/ Check-in [1abc4415]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overrun that could occur in fts5 if a prefix query is made on a corrupt database.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 1abc4415648e69362061e9f9a4f2c1d419ba33801999b377650d8b9a4d2d3a7c
User & Date: dan 2019-01-22 21:17:40
Context
2019-01-23
12:19
Fix a buffer overwrite triggered by a prefix query on a corrupt fts5 table. check-in: 1d8172a9 user: dan tags: trunk
2019-01-22
21:17
Fix a buffer overrun that could occur in fts5 if a prefix query is made on a corrupt database. check-in: 1abc4415 user: dan tags: trunk
20:18
Do not run shmlock.test as part of the journaltest permutation. check-in: 5b7d0c78 user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5.h.

   116    116   **   Query for the details of phrase match iIdx within the current row.
   117    117   **   Phrase matches are numbered starting from zero, so the iIdx argument
   118    118   **   should be greater than or equal to zero and smaller than the value
   119    119   **   output by xInstCount().
   120    120   **
   121    121   **   Usually, output parameter *piPhrase is set to the phrase number, *piCol
   122    122   **   to the column in which it occurs and *piOff the token offset of the
   123         -**   first token of the phrase. The exception is if the table was created
   124         -**   with the offsets=0 option specified. In this case *piOff is always
   125         -**   set to -1.
   126         -**
   127         -**   Returns SQLITE_OK if successful, or an error code (i.e. SQLITE_NOMEM) 
   128         -**   if an error occurs.
          123  +**   first token of the phrase. Returns SQLITE_OK if successful, or an error
          124  +**   code (i.e. SQLITE_NOMEM) if an error occurs.
   129    125   **
   130    126   **   This API can be quite slow if used with an FTS5 table created with the
   131    127   **   "detail=none" or "detail=column" option. 
   132    128   **
   133    129   ** xRowid:
   134    130   **   Returns the rowid of the current row.
   135    131   **

Changes to ext/fts5/fts5Int.h.

   270    270   )
   271    271   
   272    272   /* Write and decode big-endian 32-bit integer values */
   273    273   void sqlite3Fts5Put32(u8*, int);
   274    274   int sqlite3Fts5Get32(const u8*);
   275    275   
   276    276   #define FTS5_POS2COLUMN(iPos) (int)(iPos >> 32)
   277         -#define FTS5_POS2OFFSET(iPos) (int)(iPos & 0xFFFFFFFF)
          277  +#define FTS5_POS2OFFSET(iPos) (int)(iPos & 0x7FFFFFFF)
   278    278   
   279    279   typedef struct Fts5PoslistReader Fts5PoslistReader;
   280    280   struct Fts5PoslistReader {
   281    281     /* Variables used only by sqlite3Fts5PoslistIterXXX() functions. */
   282    282     const u8 *a;                    /* Position list to iterate through */
   283    283     int n;                          /* Size of buffer at a[] in bytes */
   284    284     int i;                          /* Current offset in a[] */

Changes to ext/fts5/fts5_index.c.

  5118   5118         if( p->rc==SQLITE_OK ){
  5119   5119           xMerge(p, &doclist, &aBuf[i]);
  5120   5120         }
  5121   5121         fts5BufferFree(&aBuf[i]);
  5122   5122       }
  5123   5123       fts5MultiIterFree(p1);
  5124   5124   
  5125         -    pData = fts5IdxMalloc(p, sizeof(Fts5Data) + doclist.n);
         5125  +    pData = fts5IdxMalloc(p, sizeof(Fts5Data)+doclist.n+FTS5_DATA_ZERO_PADDING);
  5126   5126       if( pData ){
  5127   5127         pData->p = (u8*)&pData[1];
  5128   5128         pData->nn = pData->szLeaf = doclist.n;
  5129   5129         if( doclist.n ) memcpy(pData->p, doclist.p, doclist.n);
  5130   5130         fts5MultiIterNew2(p, pData, bDesc, ppIter);
  5131   5131       }
  5132   5132       fts5BufferFree(&doclist);

Changes to ext/fts5/fts5_main.c.

  1773   1773   ** correctly for the current view. Return SQLITE_OK if successful, or an
  1774   1774   ** SQLite error code otherwise.
