Add the SQLITE_MAX_COMPOUND_SELECT compile-time parameter for limiting

the number of terms in a compound select statement.  Set the default limit
to 100. (CVS 4046)

FossilOrigin-Name: 0d71ad4591eae9de8749fb2da6455ac661587f7a

manifest

@@ -1,5 +1,5 @@
-C Fix\sa\svdbe\sstack\sleak\sthat\scould\soccur\swhere\sone\sside\sof\sa\sWHERE\sclause\sinequality\sevaluated\sto\sSQL\snull.\s(CVS\s4045)
+C Add\sthe\sSQLITE_MAX_COMPOUND_SELECT\scompile-time\sparameter\sfor\slimiting\nthe\snumber\sof\sterms\sin\sa\scompound\sselect\sstatement.\s\sSet\sthe\sdefault\slimit\nto\s100.\s(CVS\s4046)
-D 2007-06-02T07:54:38
+D 2007-06-07T10:55:36
 F Makefile.in a42354804b50c2708ce72cf79e4daa30f50191b5
 F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935
 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -77,7 +77,7 @@ F src/hash.c 67b23e14f0257b69a3e8aa663e4eeadc1a2b6fd5
 F src/hash.h 1b3f7e2609141fd571f62199fc38687d262e9564
 F src/insert.c e595ca26805dfb3a9ebaabc28e7947c479f3b14d
 F src/legacy.c 388c71ad7fbcd898ba1bcbfc98a3ac954bfa5d01
-F src/limits.h cf772eb244aae5859fa1554394866c27d3f3639c
+F src/limits.h 40c30b6379b6c3b90f9ea3fb07f4272273c82b8c
 F src/loadext.c afe4f4755dc49c36ef505748bbdddecb9f1d02a2
 F src/main.c 797dc983716c1480f6af78a36be3add8806211a1
 F src/malloc.c 07790014b4b126016ce3c94885a215e45eb07ad5
@@ -100,7 +100,7 @@ F src/pragma.c 0d25dad58bdfd6789943a10f1b9663c2eb85b96d
 F src/prepare.c 87c23644986b5e41a58bc76f05abebd899e00089
 F src/printf.c cd91e057fa7e2661673eecd4eeecf4900b1e5cfe
 F src/random.c 6119474a6f6917f708c1dee25b9a8e519a620e88
-F src/select.c 6d40db6c1fe9be9f6f45e5436e73cd22f161980a
+F src/select.c a96d80c0493bf81f90415479b0055dc91f60a812
 F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
 F src/shell.c d07ae326b3815d80f71c69b3c7584382e47f6447
 F src/sqlite.h.in b174b5508467deec4034c6c8a21f0354b498b46b
@@ -120,7 +120,7 @@ F src/test9.c c0f38f7795cc51d37db6c63874d90f40f10d0f0e
 F src/test_async.c 9d326ceda4306bcab252b8f7e8e480ed45d7ccb6
 F src/test_autoext.c 855157d97aa28cf84233847548bfacda21807436
 F src/test_btree.c 882d59acad48bab3b1fe3daf3645059b590cfc79
-F src/test_config.c 214f376781c75db1726acd045355546c17d5ee24
+F src/test_config.c 4d262b9f27b616dea481a40d57a95ab0ab27f878
 F src/test_hexio.c 14c007252285c6dabcec4a28fcf08e9177e85178
 F src/test_loadext.c 22065d601a18878e5542191001f0eaa5d77c0ed8
 F src/test_md5.c 6c42bc0a3c0b54be34623ff77a0eec32b2fa96e3
@@ -341,7 +341,7 @@ F test/select3.test 2d473f45c57c0526833e045fca0537badec0dd04
 F test/select4.test 305ba0a6e97efc5544def5e5cb49b54e1bf87fd9
 F test/select5.test 0b47058d3e916c1fc9fe81f44b438e02bade21ce
 F test/select6.test 399f14b9ba37b768afe5d2cd8c12e4f340a69db8
-F test/select7.test ea2af8688973c6cf801c6db137f74fde54a8777f
+F test/select7.test 45606f9afbe2056058c7d75fc33e5092e65ec770
 F test/server1.test e328b8e641ba8fe9273132cfef497383185dc1f5
 F test/shared.test 5c39f216ce85d723eda5875804bbf5ef8a03fcfc
 F test/shared2.test 8b48f8d33494413ef4cf250110d89403e2bf6b23
@@ -500,7 +500,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
 F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5
-P d2282e64f1320913797dfb4dae4db0428a15a200
+P 17152bf1a268e130f0c43046bb438b617a747ff5
-R 43a9ecfcf971f988d08ee13d7bafdc9f
+R 9d276b74e5f49e44912ed69e9cfc1903
-U danielk1977
+U drh
-Z fcc583b54267b5d032e0ac8a8835f355
+Z 44d0cd4e487f5503f2b48ab2c14ab3aa

manifest.uuid

@@ -1 +1 @@
-17152bf1a268e130f0c43046bb438b617a747ff5
+0d71ad4591eae9de8749fb2da6455ac661587f7a

src/limits.h

@@ -12,7 +12,7 @@
 ** 
 ** This file defines various limits of what SQLite can process.
 **
-** @(#) $Id: limits.h,v 1.6 2007/05/10 10:46:56 danielk1977 Exp $
+** @(#) $Id: limits.h,v 1.7 2007/06/07 10:55:36 drh Exp $
 */
 
