Do not allow parameters or schema references inside of WITH clause of

triggers and views. This fixes a bug discovered by OSSFuzz and present since common-table-expressions were first added in 2014-02-03. FossilOrigin-Name: b918d4b4e546d3903ff20efc3c8ca26dd9761cc8ed9ef7d2799b66ff9ae1ae51
2025-11-15 11:41:13 +03:00 · 2018-02-15 21:00:37 +00:00
parent f4bc6c43d7
commit 713f34ace9
4 changed files with 70 additions and 7 deletions
--- a/src/attach.c
+++ b/src/attach.c
@@ -504,6 +504,16 @@ int sqlite3FixSelect(
    if( sqlite3FixExpr(pFix, pSelect->pLimit) ){
      return 1;
    }
+#if 1
+    if( pSelect->pWith ){
+      int i;
+      for(i=0; i<pSelect->pWith->nCte; i++){
+        if( sqlite3FixSelect(pFix, pSelect->pWith->a[i].pSelect) ){
+          return 1;
+        }
+      }
+    }
+#endif
    pSelect = pSelect->pPrior;
  }
  return 0;