  1775   1775   */
  1776   1776   static int fts5CacheInstArray(Fts5Cursor *pCsr){
  1777   1777     int rc = SQLITE_OK;
  1778   1778     Fts5PoslistReader *aIter;       /* One iterator for each phrase */
  1779   1779     int nIter;                      /* Number of iterators/phrases */
         1780  +  int nCol = ((Fts5Table*)pCsr->base.pVtab)->pConfig->nCol;
  1780   1781     
  1781   1782     nIter = sqlite3Fts5ExprPhraseCount(pCsr->pExpr);
  1782   1783     if( pCsr->aInstIter==0 ){
  1783   1784       sqlite3_int64 nByte = sizeof(Fts5PoslistReader) * nIter;
  1784   1785       pCsr->aInstIter = (Fts5PoslistReader*)sqlite3Fts5MallocZero(&rc, nByte);
  1785   1786     }
  1786   1787     aIter = pCsr->aInstIter;
................................................................................
  1826   1827             }
  1827   1828           }
  1828   1829   
  1829   1830           aInst = &pCsr->aInst[3 * (nInst-1)];
  1830   1831           aInst[0] = iBest;
  1831   1832           aInst[1] = FTS5_POS2COLUMN(aIter[iBest].iPos);
  1832   1833           aInst[2] = FTS5_POS2OFFSET(aIter[iBest].iPos);
         1834  +        if( aInst[1]<0 || aInst[1]>=nCol ){
         1835  +          rc = FTS5_CORRUPT;
         1836  +          break;
         1837  +        }
  1833   1838           sqlite3Fts5PoslistReaderNext(&aIter[iBest]);
  1834   1839         }
  1835   1840       }
  1836   1841   
  1837   1842       pCsr->nInstCount = nInst;
  1838   1843       CsrFlagClear(pCsr, FTS5CSR_REQUIRE_INST);
  1839   1844     }

Changes to ext/fts5/test/fts5corrupt3.test.

  4675   4675   
  4676   4676   db close
  4677   4677   sqlite3 db test.db
  4678   4678   do_catchsql_test 38.4 {
  4679   4679     SELECT * FROM t1('a b') ORDER BY rank;
  4680   4680   } {1 {database disk image is malformed}}
  4681   4681   
         4682  +#-------------------------------------------------------------------------
         4683  +reset_db
         4684  +do_test 38.0 {
         4685  +  sqlite3 db {}
         4686  +  db deserialize [decode_hexdb {
         4687  +| size 32768 pagesize 4096 filename crash-fd2a1313e5b5e9.db
         4688  +| page 1 offset 0
         4689  +|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
         4690  +|     16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 08   .....@  ........
         4691  +|     32: 00 00 00 02 00 00 00 01 00 00 00 09 00 00 00 04   ................
         4692  +|     48: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00   ................
         4693  +|     96: 00 00 00 00 0d 0f c7 00 07 0d 92 00 0f 8d 0f 36   ...............6
         4694  +|    112: 0e cb 0e 6b 0e 0e 0d b6 0d 92 0d 92 00 00 00 00   ...k............
         4695  +|   3472: 00 00 22 08 06 17 11 11 01 31 74 61 62 6c 65 74   .........1tablet
         4696  +|   3488: 32 74 32 08 43 52 45 41 54 45 20 54 41 42 4c 45   2t2.CREATE TABLE
         4697  +|   3504: 20 74 32 28 78 29 56 07 06 17 1f 1f 01 7d 74 61    t2(x)V.......ta
         4698  +|   3520: 62 6c 65 74 31 5f 63 6f 6e 66 69 67 74 31 5f 63   blet1_configt1_c
         4699  +|   3536: 6f 6e 66 69 67 07 43 52 45 41 54 45 20 54 41 42   onfig.CREATE TAB
         4700  +|   3552: 4c 45 20 27 74 31 5f 63 6f 6e 66 69 67 27 28 6b   LE 't1_config'(k
         4701  +|   3568: 20 50 52 49 4d 41 52 59 20 4b 45 59 2c 20 76 29    PRIMARY KEY, v)
         4702  +|   3584: 20 57 49 54 48 4f 55 54 20 52 4f 57 49 44 5b 06    WITHOUT ROWID[.
