/ Check-in [b3fa58dd]
Login
Home Timeline Branches

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: b3fa58dd7403dbd4d2e9f3ae23d7d1337830d6fef2aa2f137ac5174de0d5828e
User & Date: dan 2019-03-18 15:49:07
Context
2019-09-03
19:40
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (Leaf check-in: b54aa18b user: dan tags: branch-3.18)
19:29
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (Leaf check-in: b584fd36 user: dan tags: branch-3.9)
18:43
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (Leaf check-in: 0770363b user: drh tags: branch-3.19)
18:36
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (check-in: 68b89838 user: drh tags: branch-3.22)
2019-03-19
09:57
Add a LICENSE.md, containing the text of the blessing. (check-in: cbb7e602 user: drh tags: trunk)
2019-03-18
15:49
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (check-in: b3fa58dd user: dan tags: trunk)
15:23
Fix an fts5 problem with interleaving reads and writes in a single transaction. (check-in: 45c73deb user: dan tags: trunk)
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_hash.c. 

   452    452     ap = sqlite3_malloc64(sizeof(Fts5HashEntry*) * nMergeSlot);
   453    453     if( !ap ) return SQLITE_NOMEM;
   454    454     memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);
   455    455   
   456    456     for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
   457    457       Fts5HashEntry *pIter;
   458    458       for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
   459         -      if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){
          459  +      if( pTerm==0 
          460  +       || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm))
          461  +      ){
   460    462           Fts5HashEntry *pEntry = pIter;
   461    463           pEntry->pScanNext = 0;
   462    464           for(i=0; ap[i]; i++){
   463    465             pEntry = fts5HashEntryMerge(pEntry, ap[i]);
   464    466             ap[i] = 0;
   465    467           }
   466    468           ap[i] = pEntry;

Changes to ext/fts5/test/fts5aa.test. 

   617    617   }
   618    618   do_execsql_test 24.2 {
   619    619     INSERT INTO t12(t12) VALUES('integrity-check');
   620    620   }
   621    621   do_execsql_test 24.3 {
   622    622       SELECT * FROM t12('aaaa');
   623    623   } {aaaa}
          624  +
          625  +#-------------------------------------------------------------------------
          626  +do_execsql_test 25.0 {
          627  +  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
          628  +}
          629  +do_execsql_test 25.1 {
          630  +  BEGIN;
          631  +  INSERT INTO t13 VALUES('AAAA');
          632  +SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');
          633  +
          634  +  END;
          635  +}
          636  +
   624    637   
   625    638   }
   626    639   
   627    640   expand_all_sql db
   628    641   finish_test

This page was generated in about 0.006s by Fossil 2.12 [018db17c54] 2020-05-29 17:57:16