From 942314aa6961b254cd5bd2cf81113b3e7533b0e3 Mon Sep 17 00:00:00 2001 From: Sandu Liviu Catalin Date: Fri, 26 Aug 2016 18:22:45 +0300 Subject: [PATCH] Perform proper range checking for columns and parameters in the SQLite statements. --- modules/sqlite/Column.hpp | 7 +++++-- modules/sqlite/Parameter.hpp | 7 +++++-- modules/sqlite/Statement.cpp | 30 ++++++++++++++++-------------- modules/sqlite/Statement.hpp | 16 ++++++++++++++-- 4 files changed, 40 insertions(+), 20 deletions(-) diff --git a/modules/sqlite/Column.hpp b/modules/sqlite/Column.hpp index 132063c3..00e5888d 100644 --- a/modules/sqlite/Column.hpp +++ b/modules/sqlite/Column.hpp @@ -82,9 +82,12 @@ protected: */ void SetIndex(Int32 idx) { + // Assign the index with a failsafe to invalid on error + AutoAssign< Int32 > aa(m_Index, -1, idx); + // Validate the obtained column index SQMOD_VALIDATE_COLUMN(*this, idx); - // Assign the new index - m_Index = idx; + // Don't fall back to the invalid index anymore + aa.Set(idx); } /* -------------------------------------------------------------------------------------------- diff --git a/modules/sqlite/Parameter.hpp b/modules/sqlite/Parameter.hpp index 46e07c75..9be7bedf 100644 --- a/modules/sqlite/Parameter.hpp +++ b/modules/sqlite/Parameter.hpp @@ -76,9 +76,12 @@ protected: */ void SetIndex(Int32 idx) { + // Assign the index with a failsafe to invalid on error + AutoAssign< Int32 > aa(m_Index, -1, idx); + // Validate the obtained parameter index SQMOD_VALIDATE_PARAM(*this, idx); - // Assign the new index - m_Index = idx; + // Don't fall back to the invalid index anymore + aa.Set(idx); } /* -------------------------------------------------------------------------------------------- diff --git a/modules/sqlite/Statement.cpp b/modules/sqlite/Statement.cpp index f5276449..e86040c6 100644 --- a/modules/sqlite/Statement.cpp +++ b/modules/sqlite/Statement.cpp @@ -337,17 +337,17 @@ Statement & Statement::SetTable(const Table & tbl) Array Statement::GetArray(Int32 min, Int32 max) const { SQMOD_VALIDATE_ROW(*this); - // Was there anything selected? - if (min == max) + // Is the specified minimum index valid? + if (min < 0) { - return Array(); // Nothing to retrieve + STHROWF("Minimum is bellow zero: %d", min); } // Is the minimum actually the minimum? else if (min > max) { STHROWF("Minimum is higher than maximum: %d > %d", min, max); } - // Is the minimum in range> + // Is the minimum in range? else if (!m_Handle->CheckColumn(min)) { STHROWF("Minimum is out of range: %d:%d", min, m_Handle->mColumns); @@ -361,13 +361,15 @@ Array Statement::GetArray(Int32 min, Int32 max) const Array arr(DefaultVM::Get(), max-min); // Create a column instance to retrieve the values Column column(m_Handle); + // Array element counter + Int32 elem = 0; // Process the range of selected columns - for (Int32 elem = 0, idx = min; idx < max; ++elem, ++idx) + while (min <= max) { // Update the column index - column.SetIndex(idx); + column.SetIndex(min++); // Retrieve the column value and bind it to the array - arr.SetValue(elem, column.GetValue()); + arr.SetValue(elem++, column.GetValue()); } // Return the resulted array return arr; @@ -377,10 +379,10 @@ Array Statement::GetArray(Int32 min, Int32 max) const Table Statement::GetTable(Int32 min, Int32 max) const { SQMOD_VALIDATE_ROW(*this); - // Was there anything selected? - if (min == max) + // Is the specified minimum index valid? + if (min < 0) { - return Table(); // Nothing to retrieve + STHROWF("Minimum is bellow zero: %d", min); } // Is the minimum actually the minimum? else if (min > max) @@ -402,17 +404,17 @@ Table Statement::GetTable(Int32 min, Int32 max) const // Create a column instance to retrieve the values Column column(m_Handle); // Process the range of selected columns - for (Int32 elem = 0, idx = min; idx < max; ++elem, ++idx) + while (min <= max) { // Attempt to obtain the column name - CSStr name = sqlite3_column_name(m_Handle->mPtr, idx); + CSStr name = sqlite3_column_name(m_Handle->mPtr, min); // Validate the obtained name if (!name) { - STHROWF("Unable to retrieve name of column (%d)", idx); + STHROWF("Unable to retrieve name of column (%d)", min); } // Update the column index - column.SetIndex(idx); + column.SetIndex(min++); // Retrieve the column value and bind it to the table tbl.SetValue(name, column.GetValue()); } diff --git a/modules/sqlite/Statement.hpp b/modules/sqlite/Statement.hpp index c7a09412..68b0b810 100644 --- a/modules/sqlite/Statement.hpp +++ b/modules/sqlite/Statement.hpp @@ -860,7 +860,13 @@ public: */ Table GetTable() const { - return GetTable(0, SQMOD_GET_CREATED(*this)->mColumns); + // Is there something to return? + if (SQMOD_GET_CREATED(*this)->mColumns > 0) + { + return GetTable(0, m_Handle->mColumns - 1); + } + // Fallback to empty table + return NullTable(); } /* -------------------------------------------------------------------------------------------- @@ -868,7 +874,13 @@ public: */ Table GetTable(Int32 min) const { - return GetTable(min, SQMOD_GET_CREATED(*this)->mColumns); + // Is there something to return? + if (SQMOD_GET_CREATED(*this)->mColumns > 0) + { + return GetTable(min, m_Handle->mColumns - 1); + } + // Fallback to empty table + return NullTable(); } /* --------------------------------------------------------------------------------------------