/ Check-in [9e717c43]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a crash in the fts5vocab module caused by including a "term < NULL" term in a WHERE clause.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 9e717c4377c0116a5d36815fbc30f8b8803f14770d30be361feb27cc5b5b537b
User & Date: dan 2019-01-18 21:12:32
Context
2019-01-18
21:17
Fix a memory leak introduced by [55c5d72a]. check-in: fbd681dc user: dan tags: trunk
21:12
Fix a crash in the fts5vocab module caused by including a "term < NULL" term in a WHERE clause. check-in: 9e717c43 user: dan tags: trunk
21:03
Fix an infinite loop caused by a corrupt database in fts3. Also an undefined left-shift in fts5. check-in: 55c5d72a user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_vocab.c.

   556    556           if( rc==SQLITE_OK ){
   557    557             rc = sqlite3Fts5IterNextScan(pCsr->pIter);
   558    558           }
   559    559           if( pTab->eType==FTS5_VOCAB_INSTANCE ) break;
   560    560   
   561    561           if( rc==SQLITE_OK ){
   562    562             zTerm = sqlite3Fts5IterTerm(pCsr->pIter, &nTerm);
   563         -          assert_nc( nTerm>0 );
   564    563             if( nTerm!=pCsr->term.n 
   565    564             || (nTerm>0 && memcmp(zTerm, pCsr->term.p, nTerm)) 
   566    565             ){
   567    566               break;
   568    567             }
   569    568             if( sqlite3Fts5IterEof(pCsr->pIter) ) break;
   570    569           }
................................................................................
   617    616     }else{
   618    617       if( pGe ){
   619    618         zTerm = (const char *)sqlite3_value_text(pGe);
   620    619         nTerm = sqlite3_value_bytes(pGe);
   621    620       }
   622    621       if( pLe ){
   623    622         const char *zCopy = (const char *)sqlite3_value_text(pLe);
          623  +      if( zCopy==0 ) zCopy = "";
   624    624         pCsr->nLeTerm = sqlite3_value_bytes(pLe);
   625    625         pCsr->zLeTerm = sqlite3_malloc(pCsr->nLeTerm+1);
   626    626         if( pCsr->zLeTerm==0 ){
   627    627           rc = SQLITE_NOMEM;
   628    628         }else{
   629    629           memcpy(pCsr->zLeTerm, zCopy, pCsr->nLeTerm+1);
   630    630         }

Changes to ext/fts5/test/fts5vocab.test.

   518    518     db eval { SELECT rowid FROM ft('4') } x {
   519    519       db eval { SELECT * FROM t2 }
   520    520       lappend res $x(rowid)
   521    521     }
   522    522     db eval COMMIT
   523    523     set res
   524    524   } {3 5 7}
          525  +
          526  +do_execsql_test 10.6.1 {
          527  +  SELECT * FROM t2 WHERE term<NULL;
          528  +}
          529  +do_execsql_test 10.6.2 {
          530  +  SELECT * FROM t2 WHERE term>NULL;
          531  +}
          532  +do_execsql_test 10.6.3 {
          533  +  SELECT * FROM t2 WHERE term=NULL;
          534  +}
          535  +do_execsql_test 10.7.1 {
          536  +  SELECT * FROM t2 WHERE term<?;
          537  +}
          538  +do_execsql_test 10.7.2 {
          539  +  SELECT * FROM t2 WHERE term>?;
          540  +}
          541  +do_execsql_test 10.7.3 {
          542  +  SELECT * FROM t2 WHERE term=?;
          543  +}
   525    544   
   526    545   finish_test
   527    546