         4703  +|   3600: 07 17 21 21 01 81 01 74 61 62 6c 65 74 31 5f 64   ..!!...tablet1_d
         4704  +|   3616: 6f 63 73 69 7a 65 74 31 5f 64 6f 63 73 69 7a 65   ocsizet1_docsize
         4705  +|   3632: 06 43 52 45 41 54 45 20 54 41 42 4c 45 20 27 74   .CREATE TABLE 't
         4706  +|   3648: 31 5f 64 6f 63 73 69 7a 65 27 28 69 64 20 49 4e   1_docsize'(id IN
         4707  +|   3664: 54 45 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45   TEGER PRIMARY KE
         4708  +|   3680: 59 2c 20 73 7a 20 42 4c 4f 42 29 5e 05 07 17 21   Y, sz BLOB)^...!
         4709  +|   3696: 21 01 81 07 74 61 62 6c 65 b8 31 5f 63 6f 6e 74   !...table.1_cont
         4710  +|   3712: 65 6e 74 74 31 5f 63 6f 6e 74 65 6e 74 05 43 52   entt1_content.CR
         4711  +|   3728: 45 41 54 45 20 54 41 42 4c 45 20 27 74 31 5f 63   EATE TABLE 't1_c
         4712  +|   3744: 6f 6e 74 65 6e 74 27 28 69 64 20 49 4e 54 45 47   ontent'(id INTEG
         4713  +|   3760: 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59 2c 20   ER PRIMARY KEY, 
         4714  +|   3776: 63 30 2c 20 63 31 2c 20 63 32 29 69 04 07 17 19   c0, c1, c2)i....
         4715  +|   3792: 19 01 81 2d 74 61 62 6c 65 74 31 5f 69 64 78 74   ...-tablet1_idxt
         4716  +|   3808: 31 5f 69 64 78 04 43 52 45 41 54 45 20 54 41 42   1_idx.CREATE TAB
         4717  +|   3824: 4c 45 20 27 74 31 5f 69 64 78 27 28 73 65 67 69   LE 't1_idx'(segi
         4718  +|   3840: 64 2c 20 74 65 72 6d 2c 20 70 67 6e 6f 2c 20 50   d, term, pgno, P
         4719  +|   3856: 52 49 4d 41 52 59 20 4b 45 59 28 73 65 67 69 64   RIMARY KEY(segid
         4720  +|   3872: 2c 20 74 65 72 6d 29 29 20 57 49 54 48 4f 55 54   , term)) WITHOUT
         4721  +|   3888: 20 52 4f 57 49 44 55 03 07 17 1b 1b 01 81 01 74    ROWIDU........t
         4722  +|   3904: 61 62 6c 65 74 31 5f 64 61 74 61 74 31 5f 64 61   ablet1_datat1_da
         4723  +|   3920: 74 61 03 43 52 45 41 54 45 20 54 41 42 4c 45 20   ta.CREATE TABLE 
         4724  +|   3936: 27 74 31 5f 64 61 74 61 27 28 69 64 20 49 4e 54   't1_data'(id INT
         4725  +|   3952: 45 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59   EGER PRIMARY KEY
         4726  +|   3968: 2c 20 62 6c 6f 63 6b 20 42 4c 4f 42 29 38 02 06   , block BLOB)8..
         4727  +|   3984: 17 11 11 08 5f 74 61 62 6c 65 74 31 74 31 43 52   ...._tablet1t1CR
         4728  +|   4000: 45 41 54 45 20 56 49 52 54 55 41 4c 20 54 41 42   EATE VIRTUAL TAB
         4729  +|   4016: 4c 45 20 74 31 20 55 53 49 4e 47 20 66 74 73 35   LE t1 USING fts5
         4730  +|   4032: 28 61 2c 62 2c 63 29 00 00 00 39 00 00 00 00 00   (a,b,c)...9.....
         4731  +| page 3 offset 8192
         4732  +|      0: 0d 00 00 00 03 0c 94 00 0f e6 0f ef 0c 94 00 00   ................
         4733  +|   3216: 00 00 00 00 86 4a 84 80 80 80 80 01 04 00 8d 18   .....J..........
         4734  +|   3232: 00 00 03 2b 02 30 30 01 02 06 01 02 06 01 02 06   ...+.00.........
