SQLite

Check-in [0d69f76f08]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a use-after-free bug in the fts3 snippet() function.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 0d69f76f0865f9626078bee087a22fb826407279e78cf9d5382e1c985c9f64a9
User & Date: dan 2020-05-16 17:26:58.154
Context
2020-05-16
18:01
The OP_RealAffinity opcode is not necessary after reading values from a virtual table (such as rtree). It is harmless, but it does use CPU cycles. Might as well leave it off. (check-in: dc18d89354 user: drh tags: trunk)
17:26
Fix a use-after-free bug in the fts3 snippet() function. (check-in: 0d69f76f08 user: dan tags: trunk)
16:23
Extra memory barrier during initialization. (check-in: 043a7e142d user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to ext/fts3/fts3.c. 
5313
5314
5315
5316
5317
5318
5319

5320
5321
5322
5323
5324
5325
5326

            if( pLeft->pPhrase && pLeft->pPhrase->doclist.aAll ){
              Fts3Doclist *pDl = &pLeft->pPhrase->doclist;
              while( *pRc==SQLITE_OK && pLeft->bEof==0 ){
                memset(pDl->pList, 0, pDl->nList);
                fts3EvalNextRow(pCsr, pLeft, pRc);
              }
            }

          }
        }
        break;
      }
  
      case FTSQUERY_OR: {
        Fts3Expr *pLeft = pExpr->pLeft;








>








5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327

            if( pLeft->pPhrase && pLeft->pPhrase->doclist.aAll ){
              Fts3Doclist *pDl = &pLeft->pPhrase->doclist;
              while( *pRc==SQLITE_OK && pLeft->bEof==0 ){
                memset(pDl->pList, 0, pDl->nList);
                fts3EvalNextRow(pCsr, pLeft, pRc);
              }
            }
            pRight->bEof = pLeft->bEof = 1;
          }
        }
        break;
      }
  
      case FTSQUERY_OR: {
        Fts3Expr *pLeft = pExpr->pLeft;
Changes to test/fts3snippet2.test. 
39
40
41
42
43
44
45












46
47


reset_db
do_execsql_test 2.0 {
  CREATE VIRTUAL TABLE t0 USING fts3(col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY);
  INSERT INTO t0 VALUES (1, '1234','aaaa','bbbb');
  SELECT snippet(t0)  FROM t0 WHERE t0 MATCH x'0a4d4d4d4d320a4f52d70a310a310a4e4541520a0a31f6ce0a4f520a0a310a310a310a4f520a75fc2a242424' ;
} {<b>1</b>}













set sqlite_fts3_enable_parentheses 0
finish_test









>
>
>
>
>
>
>
>
>
>
>
>


>

39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

reset_db
do_execsql_test 2.0 {
  CREATE VIRTUAL TABLE t0 USING fts3(col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY);
  INSERT INTO t0 VALUES (1, '1234','aaaa','bbbb');
  SELECT snippet(t0)  FROM t0 WHERE t0 MATCH x'0a4d4d4d4d320a4f52d70a310a310a4e4541520a0a31f6ce0a4f520a0a310a310a310a4f520a75fc2a242424' ;
} {<b>1</b>}

reset_db
do_execsql_test 2.1 {
  CREATE VIRTUAL TABLE t0 USING fts3(
      col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY
  );
  INSERT INTO t0 VALUES ('one', '1234','aaaa','bbbb');
}
do_execsql_test 2.2 {
  SELECT snippet(t0)  FROM t0 WHERE t0 MATCH 
  '(def AND (one NEAR abc)) OR one'
} {<b>one</b>}

set sqlite_fts3_enable_parentheses 0
finish_test