMMIT WORK;
(-104, '42', '000', 13, 1040, 'dsql_wlock_aggregates', NULL, NULL)
(-104, '42', '000', 13, 1041, 'dsql_wlock_conflict', NULL, NULL)
(-901, '07', '002', 13, 1042, 'dsql_max_exception_arguments', NULL, NULL)
(-901, '42', '000', 13, 1043, 'dsql_string_length', NULL, NULL)
-- GSEC
(-901, '00', '000', 18, 15, 'gsec_cant_open_db', NULL, NULL)
(-901, '00', '000', 18, 16, 'gsec_switches_error', NULL, NULL)