/ Check-in [b584fd36]
Login
Home Timeline Branches Tags Tickets Wiki More...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | branch-3.9
Files: files | file ages | folders
SHA3-256: b584fd36f787e6d7926dd54ce7e2cfcfe6616030e4e05f42a5725173e8a8a680
User & Date: dan 2019-09-03 19:29:38
Context
2019-09-03
19:29
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. Leaf check-in: b584fd36 user: dan tags: branch-3.9
17:39
Disable the undocumented rtreenode() SQL function that is only used for testing, except when doing a build that is specifically intended for testing. check-in: 7b4583f9 user: drh tags: branch-3.9
2019-03-18
15:49
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. check-in: b3fa58dd user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_hash.c. 

   379    379     ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
   380    380     if( !ap ) return SQLITE_NOMEM;
   381    381     memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);
   382    382   
   383    383     for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
   384    384       Fts5HashEntry *pIter;
   385    385       for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
   386         -      if( pTerm==0 || 0==memcmp(pIter->zKey, pTerm, nTerm) ){
          386  +      if( pTerm==0
          387  +       || (strlen(pIter->zKey)>=nTerm && 0==memcmp(pIter->zKey, pTerm, nTerm))
          388  +      ){
   387    389           Fts5HashEntry *pEntry = pIter;
   388    390           pEntry->pScanNext = 0;
   389    391           for(i=0; ap[i]; i++){
   390    392             pEntry = fts5HashEntryMerge(pEntry, ap[i]);
   391    393             ap[i] = 0;
   392    394           }
   393    395           ap[i] = pEntry;

Changes to ext/fts5/test/fts5aa.test. 

   529    529   ]
   530    530   do_test 20.1 {
   531    531     foreach id $::ids {
   532    532       execsql { INSERT INTO tmp(rowid, x) VALUES($id, 'x y z') }
   533    533     }
   534    534     execsql { SELECT rowid FROM tmp WHERE tmp MATCH 'y' }
   535    535   } $::ids
          536  +
          537  +#-------------------------------------------------------------------------
          538  +do_execsql_test 25.0 {
          539  +  CREATE VIRTUAL TABLE t13 USING fts5(x);
          540  +}
          541  +do_execsql_test 25.1 {
          542  +  BEGIN;
          543  +  INSERT INTO t13 VALUES('AAAA');
          544  +  SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');
          545  +
          546  +  END;
          547  +}
   536    548   
   537    549   
   538    550   
   539    551   finish_test
   540    552   
   541    553

This page was generated in about 0.006s by Fossil 2.11 [a92d5a514d] 2019-10-23 00:46:53