SQLite

Check-in [271993803c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Change the way a comparison used to detect corrupt databases in fts3 is done to avoid potential pointer overflow in 32-bit builds. Cherrypick of [95a9a39ff7].
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | branch-3.22
Files: files | file ages | folders
SHA3-256: 271993803cc99305642e9809cbe81cbefd944f4c42fc0de370e52eb69103dcdd
User & Date: dan 2018-12-24 13:39:13.977
References
2018-12-26
14:23
Fix a problem with corrupt fts3 database detection introduced by [27199380]. (check-in: ceeb4fba84 user: dan tags: branch-3.22)
Context
2018-12-26
11:39
Avoid a left-shift of a negative value (undefined behaviour) when dealing with a corrupt database in fts3. Cherrypick of [b851d12474]. (check-in: 2fa63a8be6 user: dan tags: branch-3.22)
2018-12-24
13:39
Change the way a comparison used to detect corrupt databases in fts3 is done to avoid potential pointer overflow in 32-bit builds. Cherrypick of [95a9a39ff7]. (check-in: 271993803c user: dan tags: branch-3.22)
13:34
Change the way a comparison used to detect corrupt databases in fts3 is done to avoid potential pointer overflow in 32-bit builds. (check-in: 95a9a39ff7 user: dan tags: trunk)
2018-12-19
01:30
Add extra defenses against strategically corrupt databases to fts3/4. (check-in: c255889bd9 user: drh tags: branch-3.22)
Changes
Unified Diff Ignore Whitespace Patch
Changes to ext/fts3/fts3_write.c. 
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418

  pReader->aDoclist = pNext;
  pReader->pOffsetList = 0;

  /* Check that the doclist does not appear to extend past the end of the
  ** b-tree node. And that the final byte of the doclist is 0x00. If either 
  ** of these statements is untrue, then the data structure is corrupt.
  */
  if( (&pReader->aNode[pReader->nNode] - pReader->aDoclist)<pReader->nDoclist
   || (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1])
  ){
    return FTS_CORRUPT_VTAB;
  }
  return SQLITE_OK;
}









|








1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418

  pReader->aDoclist = pNext;
  pReader->pOffsetList = 0;

  /* Check that the doclist does not appear to extend past the end of the
  ** b-tree node. And that the final byte of the doclist is 0x00. If either 
  ** of these statements is untrue, then the data structure is corrupt.
  */
  if( pReader->nDoclist-(pReader->aDoclist-pReader->aNode) > pReader->nNode
   || (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1])
  ){
    return FTS_CORRUPT_VTAB;
  }
  return SQLITE_OK;
}