/ Check-in [7c862c46]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Avoid an integer overflow in the fts5 snippet() function triggered by a corrupt database record.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 7c862c4655841e1263cf548d01f5b4331685ab7d396494891cad0a5f50c63e16
User & Date: dan 2019-01-29 16:34:45
Context
2019-01-29
16:41
More robust handling of corrupt database file in the rebalance operation of the btree logic. check-in: 97704cb7 user: drh tags: trunk
16:34
Avoid an integer overflow in the fts5 snippet() function triggered by a corrupt database record. check-in: 7c862c46 user: dan tags: trunk
15:30
Avoid a crash when the fts5 snippet() function (or similar) is used with a special query pattern, like '*id' or '*reads'. check-in: 9d58a157 user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_aux.c.

   439    439         for(ii=0; rc==SQLITE_OK && ii<nInst; ii++){
   440    440           int ip, ic, io;
   441    441           int iAdj;
   442    442           int nScore;
   443    443           int jj;
   444    444   
   445    445           rc = pApi->xInst(pFts, ii, &ip, &ic, &io);
   446         -        if( ic!=i || rc!=SQLITE_OK ) continue;
          446  +        if( ic!=i ) continue;
          447  +        if( io>nDocsize ) rc = FTS5_CORRUPT;
          448  +        if( rc!=SQLITE_OK ) continue;
   447    449           memset(aSeen, 0, nPhrase);
   448    450           rc = fts5SnippetScore(pApi, pFts, nDocsize, aSeen, i,
   449    451               io, nToken, &nScore, &iAdj
   450    452           );
   451    453           if( rc==SQLITE_OK && nScore>nBestScore ){
   452    454             nBestScore = nScore;
   453    455             iBestCol = i;

Changes to ext/fts5/test/fts5corrupt3.test.

  5814   5814   
  5815   5815   do_catchsql_test 44.2 {
  5816   5816   INSERT INTO t1(t1) VALUES('integrity-check');
  5817   5817   } {1 {database disk image is malformed}}
  5818   5818   
  5819   5819   do_catchsql_test 44.2 {
  5820   5820     SELECT snippet(t1, -1, '.', '..', '', 2 ) FROM t1('g h') ORDER BY rank; 
  5821         -} {0 {{.g.. .h..} {.g.. h} {.g.. .h..}}}
         5821  +} {1 {database disk image is malformed}}
  5822   5822   
  5823   5823   #--------------------------------------------------------------------------
  5824   5824   reset_db
  5825   5825   do_test 45.0 {
  5826   5826     sqlite3 db {}
  5827   5827     db deserialize [decode_hexdb {
  5828   5828   | size 24576 pagesize 4096 filename crash-0b162c9e69b999.db
................................................................................
  6263   6263   |   4080: 75 69 6c 64 0a 01 02 1d 6f 70 74 69 6d 69 7a 65   uild....optimize
  6264   6264   | end crash-1ee8bd451dd1ad.db
  6265   6265   }]} {}
  6266   6266   
  6267   6267   do_catchsql_test 46.1 {
  6268   6268     SELECT snippet(t1,'[','', '--',-1,10) FROM t1('*');
  6269   6269   } {0 {{}}}
         6270  +
         6271  +#--------------------------------------------------------------------------
         6272  +reset_db
         6273  +do_test 47.0 {
         6274  +  sqlite3 db {}
         6275  +  db deserialize [decode_hexdb {
         6276  +| size 40960 pagesize 4096 filename 4b6fc659283f2735616c.db
         6277  +| page 1 offset 0
         6278  +|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
         6279  +|     16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 0a   .....@  ........
         6280  +|     32: 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 04   ................
         6281  +|     48: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00   ................
         6282  +|     96: 00 00 00 00 0d 00 00 00 0d 0b 6e 00 0f a3 0f 4c   ..........n....L
         6283  +|    112: 0e e1 0e 81 0e 24 0d cc 0d 72 0d 1b 0c b0 0c 50   .....$...r.....P
         6284  +|    128: 0b f8 0b b3 0b 6e 00 00 00 00 00 00 00 00 00 00   .....n..........
         6285  +|   2912: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 0d   ..............C.