 /*
@@ -66,6 +66,18 @@
 # define SQLITE_MAX_EXPR_DEPTH 0
 #endif
 
+/*
+** The maximum number of terms in a compound SELECT statement.
+** The code generator for compound SELECT statements does one
+** level of recursion for each term.  A stack overflow can result
+** if the number of terms is too large.  In practice, most SQL
+** never has more than 3 or 4 terms.  Use a value of 0 to disable
+** any limit on the number of terms in a compount SELECT.
+*/
+#ifndef SQLITE_MAX_COMPOUND_SELECT
+# define SQLITE_MAX_COMPOUND_SELECT 100
+#endif
+
 /*
 ** The maximum number of opcodes in a VDBE program.
 */

src/select.c

@@ -12,7 +12,7 @@
 ** This file contains C code routines that are called by the parser
 ** to handle SELECT statements in SQLite.
 **
-** $Id: select.c,v 1.349 2007/05/31 08:20:44 danielk1977 Exp $
+** $Id: select.c,v 1.350 2007/06/07 10:55:36 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -2870,9 +2870,14 @@ int sqlite3Select(
   if( p->pPrior ){
     if( p->pRightmost==0 ){
       Select *pLoop;
-      for(pLoop=p; pLoop; pLoop=pLoop->pPrior){
+      int cnt = 0;
+      for(pLoop=p; pLoop; pLoop=pLoop->pPrior, cnt++){
         pLoop->pRightmost = p;
       }
+      if( SQLITE_MAX_COMPOUND_SELECT>0 && cnt>SQLITE_MAX_COMPOUND_SELECT ){
+        sqlite3ErrorMsg(pParse, "too many terms in compound SELECT");
+        return 1;
+      }
     }
     return multiSelect(pParse, p, eDest, iParm, aff);
   }

src/test_config.c

@@ -16,7 +16,7 @@
 ** The focus of this file is providing the TCL testing layer
 ** access to compile-time constants.
 **
-** $Id: test_config.c,v 1.5 2007/05/17 16:38:30 danielk1977 Exp $
+** $Id: test_config.c,v 1.6 2007/06/07 10:55:36 drh Exp $
 */
 #include "sqliteInt.h"
 #include "tcl.h"
@@ -392,6 +392,11 @@ static void set_options(Tcl_Interp *interp){
     Tcl_LinkVar(interp, "SQLITE_MAX_EXPR_DEPTH",
            (char*)&sqlite_max_expr_depth, TCL_LINK_INT|TCL_LINK_READ_ONLY);
   }
+  {
+    static int sqlite_max_compound_select = SQLITE_MAX_COMPOUND_SELECT;
+    Tcl_LinkVar(interp, "SQLITE_MAX_COMPOUND_SELECT",
+           (char*)&sqlite_max_compound_select, TCL_LINK_INT|TCL_LINK_READ_ONLY);
+  }
   {
     static int sqlite_max_vdbe_op = SQLITE_MAX_VDBE_OP;
     Tcl_LinkVar(interp, "SQLITE_MAX_VDBE_OP",

test/select7.test

@@ -10,7 +10,7 @@
 # focus of this file is testing compute SELECT statements and nested
 # views.
 #
-# $Id: select7.test,v 1.9 2007/05/09 22:56:39 drh Exp $
+# $Id: select7.test,v 1.10 2007/06/07 10:55:36 drh Exp $
 
 
 set testdir [file dirname $argv0]
@@ -135,4 +135,23 @@ ifcapable {subquery && compound} {
      {only a single result allowed for a SELECT that is part of an expression}]
 }
 
+# Verify that an error occurs if you have too many terms on a
+# compound select statement.
+#
+if {$SQLITE_MAX_COMPOUND_SELECT>0} {
+  set sql {SELECT 0}
+  set result 0
+  for {set i 1} {$i<$SQLITE_MAX_COMPOUND_SELECT} {incr i} {
+    append sql " UNION ALL SELECT $i"
+    lappend result $i
+  }
+  do_test select7-6.1 {
+    catchsql $sql
+  } [list 0 $result]
+  append sql { UNION ALL SELECT 99999999}
+  do_test select7-6.2 {
+    catchsql $sql
+  } {1 {too many terms in compound SELECT}}
+}
+
 finish_test