Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix the fts3DecodeIntArray() function so that it will not read off the end of the buffer it is handed. Any unread integers are set to zero. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
666cf8f6b39ae1f72e82b45e9cacba23 |
| User & Date: | drh 2019-01-10 01:12:43 |
Context
|
2019-01-10
| ||
| 13:56 | Use the new SQLITE_IDXTYPE_IPK values (3) on Index.idxType to indicate the fake INTEGER PRIMARY KEY index used during query planning. check-in: e22d2f90 user: drh tags: trunk | |
| 01:12 | Fix the fts3DecodeIntArray() function so that it will not read off the end of the buffer it is handed. Any unread integers are set to zero. check-in: 666cf8f6 user: drh tags: trunk | |
|
2019-01-09
| ||
| 21:12 | Fix an out-of-bounds read in SQL function fts5_decode() that could occur if it was passed a corrupt record. check-in: 931278b2 user: dan tags: trunk | |
Changes
Changes to ext/fts3/fts3_write.c.
3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 |
*/
static void fts3DecodeIntArray(
int N, /* The number of integers to decode */
u32 *a, /* Write the integer values */
const char *zBuf, /* The BLOB containing the varints */
int nBuf /* size of the BLOB */
){
int i, j;
UNUSED_PARAMETER(nBuf);
for(i=j=0; i<N; i++){
sqlite3_int64 x;
j += sqlite3Fts3GetVarint(&zBuf[j], &x);
assert(j<=nBuf);
a[i] = (u32)(x & 0xffffffff);
}
}
/*
** Insert the sizes (in tokens) for each column of the document
** with docid equal to p->iPrevDocid. The sizes are encoded as
** a blob of varints.
*/
|
| | > | | | < | | > > |
3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 |
*/
static void fts3DecodeIntArray(
int N, /* The number of integers to decode */
u32 *a, /* Write the integer values */
const char *zBuf, /* The BLOB containing the varints */
int nBuf /* size of the BLOB */
){
int i = 0;
if( nBuf && (zBuf[nBuf-1]&0x80)==0 ){
int j;
for(i=j=0; i<N && j<nBuf; i++){
sqlite3_int64 x;
j += sqlite3Fts3GetVarint(&zBuf[j], &x);
a[i] = (u32)(x & 0xffffffff);
}
}
while( i<N ) a[i++] = 0;
}
/*
** Insert the sizes (in tokens) for each column of the document
** with docid equal to p->iPrevDocid. The sizes are encoded as
** a blob of varints.
*/
|