         6286  +|   2928: 06 17 11 11 08 75 74 61 62 6c 65 74 34 74 34 43   .....utablet4t4C
         6287  +|   2944: 52 45 41 54 45 20 56 49 52 54 55 41 4c 20 54 41   REATE VIRTUAL TA
         6288  +|   2960: 42 4c 45 20 74 34 20 55 53 49 4e 47 20 66 74 73   BLE t4 USING fts
         6289  +|   2976: 35 76 6f 63 61 62 28 27 74 32 27 2c 20 27 72 6f   5vocab('t2', 'ro
         6290  +|   2992: 77 27 29 43 0c 06 17 11 11 08 75 74 61 62 6c 65   w')C......utable
         6291  +|   3008: 74 33 74 33 43 52 45 41 54 45 20 56 49 52 54 55   t3t3CREATE VIRTU
         6292  +|   3024: 41 4c 20 54 41 42 4c 45 20 74 33 20 55 53 49 4e   AL TABLE t3 USIN
         6293  +|   3040: 47 20 66 74 73 35 76 6f 63 61 62 28 27 74 31 27   G fts5vocab('t1'
         6294  +|   3056: 2c 20 27 72 6f 77 27 29 56 0b 06 17 1f 1f 01 7d   , 'row')V.......
         6295  +|   3072: 74 61 62 6c 65 7d 42 5f 63 6f 6e 66 69 67 74 32   table.B_configt2
         6296  +|   3088: 5f 63 6f 6e 66 69 67 0a 43 52 45 41 54 45 20 54   _config.CREATE T
         6297  +|   3104: 41 42 4c 45 20 27 74 32 5f 63 6f 6e 66 69 67 27   ABLE 't2_config'
         6298  +|   3120: 28 6b 20 50 52 49 4d 41 52 59 20 4b 45 59 2c 20   (k PRIMARY KEY, 
         6299  +|   3136: 76 29 20 57 49 54 48 4f 55 54 20 52 4f 57 49 44   v) WITHOUT ROWID
         6300  +|   3152: 5e 0a 07 17 21 21 01 81 07 74 61 62 6c 65 74 32   ^...!!...tablet2
         6301  +|   3168: 5f 63 6f 6e 74 65 6e 74 74 32 5f 63 6f 6e 74 65   _contentt2_conte
         6302  +|   3184: 6e 74 09 43 52 45 41 54 45 20 54 41 42 4c 45 20   nt.CREATE TABLE 
         6303  +|   3200: 27 74 32 5f 63 6f 6e 74 65 6e 74 27 28 69 64 20   't2_content'(id 
         6304  +|   3216: 49 4e 54 45 47 45 52 20 50 52 49 4d 41 52 59 20   INTEGER PRIMARY 
         6305  +|   3232: 4b 45 59 2c 20 63 30 2c 20 63 31 2c 20 63 32 29   KEY, c0, c1, c2)
         6306  +|   3248: 69 09 07 17 19 19 01 81 2d 74 61 62 6c 65 74 32   i.......-tablet2
         6307  +|   3264: 5f 69 64 78 74 32 5f 69 64 78 08 43 52 45 41 54   _idxt2_idx.CREAT
         6308  +|   3280: 45 20 54 41 42 4c 45 20 27 74 32 5f 69 64 78 27   E TABLE 't2_idx'
         6309  +|   3296: 28 73 65 67 69 64 2c 20 74 65 72 6d 2c 20 70 67   (segid, term, pg
         6310  +|   3312: 6e 6f 2c 20 50 52 49 4d 41 52 59 20 4b 45 59 28   no, PRIMARY KEY(
         6311  +|   3328: 73 65 67 69 64 2c 20 74 65 72 6d 29 29 20 57 49   segid, term)) WI
         6312  +|   3344: 54 48 4f 55 54 20 52 4f 57 49 44 55 08 07 17 1b   THOUT ROWIDU....
