Opened 3 years ago

Closed 3 years ago

#6108 closed defect (duplicate)

ogrsqliteselectlayer.cpp - osBaseLayerName / SQL parsing fault

Reported by: hege Owned by: warmerdam
Priority: high Milestone:
Component: OGR_SF Version: svn-trunk
Severity: normal Keywords:
Cc:

Description

Consider this unfortunate configuration:

DATA "select * from uusimmat_kuvat order by vuosi"

First make note of the double "uu" in table name. Then observe this amazingly convoluted and uncommented piece of "sql parsing" code starting around line 416. I have no idea why it's a good idea to casually parse something like this? Can't you get the table name from SQLite functions etc?

size_t nFromPos = osSQLBase.ifind(" from ");
....
char chQuote = osSQLBase[nFromPos + 6];
int bInQuotes = (chQuote == '\'' || chQuote == '"' );
....
for( i = nFromPos + 6 + (bInQuotes ? 1 : 0);
     i < osSQLBase.size(); i++ )
{
     if (osSQLBase[i] == chQuote && i + 1 < osSQLBase.size() &&
         osSQLBase[i + 1] == chQuote )    <-- what is this trying to do??

The end result being osBaseLayerName => usimmat_kuvat (missing first u).

This resulted in crashing which apparently was tried to be remedied in #6103.

Change History (1)

comment:1 Changed 3 years ago by Even Rouault

Resolution: duplicate
Status: newclosed

Just fixed as #6107

Note: See TracTickets for help on using tickets.