MonetDB: linear-hashing - Disallow prepared statements arguments...

Mon, 03 Feb 2020 07:39:22 -0800 

Changeset: 2b2c6b106a72 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=2b2c6b106a72
Modified Files:
        sql/server/rel_select.c
        sql/test/miscellaneous/Tests/groupby_error.sql
        sql/test/miscellaneous/Tests/groupby_error.stable.err
Branch: linear-hashing
Log Message:

Disallow prepared statements arguments as input parameters to aggregates and 
window functions


diffs (87 lines):

diff --git a/sql/server/rel_select.c b/sql/server/rel_select.c
--- a/sql/server/rel_select.c
+++ b/sql/server/rel_select.c
@@ -3263,8 +3263,16 @@ static sql_exp *
                                else
                                        groupby = subquery = gl;
                        }
-                       if (!e || !exp_subtype(e)) /* we also do not expect 
parameters here */
+                       if (!e)
                                return NULL;
+                       if (!exp_subtype(e)) { /* we also do not expect 
parameters here */
+                               char *uaname = GDKmalloc(strlen(aname) + 1);
+                               sql_exp *e = sql_error(sql, 02, SQLSTATE(42000) 
"%s: parameters not allowed as arguments to aggregate functions",
+                                               uaname ? toUpperCopy(uaname, 
aname) : aname);
+                               if (uaname)
+                                       GDKfree(uaname);
+                               return e;
+                       }
                        all_aggr &= (exp_card(e) <= CARD_AGGR && 
!exp_is_atom(e) && !is_func(e->type) && (!is_groupby(groupby->op) || 
!groupby->r || !exps_find_exp(groupby->r, e)));
                        has_freevar |= exp_has_freevar(sql, e);
                        all_freevar &= (is_freevar(e)>0);
@@ -4631,8 +4639,16 @@ rel_rankop(sql_query *query, sql_rel **r
                                is_last = 0;
                                exp_kind ek = {type_value, card_column, FALSE};
                                in = rel_value_exp2(query, &p, nn->data.sym, f 
| sql_window, ek, &is_last);
-                               if(!in)
+                               if (!in)
                                        return NULL;
+                               if (!exp_subtype(in)) { /* we also do not 
expect parameters here */
+                                       char *uaname = GDKmalloc(strlen(aname) 
+ 1);
+                                       (void) sql_error(sql, 02, 
SQLSTATE(42000) "%s: parameters not allowed as arguments to window functions",
+                                                                       uaname 
? toUpperCopy(uaname, aname) : aname);
+                                       if (uaname)
+                                               GDKfree(uaname);
+                                       return NULL;
+                               }
                                if(is_ntile && nfargs == 1) { /* ntile first 
argument null handling case */
                                        sql_subtype *empty = 
sql_bind_localtype("void");
                                        if(subtype_cmp(exp_subtype(in), empty) 
== 0) {
@@ -4678,8 +4694,16 @@ rel_rankop(sql_query *query, sql_rel **r
                                 * symbol compilation is required
                                 */
                                in = rel_value_exp2(query, &p, 
n->next->data.sym, f | sql_window, ek, &is_last);
-                               if(!in)
+                               if (!in)
                                        return NULL;
+                               if (!exp_subtype(in)) { /* we also do not 
expect parameters here */
+                                       char *uaname = GDKmalloc(strlen(aname) 
+ 1);
+                                       (void) sql_error(sql, 02, 
SQLSTATE(42000) "%s: parameters not allowed as arguments to window functions",
+                                                                       uaname 
? toUpperCopy(uaname, aname) : aname);
+                                       if (uaname)
+                                               GDKfree(uaname);
+                                       return NULL;
+                               }
 
                                append(fargs, in);
                                if(strcmp(s->base.name, "sys") == 0 && 
strcmp(aname, "count") == 0) {
diff --git a/sql/test/miscellaneous/Tests/groupby_error.sql 
b/sql/test/miscellaneous/Tests/groupby_error.sql
--- a/sql/test/miscellaneous/Tests/groupby_error.sql
+++ b/sql/test/miscellaneous/Tests/groupby_error.sql
@@ -43,6 +43,8 @@ prepare select case when col0 = 0 then ?
 prepare select case when col0 = 0 then ? when col0 = 1 then ? else ? end from 
tab0; --error
 
 prepare select ? is null from tab0; --error
+prepare select max(?); --error
+prepare select max(?) over (); --error
 
 CREATE TABLE tab1(col0 INTEGER, col1 STRING);
 prepare select 1 from tab1 where (col0,col1) in (select ?,? from tab1);
diff --git a/sql/test/miscellaneous/Tests/groupby_error.stable.err 
b/sql/test/miscellaneous/Tests/groupby_error.stable.err
--- a/sql/test/miscellaneous/Tests/groupby_error.stable.err
+++ b/sql/test/miscellaneous/Tests/groupby_error.stable.err
@@ -55,6 +55,14 @@ MAPI  = (monetdb) /var/tmp/mtest-143244/
 QUERY = prepare select ? is null from tab0; --error
 ERROR = !Could not determine type for argument number 1
 CODE  = 42000
+MAPI  = (monetdb) /var/tmp/mtest-160872/.s.monetdb.39398
+QUERY = prepare select max(?); --error
+ERROR = !MAX: parameters not allowed as arguments to aggregate functions
+CODE  = 42000
+MAPI  = (monetdb) /var/tmp/mtest-165100/.s.monetdb.38196
+QUERY = prepare select max(?) over (); --error
+ERROR = !MAX: parameters not allowed as arguments to window functions
+CODE  = 42000
 
 # 10:56:47 >  
 # 10:56:47 >  "Done."
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list

Reply via email to