         6313  +|   3360: 1b 01 81 01 74 61 62 6c 65 74 32 5f 64 61 74 61   ....tablet2_data
         6314  +|   3376: 74 32 5f 64 61 74 61 07 43 52 45 41 54 45 20 54   t2_data.CREATE T
         6315  +|   3392: 41 42 4c 45 20 27 74 32 5f 64 61 74 61 27 28 69   ABLE 't2_data'(i
         6316  +|   3408: 64 20 49 4e 54 45 47 45 52 20 50 52 49 4d 41 52   d INTEGER PRIMAR
         6317  +|   3424: 59 20 4b 45 59 2c 20 62 6c 6f 63 6b 20 42 4c 4f   Y KEY, block BLO
         6318  +|   3440: 42 29 58 07 07 17 11 11 08 81 1d 74 61 62 6c 65   B)X........table
         6319  +|   3456: 74 32 74 32 43 52 45 41 54 45 20 56 49 52 54 55   t2t2CREATE VIRTU
         6320  +|   3472: 41 4c 20 54 41 42 4c 45 20 74 32 20 55 53 49 4e   AL TABLE t2 USIN
         6321  +|   3488: 47 20 66 74 73 35 28 27 61 27 2c 5b 62 5d 2c 22   G fts5('a',[b],.
         6322  +|   3504: 63 22 2c 64 65 74 61 69 6c 3d 6e 6f 6e 65 2c 63   c.,detail=none,c
         6323  +|   3520: 6f 6c 75 6d 6e 73 69 7a 65 3d 30 29 56 06 06 17   olumnsize=0)V...
         6324  +|   3536: 1f 1f 01 7d 74 61 62 6c 65 74 31 5f 63 6f 6e 66   ....tablet1_conf
         6325  +|   3552: 69 67 74 31 5f 63 6f 6e 66 69 67 06 43 52 45 41   igt1_config.CREA
         6326  +|   3568: 54 45 20 54 41 42 4c 45 20 27 74 31 5f 63 6f 6e   TE TABLE 't1_con
         6327  +|   3584: 66 69 67 27 28 6b 20 50 52 49 4d 41 52 59 20 4b   fig'(k PRIMARY K
         6328  +|   3600: 45 59 2c 20 76 29 20 57 49 54 48 4f 55 54 20 52   EY, v) WITHOUT R
         6329  +|   3616: 4f 57 49 44 5b 05 07 17 21 21 01 81 01 74 61 62   OWID[...!!...tab
         6330  +|   3632: 6c 65 74 31 5f 64 6f 63 73 69 7a 65 74 31 5f 64   let1_docsizet1_d
         6331  +|   3648: 6f 63 73 69 7a 65 05 43 52 45 41 54 45 20 54 41   ocsize.CREATE TA
         6332  +|   3664: 42 4c 45 20 27 74 31 5f 64 6f 63 73 69 7a 65 27   BLE 't1_docsize'
         6333  +|   3680: 28 69 64 20 49 4e 54 45 47 45 52 20 50 52 49 4d   (id INTEGER PRIM
         6334  +|   3696: 41 52 59 20 4b 45 59 2c 20 73 7a 20 42 4c 4f 42   ARY KEY, sz BLOB
         6335  +|   3712: 29 5e 04 07 17 21 21 01 81 07 74 61 62 6c 65 74   )^...!!...tablet
         6336  +|   3728: 31 5f 63 6f 6e 74 65 6f 74 74 31 5f 63 6f 6e 74   1_conteott1_cont
         6337  +|   3744: 65 6e 74 04 43 52 45 41 54 45 20 54 41 42 4c 45   ent.CREATE TABLE
         6338  +|   3760: 20 27 74 31 5f 63 6f 6e 74 65 6e 74 27 28 69 64    't1_content'(id
         6339  +|   3776: 20 49 4e 54 45 47 46 52 20 50 52 49 4d 41 52 59    INTEGFR PRIMARY
         6340  +|   3792: 20 4b 45 59 2c 20 63 30 2c 20 63 31 2c 20 63 32    KEY, c0, c1, c2
         6341  +|   3808: 29 69 03 07 17 19 19 01 81 2d 74 61 62 6c 65 74   )i.......-tablet
         6342  +|   3824: 31 5f 69 64 78 74 31 5f 69 64 78 03 43 52 45 41   1_idxt1_idx.CREA
         6343  +|   3840: 54 45 20 54 41 42 4c 45 20 27 74 31 5f 69 64 78   TE TABLE 't1_idx
         6344  +|   3856: 27 28 73 65 67 69 64 2c 20 74 65 72 6d 2c 20 70   '(segid, term, p
         6345  +|   3872: 67 6e 6f 2c 20 50 52 49 4d 41 52 59 20 4b 45 59   gno, PRIMARY KEY
         6346  +|   3888: 28 73 65 67 69 64 2c 20 74 65 72 6d 29 29 20 57   (segid, term)) W
         6347  +|   3904: 49 54 48 4f 55 54 20 52 4f 57 49 44 55 02 07 17   ITHOUT ROWIDU...