         4735  +|   3248: 1f 02 03 01 02 03 01 02 03 01 08 32 30 31 36 30   ...........20160
         4736  +|   3264: 36 30 39 01 02 07 01 02 07 01 02 07 01 01 34 01   609...........4.
         4737  +|   3280: 02 05 01 02 05 01 02 05 01 01 35 01 02 04 01 02   ..........5.....
         4738  +|   3296: 04 01 02 04 02 07 30 30 30 30 30 30 30 1c 02 04   ......0000000...
         4739  +|   3312: 01 02 04 01 02 04 01 06 62 69 6e 61 72 79 03 06   ........binary..
         4740  +|   3328: 01 02 02 03 06 01 02 02 03 06 01 02 02 03 06 01   ................
         4741  +|   3344: 02 02 03 06 01 02 02 03 06 01 02 02 03 06 01 02   ................
         4742  +|   3360: 02 03 06 01 02 02 03 06 01 02 02 03 06 01 02 02   ................
         4743  +|   3376: 03 06 01 02 02 03 06 01 02 02 01 08 63 6f 6d 70   ............comp
         4744  +|   3392: 69 6c 65 72 01 02 02 01 02 02 01 02 02 01 06 64   iler...........d
         4745  +|   3408: 62 73 74 61 74 07 02 03 01 02 03 01 02 03 02 04   bstat...........
         4746  +|   3424: 65 62 75 67 04 02 02 01 02 02 01 02 02 01 06 65   ebug...........e
         4747  +|   3440: 6e 61 62 6c 65 07 02 02 01 02 02 01 02 02 01 02   nable...........
         4748  +|   3456: 02 01 02 02 01 02 02 01 02 02 01 02 02 01 02 02   ................
         4749  +|   3472: 01 02 02 01 02 02 01 02 02 01 02 02 01 02 02 01   ................
         4750  +|   3488: 02 02 01 02 02 01 02 02 01 02 02 01 02 02 01 02   ................
         4751  +|   3504: 02 01 02 02 02 08 78 74 65 6e 73 69 6f 6e 1f 02   ......xtension..
         4752  +|   3520: 04 01 02 04 01 02 04 01 04 66 74 73 34 0a 02 03   .........fts4...
         4753  +|   3536: 01 02 03 01 02 03 04 01 35 0d 02 03 01 02 03 01   ........5.......
         4754  +|   3552: 02 03 01 03 67 63 63 01 02 03 01 02 03 01 02 03   ....gcc.........
         4755  +|   3568: 02 06 65 6f 70 6f 6c 79 10 02 03 01 02 03 01 02   ..eopoly........
         4756  +|   3584: 03 01 05 6a 73 6f 6e 31 13 02 03 01 02 03 01 02   ...json1........
         4757  +|   3600: 03 01 04 6c 6f 61 64 1f 02 03 01 02 03 01 02 03   ...load.........
         4758  +|   3616: 01 03 6d 61 78 1c 02 02 01 02 02 01 02 02 02 05   ..max...........
         4759  +|   3632: 65 6d 6f 72 79 1c 02 03 01 02 03 01 02 03 04 04   emory...........
         4760  +|   3648: 73 79 73 35 16 02 03 01 02 03 01 02 03 01 06 6e   sys5...........n
         4761  +|   3664: 6f 63 61 73 65 02 06 01 02 02 03 06 01 02 02 03   ocase...........
         4762  +|   3680: 06 01 02 02 03 06 01 02 02 03 06 01 02 02 03 06   ................
         4763  +|   3696: 01 02 02 03 06 01 02 02 03 06 01 02 02 03 06 01   ................
         4764  +|   3712: 02 02 03 06 01 02 02 03 06 01 02 02 03 06 01 02   ................
         4765  +|   3728: 02 01 04 6f 6d 69 74 1f 02 02 01 02 02 01 02 02   ...omit.........
         4766  +|   3744: 01 05 72 74 72 65 65 19 02 03 01 02 03 01 02 03   ..rtree.........
         4767  +|   3760: 04 02 69 6d 01 06 01 02 02 03 06 01 02 02 03 06   ..im............
         4768  +|   3776: 01 02 02 03 06 01 02 02 03 06 01 02 02 03 06 01   ................
         4769  +|   3792: 02 02 03 06 01 02 02 03 06 01 02 02 03 06 01 02   ................
