SQLite

Check-in [b3fa58dd]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: b3fa58dd7403dbd4d2e9f3ae23d7d1337830d6fef2aa2f137ac5174de0d5828e
User & Date: dan 2019-03-18 15:49:07
Context
2019-09-03
19:40
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (Leaf check-in: b54aa18b user: dan tags: branch-3.18)
19:29
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (Leaf check-in: b584fd36 user: dan tags: branch-3.9)
18:43
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (Leaf check-in: 0770363b user: drh tags: branch-3.19)
18:36
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (check-in: 68b89838 user: drh tags: branch-3.22)
2019-03-19
09:57
Add a LICENSE.md, containing the text of the blessing. (check-in: cbb7e602 user: drh tags: trunk)
2019-03-18
15:49
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (check-in: b3fa58dd user: dan tags: trunk)
15:23
Fix an fts5 problem with interleaving reads and writes in a single transaction. (check-in: 45c73deb user: dan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_hash.c. 

452
453
454
455
456
457
458

459

460
461
462
463
464
465
466

  ap = sqlite3_malloc64(sizeof(Fts5HashEntry*) * nMergeSlot);
  if( !ap ) return SQLITE_NOMEM;
  memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);

  for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
    Fts5HashEntry *pIter;
    for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){

      if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){

        Fts5HashEntry *pEntry = pIter;
        pEntry->pScanNext = 0;
        for(i=0; ap[i]; i++){
          pEntry = fts5HashEntryMerge(pEntry, ap[i]);
          ap[i] = 0;
        }
        ap[i] = pEntry;








>
|
>








452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468

  ap = sqlite3_malloc64(sizeof(Fts5HashEntry*) * nMergeSlot);
  if( !ap ) return SQLITE_NOMEM;
  memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);

  for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
    Fts5HashEntry *pIter;
    for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
      if( pTerm==0 
       || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm))
      ){
        Fts5HashEntry *pEntry = pIter;
        pEntry->pScanNext = 0;
        for(i=0; ap[i]; i++){
          pEntry = fts5HashEntryMerge(pEntry, ap[i]);
          ap[i] = 0;
        }
        ap[i] = pEntry;

Changes to ext/fts5/test/fts5aa.test. 

617
618
619
620
621
622
623













624
625
626
627
628

}
do_execsql_test 24.2 {
  INSERT INTO t12(t12) VALUES('integrity-check');
}
do_execsql_test 24.3 {
    SELECT * FROM t12('aaaa');
} {aaaa}














}

expand_all_sql db
finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>






617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641

}
do_execsql_test 24.2 {
  INSERT INTO t12(t12) VALUES('integrity-check');
}
do_execsql_test 24.3 {
    SELECT * FROM t12('aaaa');
} {aaaa}

#-------------------------------------------------------------------------
do_execsql_test 25.0 {
  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
}
do_execsql_test 25.1 {
  BEGIN;
  INSERT INTO t13 VALUES('AAAA');
SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');

  END;
}


}

expand_all_sql db
finish_test