/ Check-in [4ade96ce]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a case in fts4 where a corrupt %_stat table could lead to a crash.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | fts4aux
Files: files | file ages | folders
SHA1: 4ade96ce974244fc34bb97713d3cba10e3d33056
User & Date: dan 2011-02-01 17:55:48
Context
2011-02-01
18:00
Fix a problem causing builds with SQLITE_OMIT_WAL defined to fail. check-in: b9b48dd8 user: dan tags: fts4aux
17:55
Fix a case in fts4 where a corrupt %_stat table could lead to a crash. check-in: 4ade96ce user: dan tags: fts4aux
16:34
Add virtual table module "fts4aux", used to inspect the full-text index of an fts4 table directly. Also add the "compress" and "uncompress" fts4 options. check-in: b010ddcc user: dan tags: fts4aux
Changes
Hide Diffs Unified Diffs Show Whitespace Changes Patch

Changes to ext/fts3/fts3_snippet.c.

956
957
958
959
960
961
962

963
964
965
966
967
968
969
....
1162
1163
1164
1165
1166
1167
1168

1169
1170
1171

1172
1173
1174
1175
1176
1177
1178
    if( rc!=SQLITE_OK ) return rc;
  }
  pStmt = *ppStmt;
  assert( sqlite3_data_count(pStmt)==1 );

  a = sqlite3_column_blob(pStmt, 0);
  a += sqlite3Fts3GetVarint(a, &nDoc);

  *pnDoc = (u32)nDoc;

  if( paLen ) *paLen = a;
  return SQLITE_OK;
}

/*
................................................................................
          sqlite3_int64 nDoc;     /* Number of rows in table */
          const char *a;          /* Aggregate column length array */

          rc = fts3MatchinfoSelectDoctotal(pTab, &pSelect, &nDoc, &a);
          if( rc==SQLITE_OK ){
            int iCol;
            for(iCol=0; iCol<pInfo->nCol; iCol++){

              sqlite3_int64 nToken;
              a += sqlite3Fts3GetVarint(a, &nToken);
              pInfo->aMatchinfo[iCol] = (u32)(((u32)(nToken&0xffffffff)+nDoc/2)/nDoc);

            }
          }
        }
        break;

      case FTS3_MATCHINFO_LENGTH: {
        sqlite3_stmt *pSelectDocsize = 0;







>







 







>


|
>







956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
....
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
    if( rc!=SQLITE_OK ) return rc;
  }
  pStmt = *ppStmt;
  assert( sqlite3_data_count(pStmt)==1 );

  a = sqlite3_column_blob(pStmt, 0);
  a += sqlite3Fts3GetVarint(a, &nDoc);
  if( nDoc==0 ) return SQLITE_CORRUPT;
  *pnDoc = (u32)nDoc;

  if( paLen ) *paLen = a;
  return SQLITE_OK;
}

/*
................................................................................
          sqlite3_int64 nDoc;     /* Number of rows in table */
          const char *a;          /* Aggregate column length array */

          rc = fts3MatchinfoSelectDoctotal(pTab, &pSelect, &nDoc, &a);
          if( rc==SQLITE_OK ){
            int iCol;
            for(iCol=0; iCol<pInfo->nCol; iCol++){
              u32 iVal;
              sqlite3_int64 nToken;
              a += sqlite3Fts3GetVarint(a, &nToken);
              iVal = (u32)(((u32)(nToken&0xffffffff)+nDoc/2)/nDoc);
              pInfo->aMatchinfo[iCol] = iVal;
            }
          }
        }
        break;

      case FTS3_MATCHINFO_LENGTH: {
        sqlite3_stmt *pSelectDocsize = 0;

Changes to ext/fts3/fts3_write.c.

285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
....
1098
1099
1100
1101
1102
1103
1104

1105

1106
1107
1108
1109

1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122

  rc = fts3SqlStmt(pTab, eStmt, &pStmt, 0);
  if( rc==SQLITE_OK ){
    if( eStmt==SQL_SELECT_DOCSIZE ){
      sqlite3_bind_int64(pStmt, 1, iDocid);
    }
    rc = sqlite3_step(pStmt);
    if( rc!=SQLITE_ROW ){
      rc = sqlite3_reset(pStmt);
      if( rc==SQLITE_OK ) rc = SQLITE_CORRUPT;
      pStmt = 0;
    }else{
      rc = SQLITE_OK;
    }
  }
................................................................................
      ** the table. The following nCol varints contain the total amount of
      ** data stored in all rows of each column of the table, from left
      ** to right.
      */
      sqlite3_stmt *pStmt;
      sqlite3_int64 nDoc = 0;
      sqlite3_int64 nByte = 0;

