diff options
| author | Timothy Flynn <trflynn89@pm.me> | 2021-06-02 21:23:40 -0400 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-06-03 08:30:13 +0200 |
| commit | a870eac0eb5b9ae2261554f5b40f1711c867cc1d (patch) | |
| tree | d9fe326255b9e608c310c4b2763f9efd1013dbdf | |
| parent | 0ff09d4f745c6418420a9224ee0f2587d806900c (diff) | |
| download | serenity-a870eac0eb5b9ae2261554f5b40f1711c867cc1d.zip | |
LibSQL: Report a syntax error for unsupported LIMIT clause syntax
Rather than aborting when a LIMIT clause of the form 'LIMIT expr, expr'
is encountered, fail the parser with a syntax error. This will be nicer
for the user and fixes the following fuzzer bug:
https://crbug.com/oss-fuzz/34837
| -rw-r--r-- | Tests/LibSQL/TestSqlStatementParser.cpp | 1 | ||||
| -rw-r--r-- | Userland/Libraries/LibSQL/Parser.cpp | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/Tests/LibSQL/TestSqlStatementParser.cpp b/Tests/LibSQL/TestSqlStatementParser.cpp index 64fbe3fb3e..bf262d4907 100644 --- a/Tests/LibSQL/TestSqlStatementParser.cpp +++ b/Tests/LibSQL/TestSqlStatementParser.cpp @@ -547,6 +547,7 @@ TEST_CASE(select) EXPECT(parse("SELECT * FROM table LIMIT 12").is_error()); EXPECT(parse("SELECT * FROM table LIMIT 12 OFFSET;").is_error()); EXPECT(parse("SELECT * FROM table LIMIT 12 OFFSET 15").is_error()); + EXPECT(parse("SELECT * FROM table LIMIT 15, 16;").is_error()); struct Type { SQL::ResultType type; diff --git a/Userland/Libraries/LibSQL/Parser.cpp b/Userland/Libraries/LibSQL/Parser.cpp index b12ed59717..26d3fac53f 100644 --- a/Userland/Libraries/LibSQL/Parser.cpp +++ b/Userland/Libraries/LibSQL/Parser.cpp @@ -321,11 +321,11 @@ NonnullRefPtr<Select> Parser::parse_select_statement(RefPtr<CommonTableExpressio RefPtr<Expression> offset_expression; if (consume_if(TokenType::Offset)) { offset_expression = parse_expression(); - } else { + } else if (consume_if(TokenType::Comma)) { // Note: The limit clause may instead be defined as "offset-expression, limit-expression", effectively reversing the // order of the expressions. SQLite notes "this is counter-intuitive" and "to avoid confusion, programmers are strongly // encouraged to ... avoid using a LIMIT clause with a comma-separated offset." - VERIFY(!consume_if(TokenType::Comma)); + syntax_error("LIMIT clauses of the form 'LIMIT <expr>, <expr>' are not supported"); } limit_clause = create_ast_node<LimitClause>(move(limit_expression), move(offset_expression)); |