SQLite

Check-in [daef5869f4]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a problem in fts5 where a corrupt db could lead to a (huge) buffer overread. Cherrypick of [c9a30e117f].
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | branch-3.11-matchinfo
Files: files | file ages | folders
SHA1: daef5869f4d62ebb24eb03b79fe4be0812fa0496
User & Date: dan 2016-03-01 14:51:36.262
Context
2016-03-01
15:09
Merge branch-3.11-matchinfo into this branch. (check-in: 42358170b3 user: dan tags: branch-3.11)
14:51
Fix a problem in fts5 where a corrupt db could lead to a (huge) buffer overread. Cherrypick of [c9a30e117f]. (Closed-Leaf check-in: daef5869f4 user: dan tags: branch-3.11-matchinfo)
14:50
Fix an fts5 problem causing 'optimize' to corrupt the fts index under some circumstances. Cherrypick of [251d6473f7]. (check-in: 5b1b7ab5d6 user: dan tags: branch-3.11-matchinfo)
2016-02-29
17:34
Fix a problem in fts5 where a corrupt db could lead to a (huge) buffer overread. (check-in: c9a30e117f user: dan tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to ext/fts5/fts5_index.c. 
693
694
695
696
697
698
699

700
701
702
703
704
705
706

693
694
695
696
697
698
699
700
701
702
703
704
705
706
707








+








    p->rc = rc;
    p->nRead++;
  }

  assert( (pRet==0)==(p->rc!=SQLITE_OK) );
  return pRet;
}


/*
** Release a reference to data record returned by an earlier call to
** fts5DataRead().
*/
static void fts5DataRelease(Fts5Data *pData){
  sqlite3_free(pData);

2150
2151
2152
2153
2154
2155
2156




2157
2158
2159
2160
2161
2162
2163

2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168








+
+
+
+








  int bEndOfPage = 0;

  assert( p->rc==SQLITE_OK );

  iPgidx = szLeaf;
  iPgidx += fts5GetVarint32(&a[iPgidx], iTermOff);
  iOff = iTermOff;
  if( iOff>n ){
    p->rc = FTS5_CORRUPT;
    return;
  }

  while( 1 ){

    /* Figure out how many new bytes are in this term */
    fts5FastGetVarint32(a, iOff, nNew);
    if( nKeep<nMatch ){
      goto search_failed;