         6348  +|   3920: 1b 1b 01 81 01 74 61 62 6c 65 74 31 5f 64 61 74   .....tablet1_dat
         6349  +|   3936: 61 74 31 5f 64 61 74 61 02 43 52 45 41 54 45 20   at1_data.CREATE 
         6350  +|   3952: 54 41 42 4c 45 20 27 74 31 5f 64 61 74 61 27 28   TABLE 't1_data'(
         6351  +|   3968: 69 64 20 49 4e 54 45 47 45 52 20 50 52 49 4d 41   id INTEGER PRIMA
         6352  +|   3984: 52 59 20 4b 45 59 2c 20 62 6c 6f 63 6b 20 42 4c   RY KEY, block BL
         6353  +|   4000: 4f 42 29 5b 01 07 17 11 11 08 81 23 74 61 62 6c   OB)[.......#tabl
         6354  +|   4016: 65 74 31 74 31 43 52 45 41 54 45 20 56 49 52 54   et1t1CREATE VIRT
         6355  +|   4032: 55 41 4c 20 54 41 42 4c 45 20 74 31 20 55 53 49   UAL TABLE t1 USI
         6356  +|   4048: 4e 47 20 66 74 73 35 28 61 2c 62 20 75 6e 69 6e   NG fts5(a,b unin
         6357  +|   4064: 64 65 78 65 64 2c 63 2c 74 6f 6b 65 6e 69 7a 65   dexed,c,tokenize
         6358  +|   4080: 3d 22 70 6f 72 74 65 72 20 61 73 63 69 69 22 29   =.porter ascii.)
         6359  +| page 2 offset 4096
         6360  +|      0: 0d 0f 68 00 05 0f 13 00 0f e6 0f 13 0f a8 0f 7c   ..h............|
         6361  +|     16: 0f 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00   .*..............
         6362  +|   3856: 00 00 00 15 0a 03 00 30 00 00 00 00 01 03 03 00   .......0........
         6363  +|   3872: 03 01 01 01 02 01 01 03 01 01 37 8c 80 80 80 80   ..........7.....
         6364  +|   3888: 01 03 00 74 00 00 00 2e 02 30 61 03 02 02 01 01   ...t.....0a.....
         6365  +|   3904: 62 03 02 03 01 01 63 03 02 04 01 01 67 03 06 01   b.....c.....g...
         6366  +|   3920: 02 02 01 01 68 03 06 01 02 03 01 01 69 03 06 01   ....h.......i...
         6367  +|   3936: 02 04 04 06 06 06 08 08 0f ef 00 14 2a 00 00 00   ............*...
         6368  +|   3952: 00 01 02 02 00 02 01 01 01 02 01 01 25 88 80 80   ............%...
         6369  +|   3968: 80 80 01 03 00 50 00 00 00 1f 02 30 67 02 08 02   .....P.....0g...
         6370  +|   3984: 01 02 02 01 01 68 02 08 03 01 02 03 01 01 69 02   .....h........i.
         6371  +|   4000: 08 04 01 02 04 04 09 09 37 84 80 80 80 80 01 03   ........7.......
         6372  +|   4016: 00 74 00 00 00 2e 02 30 61 01 02 02 01 01 62 01   .t.....0a.....b.
         6373  +|   4032: 02 03 01 01 63 01 02 04 01 01 67 01 06 01 02 01   ....c.....g.....
         6374  +|   4048: 01 01 68 01 06 01 02 03 01 01 69 01 06 01 02 04   ..h.......i.....
         6375  +|   4064: 04 06 06 06 08 08 07 01 03 00 14 03 09 00 09 00   ................
         6376  +|   4080: 00 00 11 24 00 00 00 00 01 01 01 00 01 01 01 01   ...$............
         6377  +| page 3 offset 8192
         6378  +|      0: 0a 00 00 00 03 0f ec 00 0f fa 0f f3 0f ec 00 00   ................
         6379  +|   4064: 00 00 00 00 00 00 00 00 00 00 00 00 06 04 01 0c   ................
         6380  +|   4080: 01 03 02 06 04 01 0c 01 02 02 05 04 09 0c 01 02   ................
