| Subject: | Avoid Infinite Loop on Bad SQL in SQL::Parser |
In my testing, I accidentally sent a SQL statement with an empty clause to SQL::Parser. It went into deep recursion in parens_search(), and the OS eventually killed the program. This appears to be independent of Perl and OS version.
My bad SQL was as follows:
DELETE FROM image
WHERE category = 'n'
AND id IN ()
Applying the attached patch caused the parser to report a 'bad predicate' error immediately, which I find highly appropriate. The patch adds a negative lookahead to ensure that an opening paren is not followed immediately by its closing match.
I apologize if this ticket also has to be re-assigned to the current maintainer. (If this happens, I will report it to Jesse Vincent, to see if it is an error with my configuration or an issue with RT.)
--- Parser.pm~ Fri Aug 16 02:36:55 2002
+++ Parser.pm Fri Aug 16 02:37:06 2002
@@ -909,7 +909,7 @@
if ($str =~ s/\(([^()]+)\)/^$index^/ ) {
push @$predicates, $1;
}
- if ($str =~ /\(/ ) {
+ if ($str =~ /\((?!\))/ ) {
return $self->parens_search($str,$predicates);
}
else {