GNOME Bugzilla – Bug 427605
Crash in gda_delimiter_parse with too long tokens
Last modified: 2007-04-14 15:34:38 UTC
gda_delimiter_parse() crashes when the SQL query fed to it contains tokens that are too long. The attached testcase has the problem with a string of length 2976 bytes, but not with 2975 bytes.
Created attachment 86012 [details] Testcase This crashes when DO_CRASH is defined by feeding a string with 2976 characters to gda_delimiter_parse(). Otherwise, it does not crash and only gives 2975 characters to the function.
Created attachment 86288 [details] [review] proposed patch The problem probably comes from the fact that the lexer limits token sizes to 2048 bytes but does not check the actual token sizes. The attached patch adds some tests. You should normally not have any crash anymore, but a reported error such as: SQL Parser error: Token too long (limited to 2048 bytes) near `c' If the patch is Ok, then I'll augment the limit to 3 or 4 kb, or add a dynamic limit.
Created attachment 86294 [details] [review] patch for libgda/sql-delimiter/lexer.l This patch is better since it uses a GString and so imposes no limit on the size of strings or textual expressions. If it's Ok I'll apply it in SVN.
Your patch works for me. Thanks.
Ok, closing it then.