         4770  +|   3808: 02 03 06 01 02 02 03 06 01 02 02 03 06 01 02 02   ................
         4771  +|   3824: 01 0a 74 68 72 65 61 64 73 61 66 65 22 02 02 01   ..threadsafe....
         4772  +|   3840: 02 02 01 02 01 01 04 76 74 61 62 07 02 04 01 02   .......vtab.....
         4773  +|   3856: 04 01 02 04 01 01 78 01 06 01 01 02 01 06 01 01   ......x.........
         4774  +|   3872: 02 01 06 01 01 02 01 06 01 01 02 01 06 01 01 02   ................
         4775  +|   3888: 01 06 01 01 02 01 06 01 01 02 01 06 01 01 02 01   ................
         4776  +|   3904: 06 01 01 02 01 06 01 01 02 01 06 01 01 02 01 06   ................
         4777  +|   3920: 01 01 02 01 06 01 01 02 01 06 01 01 02 01 06 01   ................
         4778  +|   3936: 01 02 01 06 01 01 02 01 06 01 01 02 01 06 01 01   ................
         4779  +|   3952: 02 01 06 01 01 02 01 06 01 01 02 01 06 01 01 02   ................
         4780  +|   3968: 01 06 01 01 02 01 06 01 01 02 01 06 01 01 02 01   ................
         4781  +|   3984: 06 01 01 02 01 06 01 01 02 01 06 01 01 02 01 06   ................
         4782  +|   4000: 01 01 02 01 06 01 01 02 01 06 01 ec 02 01 06 01   ................
         4783  +|   4016: 01 02 01 06 01 01 02 01 06 01 01 02 01 06 01 01   ................
         4784  +|   4032: 02 01 06 01 01 02 01 06 01 01 01 04 15 13 0c 0c   ................
         4785  +|   4048: 12 44 13 11 0f 47 13 0f 0c 0e 11 10 0f 0e 10 0f   .D...G..........
         4786  +|   4064: 44 0f 10 40 15 0f 07 01 03 00 14 24 5a 24 24 0f   D..@.......$Z$$.
         4787  +|   4080: 0a 03 00 24 00 00 00 00 01 01 01 00 01 01 01 01   ...$............
         4788  +| page 4 offset 12288
         4789  +|      0: 0a 00 00 00 01 0f fa 00 0f fa 00 00 00 00 00 00   ................
         4790  +|   4080: 00 00 00 00 00 00 00 00 00 00 05 04 09 0c 01 02   ................
         4791  +| page 5 offset 16384
         4792  +|      0: 0d 00 00 00 24 0c 0a 00 0f d8 0f af 0f 86 0f 74   ....$..........t
         4793  +|     16: 0f 61 0f 4e 0f 2f 0f 0f 0e ef 0e d7 0e be 0e a5   .a.N./..........
         4794  +|     32: 0e 8d 0e 74 0e 5b 0e 40 0e 24 0e 08 0d ef 0d d5   ...t.[.@.$......
         4795  +|     48: 0d bb 0d a0 0d 84 0d 68 0d 4f 0d 35 0d 1b 0c fb   .......h.O.5....
         4796  +|     64: 0c da 0c b9 0c 99 0c 78 0c 57 0c 3e 0c 24 0c 0a   .......x.W.>.$..
         4797  +|   3072: 00 00 00 00 00 00 00 00 00 00 18 24 05 00 25 0f   ...........$..%.
         4798  +|   3088: 19 54 48 52 45 41 44 53 41 46 45 3d 30 58 42 49   .THREADSAFE=0XBI
         4799  +|   3104: 4e 41 52 59 18 23 05 00 25 0f 19 54 48 52 45 41   NARY.#..%..THREA
         4800  +|   3120: 44 53 41 46 45 3d 30 58 4e 4f 43 41 53 45 17 22   DSAFE=0XNOCASE..
         4801  +|   3136: 05 00 25 0f 17 54 48 52 45 41 44 53 41 46 45 3d   ..%..THREADSAFE=
         4802  +|   3152: 30 58 52 54 52 49 4d 1f 21 05 00 33 0f 19 4f 4d   0XRTRIM.!..3..OM
         4803  +|   3168: 49 54 20 4c 4f 41 44 20 45 58 54 45 4e 53 49 4f   IT LOAD EXTENSIO
         4804  +|   3184: 4e 58 42 49 4e 41 52 59 1f 20 05 00 33 0f 19 4f   NXBINARY. ..3..O
         4805  +|   3200: 4d 49 54 20 4c 4f 41 44 20 45 58 54 45 4e 53 49   MIT LOAD EXTENSI
         4806  +|   3216: 4f 4e 58 4e 4f 43 41 53 45 1e 1f 05 00 33 0f 17   ONXNOCASE....3..