         6381  +| page 4 offset 12288
         6382  +|      0: 0d 00 00 00 03 0f be 00 0f ea 0f d4 0f be 00 00   ................
         6383  +|   4016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 03   ................
         6384  +|   4032: 05 00 17 17 17 61 20 62 20 63 67 20 68 20 69 67   .....a b cg h ig
         6385  +|   4048: 20 68 20 69 14 02 05 00 17 17 17 67 20 68 20 69    h i.......g h i
         6386  +|   4064: 61 20 62 20 63 67 20 68 20 69 14 01 05 00 17 17   a b cg h i......
         6387  +|   4080: 17 61 20 62 20 63 64 20 65 20 66 67 20 68 20 69   .a b cd e fg h i
         6388  +| page 5 offset 16384
         6389  +|      0: 0d 00 00 00 03 0f e8 00 0f f8 0f f0 0f e8 00 00   ................
         6390  +|   4064: 00 00 00 00 00 00 00 00 06 03 03 00 12 03 00 03   ................
         6391  +|   4080: 06 02 03 00 12 03 00 03 06 01 03 00 12 03 00 03   ................
         6392  +| page 6 offset 20480
         6393  +|      0: 0a 00 00 00 01 0f f4 00 0f f4 00 00 00 00 00 00   ................
         6394  +|   4080: 00 00 00 00 0b 03 1b 01 76 65 72 73 69 6f 6e 04   ........version.
         6395  +| page 7 offset 24576
         6396  +|      0: 0d 00 00 00 03 0f 9e 00 0f e6 0f ef 0f 9e 00 00   ................
         6397  +|   3984: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 84   ..............A.
         6398  +|   4000: 80 80 80 80 01 04 00 81 06 00 00 00 34 02 30 61   ............4.0a
         6399  +|   4016: 01 01 01 01 01 62 01 01 01 01 01 63 01 01 01 01   .....b.....c....
         6400  +|   4032: 01 64 01 01 01 65 01 01 01 66 01 01 01 67 01 01   .d...e...f...g..
         6401  +|   4048: 01 01 01 68 01 01 01 01 01 69 01 01 01 04 06 06   ...h.....i......
         6402  +|   4064: 06 04 04 04 06 06 07 01 03 00 14 03 09 09 09 0f   ................
         6403  +|   4080: 0a 03 00 24 00 00 00 00 01 01 01 00 01 01 01 01   ...$............
         6404  +| page 8 offset 28672
         6405  +|      0: 0a 00 00 00 01 0f fa 00 0f fa 00 00 00 00 00 00   ................
         6406  +|   4080: 00 00 00 00 00 00 00 00 00 00 05 04 09 0c 01 02   ................
         6407  +| page 9 offset 32768
         6408  +|      0: 0d 00 00 00 03 0f be 00 0f ea 0f d4 0f be 00 00   ................
         6409  +|   4016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 03   ................
         6410  +|   4032: 05 00 17 17 17 61 20 62 20 63 67 20 68 20 69 67   .....a b cg h ig
         6411  +|   4048: 20 68 20 69 14 02 05 00 17 17 17 67 20 68 20 69    h i.......g h i
         6412  +|   4064: 61 20 62 20 63 67 20 68 20 69 14 01 05 00 17 17   a b cg h i......
         6413  +|   4080: 17 61 20 62 20 63 64 20 65 20 66 67 20 68 20 69   .a b cd e fg h i
         6414  +| page 10 offset 36864
         6415  +|      0: 0a 00 00 00 01 0f f4 00 0f f4 00 00 00 00 00 00   ................
         6416  +|   4080: 00 00 00 00 0b 03 1b 01 76 65 72 73 69 6f 6e 04   ........version.
         6417  +| end 4b6fc659283f2735616c.db
         6418  +}]} {}
         6419  +
         6420  +do_catchsql_test 47.1 {
         6421  +  SELECT snippet(t1, -1, '.', '..', '[', 50), 
         6422  +         highlight(t1, 2, '[', ']') FROM t1('g h') 
         6423  +  WHERE rank MATCH 'bm25(1.0, 1.0)' ORDER BY rank;
         6424  +} {1 {database disk image is malformed}}
  6270   6425   
  6271   6426   
  6272   6427   sqlite3_fts5_may_be_corrupt 0
  6273   6428   finish_test
  6274   6429