      const char *a;

      rc = sqlite3Fts3SelectDoctotal(p, &pStmt);
      if( rc ) return rc;
      a = sqlite3_column_blob(pStmt, 0);
      if( a ){

        const char *pEnd = &a[sqlite3_column_bytes(pStmt, 0)];
        a += sqlite3Fts3GetVarint(a, &nDoc);
        while( a<pEnd ){
          a += sqlite3Fts3GetVarint(a, &nByte);
        }
      }
      if( nDoc==0 || nByte==0 ){
        sqlite3_reset(pStmt);
        return SQLITE_CORRUPT;
      }

      pCsr->nRowAvg = (int)(((nByte / nDoc) + pgsz) / pgsz);
      assert( pCsr->nRowAvg>0 ); 







|







 







>

>

|

|
>
|




<







285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
....
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117

1118
1119
1120
1121
1122
1123
1124

  rc = fts3SqlStmt(pTab, eStmt, &pStmt, 0);
  if( rc==SQLITE_OK ){
    if( eStmt==SQL_SELECT_DOCSIZE ){
      sqlite3_bind_int64(pStmt, 1, iDocid);
    }
    rc = sqlite3_step(pStmt);
    if( rc!=SQLITE_ROW || sqlite3_column_type(pStmt, 0)!=SQLITE_BLOB ){
      rc = sqlite3_reset(pStmt);
      if( rc==SQLITE_OK ) rc = SQLITE_CORRUPT;
      pStmt = 0;
    }else{
      rc = SQLITE_OK;
    }
  }
................................................................................
      ** the table. The following nCol varints contain the total amount of
      ** data stored in all rows of each column of the table, from left
      ** to right.
      */
      sqlite3_stmt *pStmt;
      sqlite3_int64 nDoc = 0;
      sqlite3_int64 nByte = 0;
      const char *pEnd;
      const char *a;

      rc = sqlite3Fts3SelectDoctotal(p, &pStmt);
      if( rc!=SQLITE_OK ) return rc;
      a = sqlite3_column_blob(pStmt, 0);
      assert( a );

      pEnd = &a[sqlite3_column_bytes(pStmt, 0)];
      a += sqlite3Fts3GetVarint(a, &nDoc);
      while( a<pEnd ){
        a += sqlite3Fts3GetVarint(a, &nByte);
      }

      if( nDoc==0 || nByte==0 ){
        sqlite3_reset(pStmt);
        return SQLITE_CORRUPT;
      }

      pCsr->nRowAvg = (int)(((nByte / nDoc) + pgsz) / pgsz);
      assert( pCsr->nRowAvg>0 ); 

Changes to test/fts3corrupt.test.

126
127
128
129
130
131
132
133



























134
135
  "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
]

do_catchsql_test 4.3 {
  UPDATE t1_segdir SET root = $blob;
  SELECT rowid FROM t1 WHERE t1 MATCH 'world';
} {1 {database disk image is malformed}}




























finish_test









>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
  "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
]

do_catchsql_test 4.3 {
  UPDATE t1_segdir SET root = $blob;
  SELECT rowid FROM t1 WHERE t1 MATCH 'world';
} {1 {database disk image is malformed}}

# Test a special kind of corruption, where the %_stat table contains
# an invalid entry. At one point this could lead to a division-by-zero
# error in fts4.
#
do_execsql_test 5.0 {
  DROP TABLE t1;
  CREATE VIRTUAL TABLE t1 USING fts4;
}
do_test 5.1 {
  db func nn nn
  execsql BEGIN
  execsql { INSERT INTO t1 VALUES('one') }
  execsql { INSERT INTO t1 VALUES('two') }
  execsql { INSERT INTO t1 VALUES('three') }
  execsql { INSERT INTO t1 VALUES('four') }
  execsql COMMIT
} {}
do_catchsql_test 5.2 {
  UPDATE t1_stat SET value = X'0000';
  SELECT matchinfo(t1, 'nxa') FROM t1 WHERE t1 MATCH 't*';
} {1 {database disk image is malformed}}
do_catchsql_test 5.3 {
  UPDATE t1_stat SET value = NULL;
  SELECT matchinfo(t1, 'nxa') FROM t1 WHERE t1 MATCH 't*';
} {1 {database disk image is malformed}}


finish_test