SQLite

Check-in [45f459d2]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Avoid a buffer overread in fts3 that could occur when handling corrupt data structures.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 45f459d2fa4be97d9bbb970efbc0b5d40efaf93f52ed111fd0fcdc572c24327b
User & Date: dan 2021-06-08 12:15:56
Context
2021-06-08
12:22
Add an assert() to prevent the value of the SQLITE_VTABRISK macros from being changed in a way that would break logic. (check-in: 33babdb5 user: drh tags: trunk)
12:15
Avoid a buffer overread in fts3 that could occur when handling corrupt data structures. (check-in: 45f459d2 user: dan tags: trunk)
2021-06-07
17:36
Fix a buffer overread that could occur in fts5 when handling corrupt records. (check-in: 078962a2 user: dan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/fts3/fts3_write.c. 

1999
2000
2001
2002
2003
2004
2005
2006
2007

2008
2009
2010
2011
2012
2013
2014

static int fts3PrefixCompress(
  const char *zPrev,              /* Buffer containing previous term */
  int nPrev,                      /* Size of buffer zPrev in bytes */
  const char *zNext,              /* Buffer containing next term */
  int nNext                       /* Size of buffer zNext in bytes */
){
  int n;
  UNUSED_PARAMETER(nNext);
  for(n=0; n<nPrev && zPrev[n]==zNext[n]; n++);

  return n;
}

/*
** Add term zTerm to the SegmentNode. It is guaranteed that zTerm is larger
** (according to memcmp) than the previous term.
*/








<
|
>








1999
2000
2001
2002
2003
2004
2005

2006
2007
2008
2009
2010
2011
2012
2013
2014

static int fts3PrefixCompress(
  const char *zPrev,              /* Buffer containing previous term */
  int nPrev,                      /* Size of buffer zPrev in bytes */
  const char *zNext,              /* Buffer containing next term */
  int nNext                       /* Size of buffer zNext in bytes */
){
  int n;

  for(n=0; n<nPrev && n<nNext && zPrev[n]==zNext[n]; n++);
  assert_fts3_nc( n<nNext );
  return n;
}

/*
** Add term zTerm to the SegmentNode. It is guaranteed that zTerm is larger
** (according to memcmp) than the previous term.
*/

Changes to test/fts3corrupt6.test. 

57
58
59
60
61
62
63












64
65
66

do_execsql_test 2.0 {
  CREATE VIRTUAL TABLE t0 USING fts3(a);
  INSERT INTO t0_segdir VALUES(0,0,0,0,'0 42',X'000131030782000103323334050100fff200010461616161050101020200000462626262050101030200');
}
do_execsql_test 2.1 {
  SELECT count(*) FROM t0 WHERE t0 MATCH '(1 NEAR 1) AND (aaaa OR 1)';
} 1













set sqlite_fts3_enable_parentheses $saved_sqlite_fts3_enable_parentheses
finish_test








>
>
>
>
>
>
>
>
>
>
>
>




57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

do_execsql_test 2.0 {
  CREATE VIRTUAL TABLE t0 USING fts3(a);
  INSERT INTO t0_segdir VALUES(0,0,0,0,'0 42',X'000131030782000103323334050100fff200010461616161050101020200000462626262050101030200');
}
do_execsql_test 2.1 {
  SELECT count(*) FROM t0 WHERE t0 MATCH '(1 NEAR 1) AND (aaaa OR 1)';
} 1

#-------------------------------------------------------------------------
reset_db
do_execsql_test 3.0 {
  CREATE VIRTUAL TABLE main.Table0 USING fts3();
  INSERT INTO Table0 VALUES (1), (printf('%8.1280000X') ), (1), (printf('%8.1280000X') ), (1)  ;
  INSERT INTO Table0 VALUES (0), (printf('%8.1280000X%8.1280000X') ), (1), (printf('%1280000.1280000X%#1280000.1280000E%8.1280000X') ), (1)  ;
  INSERT INTO Table0 VALUES (1)  ;
  UPDATE Table0_segdir SET start_block = 1;
  INSERT INTO Table0 VALUES (1)  ;
  INSERT INTO Table0(Table0) VALUES('merge=6,8');
}

set sqlite_fts3_enable_parentheses $saved_sqlite_fts3_enable_parentheses
finish_test