From 6bf8be5b97c7f845252628a1ce79c0710de33987 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Tue, 4 Dec 2018 10:39:37 +0300 Subject: [PATCH] constraints: escape SQL statements I was getting SQL errors... The %q quotes single quotes for us. Signed-off-by: Dan Carpenter --- smatch_constraints.c | 6 +++--- smatch_constraints_required.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/smatch_constraints.c b/smatch_constraints.c index 25f2ab01..b026e903 100644 --- a/smatch_constraints.c +++ b/smatch_constraints.c @@ -221,7 +221,7 @@ static int constraint_str_to_id(const char *str) int id = -1; run_sql(save_int_callback, &id, - "select id from constraints where str = '%s'", str); + "select id from constraints where str = '%q'", str); return id; } @@ -275,7 +275,7 @@ char *get_required_constraint(const char *data_str) char *required = NULL; run_sql(save_str_callback, &required, - "select bound from constraints_required where data = '%s'", data_str); + "select bound from constraints_required where data = '%q'", data_str); return required; } @@ -285,7 +285,7 @@ static int get_required_op(char *data_str, char *con_str) int op = 0; run_sql(save_op_callback, &op, - "select op from constraints_required where data = '%s' and bound = '%s'", data_str, con_str); + "select op from constraints_required where data = '%q' and bound = '%q'", data_str, con_str); return op; } diff --git a/smatch_constraints_required.c b/smatch_constraints_required.c index c9fefcef..37089385 100644 --- a/smatch_constraints_required.c +++ b/smatch_constraints_required.c @@ -419,8 +419,8 @@ static int has_constraint(struct expression *expr, const char *constraint) return 1; run_sql(constraint_found, &found, - "select data from constraints_required where bound = '%s' limit 1", - constraint); + "select data from constraints_required where bound = '%q' limit 1", + escape_newlines(constraint)); return found; } -- 2.11.4.GIT