From 71cdc94d3ebe9a2200368c4ddb60dae9b9d6c6cf Mon Sep 17 00:00:00 2001 From: Emil Ejbyfeldt Date: Thu, 5 Sep 2024 09:06:48 +0200 Subject: [PATCH] fix: Guard against stack overflow in parse_table_and_joins It possible to hit a stack overflow due to `parse_table_and_joins` calling `parse_table_factor` which then calls `parse_table_and_joins`. This fixes the issue by adding a recurssion guard in `parse_table_and_joins`. Found by running the fuzzer. --- src/parser/mod.rs | 1 + tests/sqlparser_common.rs | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/src/parser/mod.rs b/src/parser/mod.rs index 977372656..935f3fc06 100644 --- a/src/parser/mod.rs +++ b/src/parser/mod.rs @@ -9334,6 +9334,7 @@ impl<'a> Parser<'a> { } pub fn parse_table_and_joins(&mut self) -> Result { + let _guard = self.recursion_counter.try_decrease()?; let relation = self.parse_table_factor()?; // Note that for keywords to be properly handled here, they need to be // added to `RESERVED_FOR_TABLE_ALIAS`, otherwise they may be parsed as diff --git a/tests/sqlparser_common.rs b/tests/sqlparser_common.rs index fbe97171b..c33ed9142 100644 --- a/tests/sqlparser_common.rs +++ b/tests/sqlparser_common.rs @@ -8838,6 +8838,13 @@ fn parse_deeply_nested_subquery_expr_hits_recursion_limits() { assert_eq!(res, Err(ParserError::RecursionLimitExceeded)); } +#[test] +fn parse_deeply_nested_update_hits_recursion_limits() { + let sql = format!("UPDATE {}", "(".repeat(1000)); + let res = parse_sql_statements(&sql); + assert_eq!(ParserError::RecursionLimitExceeded, res.unwrap_err()); +} + #[test] fn parse_with_recursion_limit() { let dialect = GenericDialect {};