Check-in [569d3ade54]
Not logged in
Home Timeline Branches Tags Tickets Wiki Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:merge trunk
Timelines: family | ancestors | descendants | both | sqlite3-compat
Files: files | file ages | folders
SHA1: 569d3ade54dd03ea21cbe59ebdee85349aab4940
User & Date: jan.nijtmans 2014-10-06 01:58:00.000
Context
2015-01-19
12:09
merge trunk check-in: 6a7f73d16d user: jan.nijtmans tags: sqlite3-compat
2014-10-06
01:58
merge trunk check-in: 569d3ade54 user: jan.nijtmans tags: sqlite3-compat
00:58
Add an assert() to prove that Fossil server instances are not vulnerable to the ShellShock bug because it never shells-out while processing an HTTP request. check-in: 82e30c0000 user: drh tags: trunk
2014-10-05
23:11
Only use SQLITE_TESTCTRL_EXPLAIN_STMT/SQLITE_STMTSTATUS_VM_STEP when necessary/supported check-in: 99d52b38fb user: jan.nijtmans tags: sqlite3-compat
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/browse.c. 
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528

    Stmt ins, q;
    ManifestFile *pFile;

    db_multi_exec(
        "CREATE TEMP TABLE filelist("
        "   x TEXT PRIMARY KEY COLLATE nocase,"
        "   uuid TEXT"
        ")%s;",
        /* Can be removed as soon as SQLite 3.8.2 is sufficiently wide-spread */
        sqlite3_libversion_number()>=3008002 ? " WITHOUT ROWID" : ""
    );
    db_prepare(&ins, "INSERT OR IGNORE INTO filelist VALUES(:f,:u)");
    manifest_file_rewind(pM);
    while( (pFile = manifest_file_next(pM,0))!=0 ){
      if( nD>0
       && (fossil_strncmp(pFile->zName, zD, nD-1)!=0
           || pFile->zName[nD-1]!='/')








<
<
|








512
513
514
515
516
517
518


519
520
521
522
523
524
525
526

    Stmt ins, q;
    ManifestFile *pFile;

    db_multi_exec(
        "CREATE TEMP TABLE filelist("
        "   x TEXT PRIMARY KEY COLLATE nocase,"
        "   uuid TEXT"


        ") WITHOUT ROWID;"
    );
    db_prepare(&ins, "INSERT OR IGNORE INTO filelist VALUES(:f,:u)");
    manifest_file_rewind(pM);
    while( (pFile = manifest_file_next(pM,0))!=0 ){
      if( nD>0
       && (fossil_strncmp(pFile->zName, zD, nD-1)!=0
           || pFile->zName[nD-1]!='/')
Changes to src/descendants.c. 
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

}

/*
** Load the record ID rid and up to N-1 closest ancestors into
** the "ok" table.
*/
void compute_ancestors(int rid, int N, int directOnly){
#if USE_SYSTEM_SQLITE+0==1
  if( sqlite3_libversion_number()<3008003 ){
    Bag seen;
    PQueue queue;
    Stmt ins;
    Stmt q;
    bag_init(&seen);
    pqueuex_init(&queue);
    bag_insert(&seen, rid);
    pqueuex_insert(&queue, rid, 0.0, 0);
    db_prepare(&ins, "INSERT OR IGNORE INTO ok VALUES(:rid)");
    db_prepare(&q,
      "SELECT a.pid, b.mtime FROM plink a LEFT JOIN plink b ON b.cid=a.pid"
      " WHERE a.cid=:rid %s",
      directOnly ? " AND a.isprim" : ""
    );
    while( (N--)>0 && (rid = pqueuex_extract(&queue, 0))!=0 ){
      db_bind_int(&ins, ":rid", rid);
      db_step(&ins);
      db_reset(&ins);
      db_bind_int(&q, ":rid", rid);
      while( db_step(&q)==SQLITE_ROW ){
        int pid = db_column_int(&q, 0);
        double mtime = db_column_double(&q, 1);
        if( bag_insert(&seen, pid) ){
          pqueuex_insert(&queue, pid, -mtime, 0);
        }
      }
      db_reset(&q);
    }
    bag_clear(&seen);
    pqueuex_clear(&queue);
    db_finalize(&ins);
    db_finalize(&q);
  } else
#endif
  db_multi_exec(
    "WITH RECURSIVE "
    "  ancestor(rid, mtime) AS ("
    "    SELECT %d, mtime FROM event WHERE objid=%d "
    "    UNION "
    "    SELECT plink.pid, event.mtime"
    "      FROM ancestor, plink, event"