         4807  +|   3232: 4f 4d 49 54 20 4c 4f 41 44 20 45 58 54 45 4e 53   OMIT LOAD EXTENS
         4808  +|   3248: 49 4f 4e 58 52 54 52 49 4d 1f 1e 05 00 33 0f 19   IONXRTRIM....3..
         4809  +|   3264: 4d 41 58 20 4d 45 4d 4f 52 59 60 35 30 30 30 30   MAX MEMORY`50000
         4810  +|   3280: 30 30 30 58 42 49 4e 41 52 59 1f 1d 05 00 33 0f   000XBINARY....3.
         4811  +|   3296: 19 4d 41 58 20 4d 44 4d 4f 52 59 3d 35 30 30 30   .MAX MDMORY=5000
         4812  +|   3312: 30 30 30 30 58 4e 4f 43 41 53 45 1e 1c 05 00 33   0000XNOCASE....3
         4813  +|   3328: 0f 17 4d 41 58 20 4d 45 4d 4f 52 59 3d 35 30 30   ..MAX MEMORY=500
         4814  +|   3344: 30 30 30 30 30 58 52 54 52 49 4d 18 1b 05 00 25   00000XRTRIM....%
         4815  +|   3360: 0f 19 45 4e 41 42 4c 45 20 52 54 52 45 45 58 42   ..ENABLE RTREEXB
         4816  +|   3376: 49 4e 41 52 59 18 1a 05 00 25 0f 19 45 4e 41 42   INARY....%..ENAB
         4817  +|   3392: 4c 45 20 52 54 52 45 45 58 4e 4f 43 41 53 45 17   LE RTREEXNOCASE.
         4818  +|   3408: 19 05 00 25 0f 17 45 4e 41 42 4c 45 20 52 54 52   ...%..ENABLE RTR
         4819  +|   3424: 45 45 58 52 54 52 49 4d 1a 18 05 00 29 0f 19 45   EEXRTRIM....)..E
         4820  +|   3440: 4e 41 42 4c 45 20 4d 45 4d 53 59 53 35 58 42 49   NABLE MEMSYS5XBI
         4821  +|   3456: 4e 41 52 59 1a 17 05 00 29 0f 19 45 4e 41 42 4c   NARY....)..ENABL
         4822  +|   3472: 45 20 4d 45 4d 53 59 53 35 58 4e 4f 43 41 53 45   E MEMSYS5XNOCASE
         4823  +|   3488: 19 16 05 00 29 0f 17 45 4e 41 42 4c 45 20 4d 45   ....)..ENABLE ME
         4824  +|   3504: 4d 53 59 53 35 58 52 54 52 49 4d 18 15 05 00 25   MSYS5XRTRIM....%
         4825  +|   3520: 0f 19 45 4e 41 42 4c 45 20 4a 53 4f 4e 31 58 42   ..ENABLE JSON1XB
         4826  +|   3536: 49 4e 41 52 59 18 14 05 00 25 0f 19 45 4e 41 42   INARY....%..ENAB
         4827  +|   3552: 4c 45 20 4a 53 4f 4e 31 58 4e 4f 43 41 53 45 17   LE JSON1XNOCASE.
