/ Check-in [df04859a]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not assume that text parameters passed to fts4aux queries do not contain embedded nul characters.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: df04859a995571cd6faf1abe088725708f35e81195760274df9e2ec9bd47f69f
User & Date: dan 2019-01-28 13:27:25
Context
2019-01-28
16:50
Fix a buffer overread in fts3 that could occur when accessing a corrupt database. check-in: a9faf903 user: dan tags: trunk
13:27
Do not assume that text parameters passed to fts4aux queries do not contain embedded nul characters. check-in: df04859a user: dan tags: trunk
11:54
Add a new test case to fuzzdata8.db. check-in: ce8e279a user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts3/fts3_aux.c.

   412    412     if( isScan ) pCsr->filter.flags |= FTS3_SEGMENT_SCAN;
   413    413   
   414    414     if( iEq>=0 || iGe>=0 ){
   415    415       const unsigned char *zStr = sqlite3_value_text(apVal[0]);
   416    416       assert( (iEq==0 && iGe==-1) || (iEq==-1 && iGe==0) );
   417    417       if( zStr ){
   418    418         pCsr->filter.zTerm = sqlite3_mprintf("%s", zStr);
   419         -      pCsr->filter.nTerm = sqlite3_value_bytes(apVal[0]);
   420    419         if( pCsr->filter.zTerm==0 ) return SQLITE_NOMEM;
          420  +      pCsr->filter.nTerm = strlen(pCsr->filter.zTerm);
   421    421       }
   422    422     }
   423    423   
   424    424     if( iLe>=0 ){
   425    425       pCsr->zStop = sqlite3_mprintf("%s", sqlite3_value_text(apVal[iLe]));
   426         -    pCsr->nStop = sqlite3_value_bytes(apVal[iLe]);
   427    426       if( pCsr->zStop==0 ) return SQLITE_NOMEM;
          427  +    pCsr->nStop = strlen(pCsr->zStop);
   428    428     }
   429    429     
   430    430     if( iLangid>=0 ){
   431    431       iLangVal = sqlite3_value_int(apVal[iLangid]);
   432    432   
   433    433       /* If the user specified a negative value for the languageid, use zero
   434    434       ** instead. This works, as the "languageid=?" constraint will also

Changes to test/fts3aux2.test.

   136    136   do_execsql_test 1.4.6 {
   137    137     SELECT term, col, documents, occurrences, languageid 
   138    138     FROM terms WHERE term>='e' AND term<'seven' AND languageid=2
   139    139   } {
   140    140     eight * 1 1 2    eight 1 1 1 2 
   141    141     five * 1 1 2     five 0 1 1 2 
   142    142   }
          143  +
          144  +#-------------------------------------------------------------------------
          145  +do_execsql_test 2.0 {
          146  +  CREATE VIRTUAL TABLE ft USING fts3();
          147  +  INSERT INTO ft VALUES('a_234567890123456789');
          148  +  INSERT INTO ft VALUES('b_234567890123456789');
          149  +  INSERT INTO ft VALUES('c_234567890123456789');
          150  +  CREATE VIRTUAL TABLE t2 USING fts4aux(ft);
          151  +}
          152  +
          153  +do_execsql_test 2.1 {
          154  +  SELECT term FROM t2 WHERE term=X'625f323334353637383930313233343536373839';
          155  +}
          156  +
          157  +do_execsql_test 2.2 {
          158  +  SELECT term FROM t2 WHERE term<X'625f003334353637383930313233343536373839';
          159  +} {
          160  +  234567890123456789 234567890123456789 a a b b
          161  +}
          162  +
          163  +do_execsql_test 2.3 {
          164  +  SELECT term FROM t2 WHERE term=X'625f003334353637383930313233343536373839';
          165  +}
          166  +
   143    167   
   144    168   finish_test