LibSQL: Limit the allowed depth of an expression tree

According to the definition at https://sqlite.org/lang_expr.html, SQL expressions could be infinitely deep. For practicality, SQLite enforces a maxiumum expression tree depth of 1000. Apply the same limit in LibSQL to avoid stack overflow in the expression parser. Fixes https://crbug.com/oss-fuzz/34859.
author: Timothy Flynn <trflynn89@pm.me> 2021-06-05 09:55:16 -0400
committer: Ali Mohammad Pur <Ali.mpfard@gmail.com> 2021-06-05 23:48:18 +0430
commit: f8f36effc9d3fdcf8b780ea2c80bf2fbf9241b8a (patch)
tree: d15f1dcb3b63d94f383144cf23e9e3d053ca1692 /Tests
parent: 3d9bcb860ea8e5caec376a6380ad177bbd3b9172 (diff)
download: serenity-f8f36effc9d3fdcf8b780ea2c80bf2fbf9241b8a.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/Tests/LibSQL/TestSqlExpressionParser.cpp b/Tests/LibSQL/TestSqlExpressionParser.cpp
index c2a6b3bfd7..4cf58324f2 100644
--- a/Tests/LibSQL/TestSqlExpressionParser.cpp
+++ b/Tests/LibSQL/TestSqlExpressionParser.cpp
@@ -602,3 +602,10 @@ TEST_CASE(in_selection_expression)
     validate("15 IN (SELECT * FROM table)", false);
     validate("15 NOT IN (SELECT * FROM table)", true);
 }
+
+TEST_CASE(stack_limit)
+{
+    auto too_deep_expression = String::formatted("{:+^{}}1", "", SQL::Limits::maximum_expression_tree_depth);
+    EXPECT(!parse(too_deep_expression.substring_view(1)).is_error());
+    EXPECT(parse(too_deep_expression).is_error());
+}
author	Timothy Flynn <trflynn89@pm.me>	2021-06-05 09:55:16 -0400
committer	Ali Mohammad Pur <Ali.mpfard@gmail.com>	2021-06-05 23:48:18 +0430
commit	f8f36effc9d3fdcf8b780ea2c80bf2fbf9241b8a (patch)
tree	d15f1dcb3b63d94f383144cf23e9e3d053ca1692 /Tests
parent	3d9bcb860ea8e5caec376a6380ad177bbd3b9172 (diff)
download	serenity-f8f36effc9d3fdcf8b780ea2c80bf2fbf9241b8a.zip