         4828  +|   3568: 13 05 00 25 0f 17 45 4e 41 42 4c 45 20 4a 53 4f   ...%..ENABLE JSO
         4829  +|   3584: 4e 31 58 52 54 52 49 4d 1a 12 05 00 29 0f 19 45   N1XRTRIM....)..E
         4830  +|   3600: 4e 41 42 4c 45 20 47 45 4f 50 4f 4c 59 58 42 49   NABLE GEOPOLYXBI
         4831  +|   3616: 4e 41 52 59 1a 11 05 00 29 0f 19 45 4e 41 42 4c   NARY....)..ENABL
         4832  +|   3632: 45 20 47 45 4f 50 4f 4c 59 58 4e 4f 43 41 53 45   E GEOPOLYXNOCASE
         4833  +|   3648: 19 10 05 00 29 0f 17 45 4e 41 42 4c 45 20 47 45   ....)..ENABLE GE
         4834  +|   3664: 4f 50 4f 4c 59 58 52 54 52 49 4d 17 0f 05 00 23   OPOLYXRTRIM....#
         4835  +|   3680: 0f 19 45 4e 41 42 4c 45 20 46 54 53 35 58 42 49   ..ENABLE FTS5XBI
         4836  +|   3696: 4e 41 52 59 17 0e 05 00 23 0f 19 45 4e 41 42 4c   NARY....#..ENABL
         4837  +|   3712: 45 20 46 54 53 35 58 4e 4f 43 41 53 45 16 0d 05   E FTS5XNOCASE...
         4838  +|   3728: 00 23 0f 17 45 4e 41 42 4c 45 20 46 54 53 35 58   .#..ENABLE FTS5X
         4839  +|   3744: 52 54 52 49 4d 17 0c 05 00 23 0f 19 45 4e 41 42   RTRIM....#..ENAB
         4840  +|   3760: 4c 45 20 46 54 53 34 58 42 49 4e 41 52 59 17 0b   LE FTS4XBINARY..
         4841  +|   3776: 05 00 23 0f 19 45 4e 41 42 4c 45 20 46 54 53 34   ..#..ENABLE FTS4
         4842  +|   3792: 58 4e 4f 43 41 53 45 16 0a 05 00 23 0f 17 45 4e   XNOCASE....#..EN
         4843  +|   3808: 41 42 4c 45 20 46 54 53 34 58 52 54 52 49 4d 1e   ABLE FTS4XRTRIM.
         4844  +|   3824: 09 05 00 31 0f 19 45 4e 41 42 4c 45 20 44 42 53   ...1..ENABLE DBS
         4845  +|   3840: 54 41 54 20 56 54 41 42 58 42 49 4e 41 52 59 1e   TAT VTABXBINARY.
         4846  +|   3856: 08 05 00 31 0f 19 45 4e 41 42 4c 45 20 44 42 53   ...1..ENABLE DBS
         4847  +|   3872: 54 41 54 20 56 54 41 42 58 4e 4f 43 41 53 45 1d   TAT VTABXNOCASE.
         4848  +|   3888: 07 05 00 31 0f 17 45 4e 41 42 4c 45 20 44 42 53   ...1..ENABLE DBS
         4849  +|   3904: 54 41 54 20 56 54 41 42 58 52 54 52 49 4d 11 06   TAT VTABXRTRIM..
         4850  +|   3920: 05 00 17 0f 19 44 45 42 55 47 58 42 49 4e 41 52   .....DEBUGXBINAR
         4851  +|   3936: 59 11 05 05 00 17 0f 19 44 45 42 55 47 58 4e 4f   Y.......DEBUGXNO
         4852  +|   3952: 43 41 53 45 10 04 05 00 17 0f 17 44 45 42 55 47   CASE.......DEBUG
         4853  +|   3968: 58 52 54 52 49 4d 27 03 05 00 43 0f 19 43 4f 4d   XRTRIM'...C..COM
         4854  +|   3984: 50 49 4c 45 52 3d 67 63 63 2d 35 2e 34 2e 30 20   PILER=gcc-5.4.0 
         4855  +|   4000: 32 30 31 36 30 36 30 39 58 42 49 4e 41 52 59 27   20160609XBINARY'
         4856  +|   4016: 02 05 00 43 0f 19 43 4f 4d 50 49 4c 45 52 3d 67   ...C..COMPILER=g
         4857  +|   4032: 63 63 2d 35 2e 34 2e 30 20 32 30 31 36 30 36 30   cc-5.4.0 2016060
         4858  +|   4048: 39 58 4e 4f 43 41 53 45 26 01 05 00 43 0f 17 43   9XNOCASE&...C..C
         4859  +|   4064: 4f 4d 50 49 4c 45 52 3d 67 63 63 2d 35 2e 34 2e   OMPILER=gcc-5.4.
