/ Check-in [9e717c43]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a crash in the fts5vocab module caused by including a "term < NULL" term in a WHERE clause.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 9e717c4377c0116a5d36815fbc30f8b8803f14770d30be361feb27cc5b5b537b
User & Date: dan 2019-01-18 21:12:32
Context
2019-01-18
21:17
Fix a memory leak introduced by [55c5d72a]. check-in: fbd681dc user: dan tags: trunk
21:12
Fix a crash in the fts5vocab module caused by including a "term < NULL" term in a WHERE clause. check-in: 9e717c43 user: dan tags: trunk
21:03
Fix an infinite loop caused by a corrupt database in fts3. Also an undefined left-shift in fts5. check-in: 55c5d72a user: dan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_vocab.c.

556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
...
617
618
619
620
621
622
623

624
625
626
627
628
629
630
        if( rc==SQLITE_OK ){
          rc = sqlite3Fts5IterNextScan(pCsr->pIter);
        }
        if( pTab->eType==FTS5_VOCAB_INSTANCE ) break;

        if( rc==SQLITE_OK ){
          zTerm = sqlite3Fts5IterTerm(pCsr->pIter, &nTerm);
          assert_nc( nTerm>0 );
          if( nTerm!=pCsr->term.n 
          || (nTerm>0 && memcmp(zTerm, pCsr->term.p, nTerm)) 
          ){
            break;
          }
          if( sqlite3Fts5IterEof(pCsr->pIter) ) break;
        }
................................................................................
  }else{
    if( pGe ){
      zTerm = (const char *)sqlite3_value_text(pGe);
      nTerm = sqlite3_value_bytes(pGe);
    }
    if( pLe ){
      const char *zCopy = (const char *)sqlite3_value_text(pLe);

      pCsr->nLeTerm = sqlite3_value_bytes(pLe);
      pCsr->zLeTerm = sqlite3_malloc(pCsr->nLeTerm+1);
      if( pCsr->zLeTerm==0 ){
        rc = SQLITE_NOMEM;
      }else{
        memcpy(pCsr->zLeTerm, zCopy, pCsr->nLeTerm+1);
      }







<







 







>







556
557
558
559
560
561
562

563
564
565
566
567
568
569
...
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
        if( rc==SQLITE_OK ){
          rc = sqlite3Fts5IterNextScan(pCsr->pIter);
        }
        if( pTab->eType==FTS5_VOCAB_INSTANCE ) break;

        if( rc==SQLITE_OK ){
          zTerm = sqlite3Fts5IterTerm(pCsr->pIter, &nTerm);

          if( nTerm!=pCsr->term.n 
          || (nTerm>0 && memcmp(zTerm, pCsr->term.p, nTerm)) 
          ){
            break;
          }
          if( sqlite3Fts5IterEof(pCsr->pIter) ) break;
        }
................................................................................
  }else{
    if( pGe ){
      zTerm = (const char *)sqlite3_value_text(pGe);
      nTerm = sqlite3_value_bytes(pGe);
    }
    if( pLe ){
      const char *zCopy = (const char *)sqlite3_value_text(pLe);
      if( zCopy==0 ) zCopy = "";
      pCsr->nLeTerm = sqlite3_value_bytes(pLe);
      pCsr->zLeTerm = sqlite3_malloc(pCsr->nLeTerm+1);
      if( pCsr->zLeTerm==0 ){
        rc = SQLITE_NOMEM;
      }else{
        memcpy(pCsr->zLeTerm, zCopy, pCsr->nLeTerm+1);
      }

Changes to ext/fts5/test/fts5vocab.test.

518
519
520
521
522
523
524



















525
526
527
  db eval { SELECT rowid FROM ft('4') } x {
    db eval { SELECT * FROM t2 }
    lappend res $x(rowid)
  }
  db eval COMMIT
  set res
} {3 5 7}




















finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
  db eval { SELECT rowid FROM ft('4') } x {
    db eval { SELECT * FROM t2 }
    lappend res $x(rowid)
  }
  db eval COMMIT
  set res
} {3 5 7}

do_execsql_test 10.6.1 {
  SELECT * FROM t2 WHERE term<NULL;
}
do_execsql_test 10.6.2 {
  SELECT * FROM t2 WHERE term>NULL;
}
do_execsql_test 10.6.3 {
  SELECT * FROM t2 WHERE term=NULL;
}
do_execsql_test 10.7.1 {
  SELECT * FROM t2 WHERE term<?;
}
do_execsql_test 10.7.2 {
  SELECT * FROM t2 WHERE term>?;
}
do_execsql_test 10.7.3 {
  SELECT * FROM t2 WHERE term=?;
}

finish_test