Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a buffer overwrite in fts5 that could occur when processing a prefix query. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
92fc146bc2b781e7e2d7138b00e5ea64 |
| User & Date: | dan 2017-12-11 17:20:37.958 |
Context
|
2017-12-13
| ||
| 10:11 | Minor enhancement to two assert() statements in the default VFSes. (check-in: 9cede8a83c user: drh tags: trunk) | |
|
2017-12-11
| ||
| 17:20 | Fix a buffer overwrite in fts5 that could occur when processing a prefix query. (check-in: 92fc146bc2 user: dan tags: trunk) | |
|
2017-12-09
| ||
| 01:02 | Fix a harmless API signature mismatch in the unix VFS. (check-in: bab9de7fdd user: drh tags: trunk) | |
Changes
Changes to ext/fts5/fts5_index.c.
| ︙ | ︙ | |||
4905 4906 4907 4908 4909 4910 4911 |
if( p2->n ){
i64 iLastRowid = 0;
Fts5DoclistIter i1;
Fts5DoclistIter i2;
Fts5Buffer out = {0, 0, 0};
Fts5Buffer tmp = {0, 0, 0};
| > > > > > > | | 4905 4906 4907 4908 4909 4910 4911 4912 4913 4914 4915 4916 4917 4918 4919 4920 4921 4922 4923 4924 4925 |
if( p2->n ){
i64 iLastRowid = 0;
Fts5DoclistIter i1;
Fts5DoclistIter i2;
Fts5Buffer out = {0, 0, 0};
Fts5Buffer tmp = {0, 0, 0};
/* The maximum size of the output is equal to the sum of the two
** input sizes + 1 varint (9 bytes). The extra varint is because if the
** first rowid in one input is a large negative number, and the first in
** the other a non-negative number, the delta for the non-negative
** number will be larger on disk than the literal integer value
** was. */
if( sqlite3Fts5BufferSize(&p->rc, &out, p1->n + p2->n + 9) ) return;
fts5DoclistIterInit(p1, &i1);
fts5DoclistIterInit(p2, &i2);
while( 1 ){
if( i1.iRowid<i2.iRowid ){
/* Copy entry from i1 */
fts5MergeAppendDocid(&out, iLastRowid, i1.iRowid);
|
| ︙ | ︙ | |||
4999 5000 5001 5002 5003 5004 5005 5006 5007 5008 5009 5010 5011 5012 |
fts5MergeAppendDocid(&out, iLastRowid, i1.iRowid);
fts5BufferSafeAppendBlob(&out, i1.aPoslist, i1.aEof - i1.aPoslist);
}
else if( i2.aPoslist ){
fts5MergeAppendDocid(&out, iLastRowid, i2.iRowid);
fts5BufferSafeAppendBlob(&out, i2.aPoslist, i2.aEof - i2.aPoslist);
}
fts5BufferSet(&p->rc, p1, out.n, out.p);
fts5BufferFree(&tmp);
fts5BufferFree(&out);
}
}
| > | 5005 5006 5007 5008 5009 5010 5011 5012 5013 5014 5015 5016 5017 5018 5019 |
fts5MergeAppendDocid(&out, iLastRowid, i1.iRowid);
fts5BufferSafeAppendBlob(&out, i1.aPoslist, i1.aEof - i1.aPoslist);
}
else if( i2.aPoslist ){
fts5MergeAppendDocid(&out, iLastRowid, i2.iRowid);
fts5BufferSafeAppendBlob(&out, i2.aPoslist, i2.aEof - i2.aPoslist);
}
assert( out.n<=(p1->n+p2->n+9) );
fts5BufferSet(&p->rc, p1, out.n, out.p);
fts5BufferFree(&tmp);
fts5BufferFree(&out);
}
}
|
| ︙ | ︙ |
Changes to ext/fts5/test/fts5query.test.
| ︙ | ︙ | |||
60 61 62 63 64 65 66 |
foreach x [list bbb ddd fff hhh jjj lll nnn ppp rrr ttt] {
set doc [string repeat "$x " 30]
execsql { INSERT INTO t1 VALUES($doc) }
}
execsql COMMIT
} {}
| | > > > > > > > > > > | 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
foreach x [list bbb ddd fff hhh jjj lll nnn ppp rrr ttt] {
set doc [string repeat "$x " 30]
execsql { INSERT INTO t1 VALUES($doc) }
}
execsql COMMIT
} {}
do_execsql_test 2.$tn.2 {
INSERT INTO t1(t1) VALUES('integrity-check');
}
set ret 1
foreach x [list a c e g i k m o q s u] {
do_execsql_test 2.$tn.3.$ret {
SELECT rowid FROM t1 WHERE t1 MATCH $x || '*';
} {}
incr ret
}
}
reset_db
do_execsql_test 3.0 {
CREATE VIRTUAL TABLE x1 USING fts5(a);
INSERT INTO x1(rowid, a) VALUES(-1000000000000, 'toyota');
INSERT INTO x1(rowid, a) VALUES(1, 'tarago');
}
do_execsql_test 3.1 {
SELECT rowid FROM x1('t*');
} {-1000000000000 1}
finish_test
|