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








160
161
162
163
164
165
166




































167
168
169
170
171
172
173

}

/*
** Load the record ID rid and up to N-1 closest ancestors into
** the "ok" table.
*/
void compute_ancestors(int rid, int N, int directOnly){




































  db_multi_exec(
    "WITH RECURSIVE "
    "  ancestor(rid, mtime) AS ("
    "    SELECT %d, mtime FROM event WHERE objid=%d "
    "    UNION "
    "    SELECT plink.pid, event.mtime"
    "      FROM ancestor, plink, event"
Changes to src/main.c. 
578
579
580
581
582
583
584
585
586
587
588
589
590
591

592
593
594
595
596
597
598

#endif
int main(int argc, char **argv)
#endif
{
  const char *zCmdName = "unknown";
  int idx;
  int rc;
  if( sqlite3_libversion_number()<3007017 ){
    fossil_fatal("Unsuitable SQLite version %s, must be at least 3.7.17",
                 sqlite3_libversion());
  }
  sqlite3_config(SQLITE_CONFIG_MULTITHREAD);
  sqlite3_config(32); /* SQLITE_CONFIG_EXPLAIN_COMMENTS (old) */
  sqlite3_config(64); /* SQLITE_CONFIG_EXPLAIN_COMMENTS */

  sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0);
  memset(&g, 0, sizeof(g));
  g.now = time(0);
  g.httpHeader = empty_blob;
#ifdef FOSSIL_ENABLE_JSON
#if defined(NDEBUG)
  g.json.errorDetailParanoia = 2 /* FIXME: make configurable








|
|


<
<

>








578
579
580
581
582
583
584
585
586
587
588


589
590
591
592
593
594
595
596
597

#endif
int main(int argc, char **argv)
#endif
{
  const char *zCmdName = "unknown";
  int idx;
  int rc;
  if( sqlite3_libversion_number()<3008003 ){
    fossil_fatal("Unsuitable SQLite version %s, must be at least 3.8.3",
                 sqlite3_libversion());
  }


  sqlite3_config(64); /* SQLITE_CONFIG_EXPLAIN_COMMENTS */
  sqlite3_config(SQLITE_CONFIG_MULTITHREAD);
  sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0);
  memset(&g, 0, sizeof(g));
  g.now = time(0);
  g.httpHeader = empty_blob;
#ifdef FOSSIL_ENABLE_JSON
#if defined(NDEBUG)
  g.json.errorDetailParanoia = 2 /* FIXME: make configurable
Changes to src/shell.c. 
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191

  if( pArg && pArg->out && db && pArg->pStmt ){
    iCur = sqlite3_stmt_status(pArg->pStmt, SQLITE_STMTSTATUS_FULLSCAN_STEP, bReset);
    fprintf(pArg->out, "Fullscan Steps:                      %d\n", iCur);
    iCur = sqlite3_stmt_status(pArg->pStmt, SQLITE_STMTSTATUS_SORT, bReset);
    fprintf(pArg->out, "Sort Operations:                     %d\n", iCur);
    iCur = sqlite3_stmt_status(pArg->pStmt, SQLITE_STMTSTATUS_AUTOINDEX, bReset);
    fprintf(pArg->out, "Autoindex Inserts:                   %d\n", iCur);
    if( sqlite3_libversion_number()>=3008000 ){
      iCur = sqlite3_stmt_status(pArg->pStmt, SQLITE_STMTSTATUS_VM_STEP, bReset);
      fprintf(pArg->out, "Virtual Machine Steps:               %d\n", iCur);
    }
  }

  return 0;
}

/*
** Parameter azArray points to a zero-terminated array of strings. zStr








<
|
|
<








1174
1175
1176
1177
1178
1179
1180

1181
1182

1183
1184
1185
1186
1187
1188
1189

  if( pArg && pArg->out && db && pArg->pStmt ){
    iCur = sqlite3_stmt_status(pArg->pStmt, SQLITE_STMTSTATUS_FULLSCAN_STEP, bReset);
    fprintf(pArg->out, "Fullscan Steps:                      %d\n", iCur);
    iCur = sqlite3_stmt_status(pArg->pStmt, SQLITE_STMTSTATUS_SORT, bReset);
    fprintf(pArg->out, "Sort Operations:                     %d\n", iCur);
    iCur = sqlite3_stmt_status(pArg->pStmt, SQLITE_STMTSTATUS_AUTOINDEX, bReset);
    fprintf(pArg->out, "Autoindex Inserts:                   %d\n", iCur);

    iCur = sqlite3_stmt_status(pArg->pStmt, SQLITE_STMTSTATUS_VM_STEP, bReset);
    fprintf(pArg->out, "Virtual Machine Steps:               %d\n", iCur);

  }

  return 0;
}

/*
** Parameter azArray points to a zero-terminated array of strings. zStr

1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375

            fprintf(pArg->out,"%s\n", sqlite3_column_text(pExplain, 3));
          }
        }
        sqlite3_finalize(pExplain);
        sqlite3_free(zEQP);
      }

