SQLite

Check-in [193c87fc96]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not make SQLITE_READ authorizer calls for tables without names, as all such tables will be internal-use-only tables for subqueries and whatnot.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 193c87fc96f964984a144c1a4506ef9db033ab2b80e64dd4d09d820fef466407
User & Date: drh 2019-08-07 13:25:21.372
Context
2019-08-07
17:45
Eliminate some more cases of redundant sorting in window-function queries. (check-in: 8158d2aca6 user: dan tags: trunk)
13:25
Do not make SQLITE_READ authorizer calls for tables without names, as all such tables will be internal-use-only tables for subqueries and whatnot. (check-in: 193c87fc96 user: drh tags: trunk)
2019-08-06
21:16
Ensure that when the col in an operator like "val IN(col)" is a column of a view, its affinity is not used to coerce val. Fix for [0a5e2c1d]. (check-in: 17b3d2218c user: dan tags: trunk)
Changes
Unified Diff Show Whitespace Changes Patch
Changes to src/select.c. 
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870

    ** have a column named by the empty string, in which case there is no way to
    ** distinguish between an unreferenced table and an actual reference to the
    ** "" column. The original design was for the fake column name to be a NULL,
    ** which would be unambiguous.  But legacy authorization callbacks might
    ** assume the column name is non-NULL and segfault.  The use of an empty
    ** string for the fake column name seems safer.
    */
    if( pItem->colUsed==0 ){
      sqlite3AuthCheck(pParse, SQLITE_READ, pItem->zName, "", pItem->zDatabase);
    }

#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
    /* Generate code for all sub-queries in the FROM clause
    */
    pSub = pItem->pSelect;








|








5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870

    ** have a column named by the empty string, in which case there is no way to
    ** distinguish between an unreferenced table and an actual reference to the
    ** "" column. The original design was for the fake column name to be a NULL,
    ** which would be unambiguous.  But legacy authorization callbacks might
    ** assume the column name is non-NULL and segfault.  The use of an empty
    ** string for the fake column name seems safer.
    */
    if( pItem->colUsed==0 && pItem->zName!=0 ){
      sqlite3AuthCheck(pParse, SQLITE_READ, pItem->zName, "", pItem->zDatabase);
    }

#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
    /* Generate code for all sub-queries in the FROM clause
    */
    pSub = pItem->pSelect;