         4860  +|   4080: 30 20 32 30 31 36 30 36 30 39 58 52 54 52 49 4d   0 20160609XRTRIM
         4861  +| page 6 offset 20480
         4862  +|      0: 0d 00 00 00 24 0e e0 00 0f f8 0f f0 0f e8 0f e0   ....$...........
         4863  +|     16: 0f d8 0f d0 0f c8 0f c0 0f b8 0f b0 0f a8 0f a0   ................
         4864  +|     32: 0f 98 0f 90 0f 88 0f 80 0f 78 0f 70 0f 68 0f 60   .........x.p.h.`
         4865  +|     48: 0f 58 0f 50 0f 48 0f 40 0f 38 0f 30 0f 28 0f 20   .X.P.H.@.8.0.(. 
         4866  +|     64: 0f 18 0f 10 0f 08 0f 00 0e f8 0e f0 0e e8 0e e0   ................
         4867  +|   3808: 06 24 03 00 12 02 01 01 06 23 03 00 12 02 01 01   .$.......#......
         4868  +|   3824: 06 22 03 00 12 02 01 01 06 21 03 00 12 03 01 01   .........!......
         4869  +|   3840: 06 20 03 00 12 03 01 01 06 1f 03 00 12 03 01 01   . ..............
         4870  +|   3856: 06 1e 03 00 12 03 01 01 06 1d 03 00 12 03 01 01   ................
         4871  +|   3872: 06 1c 03 00 12 03 01 01 16 1b 03 00 12 02 01 01   ................
         4872  +|   3888: 06 1a 03 00 12 02 01 01 06 19 03 00 12 02 01 01   ................
         4873  +|   3904: 06 18 03 00 12 02 01 01 06 17 03 00 12 02 01 01   ................
         4874  +|   3920: 06 16 03 00 12 02 01 01 06 15 03 00 12 02 01 01   ................
         4875  +|   3936: 06 14 03 00 12 02 01 01 06 13 03 00 12 02 01 01   ................
         4876  +|   3952: 06 12 03 00 12 02 01 01 06 11 03 00 12 02 01 01   ................
         4877  +|   3968: 06 10 03 00 12 02 01 01 06 0f 03 00 12 02 01 01   ................
         4878  +|   3984: 06 0e 03 00 12 02 01 01 06 0d 03 00 12 02 01 01   ................
         4879  +|   4000: 06 0c 03 00 12 02 01 01 06 0b 03 00 12 02 01 01   ................
         4880  +|   4016: 06 0a 03 00 12 02 01 01 05 09 03 00 12 03 01 01   ................
         4881  +|   4032: 06 08 03 00 12 03 01 01 06 07 03 10 12 03 01 01   ................
         4882  +|   4048: 06 06 03 00 12 01 01 01 06 05 03 00 12 01 01 01   ................
         4883  +|   4064: 06 04 03 00 12 01 01 01 06 03 03 00 12 05 f1 01   ................
         4884  +|   4080: 06 02 03 00 12 06 01 01 06 01 03 00 12 06 01 01   ................
         4885  +| page 7 offset 24576
         4886  +|      0: 0a 00 00 00 01 0f f4 00 0f f4 00 00 00 00 00 00   ................
         4887  +|   4080: 00 00 00 00 0b 03 1b 01 76 65 72 73 69 6f 6e 04   ........version.
         4888  +| page 8 offset 28672
         4889  +|      0: 0d 00 00 00 03 0f d6 00 0f f4 0f e9 0f d6 00 00   ................
         4890  +|   4048: 00 00 00 00 00 00 11 03 02 2b 69 6e 74 65 67 72   .........+integr
         4891  +|   4064: 69 74 79 2d 63 68 65 63 6b 09 02 02 1b 72 65 62   ity-check....reb
         4892  +|   4080: 75 69 6c 64 0a 01 02 1d 6f 70 74 69 6d 69 7a 65   uild....optimize
         4893  +| end crash-fd2a1313e5b5e9.db
         4894  +}]} {}
         4895  +
         4896  +do_catchsql_test 38.1 {
         4897  +  UPDATE t1 SET b=quote(zeroblob(200)) WHERE t1 MATCH 'thread*';
         4898  +} {1 {database disk image is malformed}}
  4682   4899   
  4683   4900   
  4684   4901   
  4685   4902   sqlite3_fts5_may_be_corrupt 0
  4686   4903   finish_test
  4687   4904