thijn/SqMod
1
0
Fork 0
mirror of https://github.com/VCMP-SqMod/SqMod.git synced 2025-02-21 20:27:13 +01:00
Code Releases Activity

Perform proper range checking for columns and parameters in the SQLite statements.

Browse Source
This commit is contained in:
Sandu Liviu Catalin 2016-08-26 18:22:45 +03:00
parent 9fcb65f63d
commit 942314aa69
4 changed files with 40 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/sqlite/Column.hpp
View File

@ -82,9 +82,12 @@ protected:
*/ */
void SetIndex(Int32 idx) void SetIndex(Int32 idx)
{ {
// Assign the index with a failsafe to invalid on error
AutoAssign< Int32 > aa(m_Index, -1, idx);
// Validate the obtained column index
SQMOD_VALIDATE_COLUMN(*this, idx); SQMOD_VALIDATE_COLUMN(*this, idx);
// Assign the new index // Don't fall back to the invalid index anymore
m_Index = idx; aa.Set(idx);
} }
/* -------------------------------------------------------------------------------------------- /* --------------------------------------------------------------------------------------------

7
modules/sqlite/Parameter.hpp
View File

@ -76,9 +76,12 @@ protected:
*/ */
void SetIndex(Int32 idx) void SetIndex(Int32 idx)
{ {
// Assign the index with a failsafe to invalid on error
AutoAssign< Int32 > aa(m_Index, -1, idx);
// Validate the obtained parameter index
SQMOD_VALIDATE_PARAM(*this, idx); SQMOD_VALIDATE_PARAM(*this, idx);
// Assign the new index // Don't fall back to the invalid index anymore
m_Index = idx; aa.Set(idx);
} }
/* -------------------------------------------------------------------------------------------- /* --------------------------------------------------------------------------------------------

30
modules/sqlite/Statement.cpp
View File

@ -337,17 +337,17 @@ Statement & Statement::SetTable(const Table & tbl)
Array Statement::GetArray(Int32 min, Int32 max) const Array Statement::GetArray(Int32 min, Int32 max) const
{ {
SQMOD_VALIDATE_ROW(*this); SQMOD_VALIDATE_ROW(*this);
// Was there anything selected? // Is the specified minimum index valid?
if (min == max) if (min < 0)
{ {
return Array(); // Nothing to retrieve STHROWF("Minimum is bellow zero: %d", min);
} }
// Is the minimum actually the minimum? // Is the minimum actually the minimum?
else if (min > max) else if (min > max)
{ {
STHROWF("Minimum is higher than maximum: %d > %d", min, max); STHROWF("Minimum is higher than maximum: %d > %d", min, max);
} }
// Is the minimum in range> // Is the minimum in range?
else if (!m_Handle->CheckColumn(min)) else if (!m_Handle->CheckColumn(min))
{ {
STHROWF("Minimum is out of range: %d:%d", min, m_Handle->mColumns); STHROWF("Minimum is out of range: %d:%d", min, m_Handle->mColumns);
@ -361,13 +361,15 @@ Array Statement::GetArray(Int32 min, Int32 max) const
Array arr(DefaultVM::Get(), max-min); Array arr(DefaultVM::Get(), max-min);
// Create a column instance to retrieve the values // Create a column instance to retrieve the values
Column column(m_Handle); Column column(m_Handle);
// Array element counter
Int32 elem = 0;
// Process the range of selected columns // Process the range of selected columns
for (Int32 elem = 0, idx = min; idx < max; ++elem, ++idx) while (min <= max)
{ {
// Update the column index // Update the column index
column.SetIndex(idx); column.SetIndex(min++);
// Retrieve the column value and bind it to the array // Retrieve the column value and bind it to the array
arr.SetValue(elem, column.GetValue()); arr.SetValue(elem++, column.GetValue());
} }
// Return the resulted array // Return the resulted array
return arr; return arr;
@ -377,10 +379,10 @@ Array Statement::GetArray(Int32 min, Int32 max) const
Table Statement::GetTable(Int32 min, Int32 max) const Table Statement::GetTable(Int32 min, Int32 max) const
{ {
SQMOD_VALIDATE_ROW(*this); SQMOD_VALIDATE_ROW(*this);
// Was there anything selected? // Is the specified minimum index valid?
if (min == max) if (min < 0)
{ {
return Table(); // Nothing to retrieve STHROWF("Minimum is bellow zero: %d", min);
} }
// Is the minimum actually the minimum? // Is the minimum actually the minimum?
else if (min > max) else if (min > max)
@ -402,17 +404,17 @@ Table Statement::GetTable(Int32 min, Int32 max) const
// Create a column instance to retrieve the values // Create a column instance to retrieve the values
Column column(m_Handle); Column column(m_Handle);
// Process the range of selected columns // Process the range of selected columns
for (Int32 elem = 0, idx = min; idx < max; ++elem, ++idx) while (min <= max)
{ {
// Attempt to obtain the column name // Attempt to obtain the column name
CSStr name = sqlite3_column_name(m_Handle->mPtr, idx); CSStr name = sqlite3_column_name(m_Handle->mPtr, min);
// Validate the obtained name // Validate the obtained name
if (!name) if (!name)
{ {
STHROWF("Unable to retrieve name of column (%d)", idx); STHROWF("Unable to retrieve name of column (%d)", min);
} }
// Update the column index // Update the column index
column.SetIndex(idx); column.SetIndex(min++);
// Retrieve the column value and bind it to the table // Retrieve the column value and bind it to the table
tbl.SetValue(name, column.GetValue()); tbl.SetValue(name, column.GetValue());
} }

16
modules/sqlite/Statement.hpp
View File

@ -860,7 +860,13 @@ public:
*/ */
Table GetTable() const Table GetTable() const
{ {
return GetTable(0, SQMOD_GET_CREATED(*this)->mColumns); // Is there something to return?
if (SQMOD_GET_CREATED(*this)->mColumns > 0)
{
return GetTable(0, m_Handle->mColumns - 1);
}
// Fallback to empty table
return NullTable();
} }
/* -------------------------------------------------------------------------------------------- /* --------------------------------------------------------------------------------------------
@ -868,7 +874,13 @@ public:
*/ */
Table GetTable(Int32 min) const Table GetTable(Int32 min) const
{ {
return GetTable(min, SQMOD_GET_CREATED(*this)->mColumns); // Is there something to return?
if (SQMOD_GET_CREATED(*this)->mColumns > 0)
{
return GetTable(min, m_Handle->mColumns - 1);
}
// Fallback to empty table
return NullTable();
} }
/* -------------------------------------------------------------------------------------------- /* --------------------------------------------------------------------------------------------