/ Check-in [b54aa18b]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | branch-3.18
Files: files | file ages | folders
SHA3-256: b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973
User & Date: dan 2019-09-03 19:40:52
Context
2019-09-03
19:40
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. Leaf check-in: b54aa18b user: dan tags: branch-3.18
17:46
Disable the undocumented rtreenode() SQL function that is only used for testing, except when doing a build that is specifically intended for testing. check-in: 0a1cce49 user: drh tags: branch-3.18
2019-03-18
15:49
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. check-in: b3fa58dd user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_hash.c.

   434    434     ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
   435    435     if( !ap ) return SQLITE_NOMEM;
   436    436     memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);
   437    437   
   438    438     for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
   439    439       Fts5HashEntry *pIter;
   440    440       for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
   441         -      if( pTerm==0 || 0==memcmp(pIter->zKey, pTerm, nTerm) ){
          441  +      if( pTerm==0 
          442  +       || (strlen(pIter->zKey)>=nTerm && 0==memcmp(pIter->zKey, pTerm, nTerm))
          443  +      ){
   442    444           Fts5HashEntry *pEntry = pIter;
   443    445           pEntry->pScanNext = 0;
   444    446           for(i=0; ap[i]; i++){
   445    447             pEntry = fts5HashEntryMerge(pEntry, ap[i]);
   446    448             ap[i] = 0;
   447    449           }
   448    450           ap[i] = pEntry;

Changes to ext/fts5/test/fts5aa.test.

   556    556   ]
   557    557   do_test 20.1 {
   558    558     foreach id $::ids {
   559    559       execsql { INSERT INTO tmp(rowid, x) VALUES($id, 'x y z') }
   560    560     }
   561    561     execsql { SELECT rowid FROM tmp WHERE tmp MATCH 'y' }
   562    562   } $::ids
          563  +
          564  +#-------------------------------------------------------------------------
          565  +do_execsql_test 25.0 {
          566  +  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
          567  +}
          568  +do_execsql_test 25.1 {
          569  +  BEGIN;
          570  +  INSERT INTO t13 VALUES('AAAA');
          571  +  SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');
          572  +
          573  +  END;
          574  +}
          575  +
   563    576   
   564    577   }
   565    578   
   566    579   
   567    580   finish_test
   568    581   
   569    582