#if USE_SYSTEM_SQLITE+0==1
      /* Output TESTCTRL_EXPLAIN text of requested */
      if( pArg && pArg->mode==MODE_Explain && sqlite3_libversion_number()<3008007 ){
        const char *zExplain = 0;
        sqlite3_test_control(SQLITE_TESTCTRL_EXPLAIN_STMT, pStmt, &zExplain);
        if( zExplain && zExplain[0] ){
          fprintf(pArg->out, "%s", zExplain);
        }
      }
#endif

      /* If the shell is currently in ".explain" mode, gather the extra
      ** data required to add indents to the output.*/
      if( pArg && pArg->mode==MODE_Explain ){
        explain_data_prepare(pArg, pStmt);
      }

      /* perform the first step.  this will tell us if we








<
<
<
<
<
<
<
<
<
<
<








1349
1350
1351
1352
1353
1354
1355











1356
1357
1358
1359
1360
1361
1362

            fprintf(pArg->out,"%s\n", sqlite3_column_text(pExplain, 3));
          }
        }
        sqlite3_finalize(pExplain);
        sqlite3_free(zEQP);
      }












      /* If the shell is currently in ".explain" mode, gather the extra
      ** data required to add indents to the output.*/
      if( pArg && pArg->mode==MODE_Explain ){
        explain_data_prepare(pArg, pStmt);
      }

      /* perform the first step.  this will tell us if we

3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921

  memcpy(data->separator,"|", 2);
  memcpy(data->newline,"\r\n", 3);
  data->showHeader = 0;
  data->shellFlgs = SHFLG_Lookaside;
  sqlite3_config(SQLITE_CONFIG_URI, 1);
  sqlite3_config(SQLITE_CONFIG_LOG, shellLog, data);
  sqlite3_config(SQLITE_CONFIG_MULTITHREAD);
  sqlite3_config(32); /* SQLITE_CONFIG_EXPLAIN_COMMENTS (old) */
  sqlite3_config(64); /* SQLITE_CONFIG_EXPLAIN_COMMENTS */
  sqlite3_snprintf(sizeof(mainPrompt), mainPrompt,"sqlite> ");
  sqlite3_snprintf(sizeof(continuePrompt), continuePrompt,"   ...> ");
}

/*
** Output text to the console in a font that attracts extra attention.








<








3894
3895
3896
3897
3898
3899
3900

3901
3902
3903
3904
3905
3906
3907

  memcpy(data->separator,"|", 2);
  memcpy(data->newline,"\r\n", 3);
  data->showHeader = 0;
  data->shellFlgs = SHFLG_Lookaside;
  sqlite3_config(SQLITE_CONFIG_URI, 1);
  sqlite3_config(SQLITE_CONFIG_LOG, shellLog, data);
  sqlite3_config(SQLITE_CONFIG_MULTITHREAD);

  sqlite3_config(64); /* SQLITE_CONFIG_EXPLAIN_COMMENTS */
  sqlite3_snprintf(sizeof(mainPrompt), mainPrompt,"sqlite> ");
  sqlite3_snprintf(sizeof(continuePrompt), continuePrompt,"   ...> ");
}

/*
** Output text to the console in a font that attracts extra attention.
Changes to src/util.c. 
76
77
78
79
80
81
82









83
84
85
86
87
88
89

  rc = _wsystem(zUnicode);
  fossil_unicode_free(zUnicode);
  free(zNewCmd);
#else
  /* On unix, evaluate the command directly.
  */
  if( g.fSystemTrace ) fprintf(stderr, "SYSTEM: %s\n", zOrigCmd);









  rc = system(zOrigCmd);
#endif
  return rc;
}

/*
** Like strcmp() except that it accepts NULL pointers.  NULL sorts before








>
>
>
>
>
>
>
>
>








76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

  rc = _wsystem(zUnicode);
  fossil_unicode_free(zUnicode);
  free(zNewCmd);
#else
  /* On unix, evaluate the command directly.
  */
  if( g.fSystemTrace ) fprintf(stderr, "SYSTEM: %s\n", zOrigCmd);

  /* Unix systems should never shell-out while processing an HTTP request,
  ** either via CGI, SCGI, or direct HTTP.  The following assert verifies
  ** this.  And the following assert proves that Fossil is not vulnerable
  ** to the ShellShock or BashDoor bug.
  */
  assert( g.cgiOutput==0 );

  /* The regular system() call works to get a shell on unix */
  rc = system(zOrigCmd);
#endif
  return rc;
}

/*
** Like strcmp() except that it accepts NULL pointers.  NULL sorts before
Fossil version [1205ec86cb] 2025-04-30 16:57:32