Perform proper range checking for columns and parameters in the SQLite statements.

2025-02-20 19:57:12 +01:00 · 2016-08-26 18:22:45 +03:00 · 2016-08-26 18:22:45 +03:00 · 942314aa69
commit 942314aa69
parent 9fcb65f63d
4 changed files with 40 additions and 20 deletions
--- a/modules/sqlite/Column.hpp
+++ b/modules/sqlite/Column.hpp
@ -82,9 +82,12 @@ protected:
    */
    void SetIndex(Int32 idx)
    {
+        // Assign the index with a failsafe to invalid on error
+        AutoAssign< Int32 > aa(m_Index, -1, idx);
+        // Validate the obtained column index
        SQMOD_VALIDATE_COLUMN(*this, idx);
-        // Assign the new index
-        m_Index = idx;
+        // Don't fall back to the invalid index anymore
+        aa.Set(idx);
    }

    /* --------------------------------------------------------------------------------------------
--- a/modules/sqlite/Parameter.hpp
+++ b/modules/sqlite/Parameter.hpp
@ -76,9 +76,12 @@ protected:
    */
    void SetIndex(Int32 idx)
    {
+        // Assign the index with a failsafe to invalid on error
+        AutoAssign< Int32 > aa(m_Index, -1, idx);
+        // Validate the obtained parameter index
        SQMOD_VALIDATE_PARAM(*this, idx);
-        // Assign the new index
-        m_Index = idx;
+        // Don't fall back to the invalid index anymore
+        aa.Set(idx);
    }

    /* --------------------------------------------------------------------------------------------
--- a/modules/sqlite/Statement.cpp
+++ b/modules/sqlite/Statement.cpp
@ -337,17 +337,17 @@ Statement & Statement::SetTable(const Table & tbl)
 Array Statement::GetArray(Int32 min, Int32 max) const
 {
    SQMOD_VALIDATE_ROW(*this);
-    // Was there anything selected?
-    if (min == max)
+    // Is the specified minimum index valid?
+    if (min < 0)
    {
-        return Array(); // Nothing to retrieve
+        STHROWF("Minimum is bellow zero: %d", min);
    }
    // Is the minimum actually the minimum?
    else if (min > max)
    {
        STHROWF("Minimum is higher than maximum: %d > %d", min, max);
    }
-    // Is the minimum in range>
+    // Is the minimum in range?
    else if (!m_Handle->CheckColumn(min))
    {
        STHROWF("Minimum is out of range: %d:%d", min, m_Handle->mColumns);
@ -361,13 +361,15 @@ Array Statement::GetArray(Int32 min, Int32 max) const
    Array arr(DefaultVM::Get(), max-min);
    // Create a column instance to retrieve the values
    Column column(m_Handle);
+    // Array element counter
+    Int32 elem = 0;
    // Process the range of selected columns
-    for (Int32 elem = 0, idx = min; idx < max; ++elem, ++idx)
+    while (min <= max)
    {
        // Update the column index
-        column.SetIndex(idx);
+        column.SetIndex(min++);
        // Retrieve the column value and bind it to the array
-        arr.SetValue(elem, column.GetValue());
+        arr.SetValue(elem++, column.GetValue());
    }
    // Return the resulted array
    return arr;
@ -377,10 +379,10 @@ Array Statement::GetArray(Int32 min, Int32 max) const
 Table Statement::GetTable(Int32 min, Int32 max) const
 {
    SQMOD_VALIDATE_ROW(*this);
-    // Was there anything selected?
-    if (min == max)
+    // Is the specified minimum index valid?
+    if (min < 0)
    {
-        return Table(); // Nothing to retrieve
+        STHROWF("Minimum is bellow zero: %d", min);
    }
    // Is the minimum actually the minimum?
    else if (min > max)
@ -402,17 +404,17 @@ Table Statement::GetTable(Int32 min, Int32 max) const
    // Create a column instance to retrieve the values
    Column column(m_Handle);
    // Process the range of selected columns
-    for (Int32 elem = 0, idx = min; idx < max; ++elem, ++idx)
+    while (min <= max)
    {
        // Attempt to obtain the column name
-        CSStr name = sqlite3_column_name(m_Handle->mPtr, idx);
+        CSStr name = sqlite3_column_name(m_Handle->mPtr, min);
        // Validate the obtained name
        if (!name)
        {
-            STHROWF("Unable to retrieve name of column (%d)", idx);
+            STHROWF("Unable to retrieve name of column (%d)", min);
        }
        // Update the column index
-        column.SetIndex(idx);
+        column.SetIndex(min++);
        // Retrieve the column value and bind it to the table
        tbl.SetValue(name, column.GetValue());
    }
--- a/modules/sqlite/Statement.hpp
+++ b/modules/sqlite/Statement.hpp
@ -860,7 +860,13 @@ public:
    */
    Table GetTable() const
    {
-        return GetTable(0, SQMOD_GET_CREATED(*this)->mColumns);
+        // Is there something to return?
+        if (SQMOD_GET_CREATED(*this)->mColumns > 0)
+        {
+            return GetTable(0, m_Handle->mColumns - 1);
+        }
+        // Fallback to empty table
+        return NullTable();
    }

    /* --------------------------------------------------------------------------------------------
@ -868,7 +874,13 @@ public:
    */
    Table GetTable(Int32 min) const
    {
-        return GetTable(min, SQMOD_GET_CREATED(*this)->mColumns);
+        // Is there something to return?
+        if (SQMOD_GET_CREATED(*this)->mColumns > 0)
+        {
+            return GetTable(min, m_Handle->mColumns - 1);
+        }
+        // Fallback to empty table
+        return NullTable();
    }

    /* --------------------------------------------------------------------------------------------