SQLite

Check-in [9e717c4377]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a crash in the fts5vocab module caused by including a "term < NULL" term in a WHERE clause.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 9e717c4377c0116a5d36815fbc30f8b8803f14770d30be361feb27cc5b5b537b
User & Date: dan 2019-01-18 21:12:32.602
Context
2019-01-18
21:17
Fix a memory leak introduced by [55c5d72a]. (check-in: fbd681dce2 user: dan tags: trunk)
21:12
Fix a crash in the fts5vocab module caused by including a "term < NULL" term in a WHERE clause. (check-in: 9e717c4377 user: dan tags: trunk)
21:03
Fix an infinite loop caused by a corrupt database in fts3. Also an undefined left-shift in fts5. (check-in: 55c5d72af9 user: dan tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to ext/fts5/fts5_vocab.c. 
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570

        if( rc==SQLITE_OK ){
          rc = sqlite3Fts5IterNextScan(pCsr->pIter);
        }
        if( pTab->eType==FTS5_VOCAB_INSTANCE ) break;

        if( rc==SQLITE_OK ){
          zTerm = sqlite3Fts5IterTerm(pCsr->pIter, &nTerm);
          assert_nc( nTerm>0 );
          if( nTerm!=pCsr->term.n 
          || (nTerm>0 && memcmp(zTerm, pCsr->term.p, nTerm)) 
          ){
            break;
          }
          if( sqlite3Fts5IterEof(pCsr->pIter) ) break;
        }








<








556
557
558
559
560
561
562

563
564
565
566
567
568
569

        if( rc==SQLITE_OK ){
          rc = sqlite3Fts5IterNextScan(pCsr->pIter);
        }
        if( pTab->eType==FTS5_VOCAB_INSTANCE ) break;

        if( rc==SQLITE_OK ){
          zTerm = sqlite3Fts5IterTerm(pCsr->pIter, &nTerm);

          if( nTerm!=pCsr->term.n 
          || (nTerm>0 && memcmp(zTerm, pCsr->term.p, nTerm)) 
          ){
            break;
          }
          if( sqlite3Fts5IterEof(pCsr->pIter) ) break;
        }

617
618
619
620
621
622
623

624
625
626
627
628
629
630

  }else{
    if( pGe ){
      zTerm = (const char *)sqlite3_value_text(pGe);
      nTerm = sqlite3_value_bytes(pGe);
    }
    if( pLe ){
      const char *zCopy = (const char *)sqlite3_value_text(pLe);

      pCsr->nLeTerm = sqlite3_value_bytes(pLe);
      pCsr->zLeTerm = sqlite3_malloc(pCsr->nLeTerm+1);
      if( pCsr->zLeTerm==0 ){
        rc = SQLITE_NOMEM;
      }else{
        memcpy(pCsr->zLeTerm, zCopy, pCsr->nLeTerm+1);
      }








>








616
617
618
619
620
621
622
623
624
625
626
627
628
629
630

  }else{
    if( pGe ){
      zTerm = (const char *)sqlite3_value_text(pGe);
      nTerm = sqlite3_value_bytes(pGe);
    }
    if( pLe ){
      const char *zCopy = (const char *)sqlite3_value_text(pLe);
      if( zCopy==0 ) zCopy = "";
      pCsr->nLeTerm = sqlite3_value_bytes(pLe);
      pCsr->zLeTerm = sqlite3_malloc(pCsr->nLeTerm+1);
      if( pCsr->zLeTerm==0 ){
        rc = SQLITE_NOMEM;
      }else{
        memcpy(pCsr->zLeTerm, zCopy, pCsr->nLeTerm+1);
      }
Changes to ext/fts5/test/fts5vocab.test. 
518
519
520
521
522
523
524



















525
526
527

  db eval { SELECT rowid FROM ft('4') } x {
    db eval { SELECT * FROM t2 }
    lappend res $x(rowid)
  }
  db eval COMMIT
  set res
} {3 5 7}




















finish_test









>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546

  db eval { SELECT rowid FROM ft('4') } x {
    db eval { SELECT * FROM t2 }
    lappend res $x(rowid)
  }
  db eval COMMIT
  set res
} {3 5 7}

do_execsql_test 10.6.1 {
  SELECT * FROM t2 WHERE term<NULL;
}
do_execsql_test 10.6.2 {
  SELECT * FROM t2 WHERE term>NULL;
}
do_execsql_test 10.6.3 {
  SELECT * FROM t2 WHERE term=NULL;
}
do_execsql_test 10.7.1 {
  SELECT * FROM t2 WHERE term<?;
}
do_execsql_test 10.7.2 {
  SELECT * FROM t2 WHERE term>?;
}
do_execsql_test 10.7.3 {
  SELECT * FROM t2 WHERE term=?;
}

finish_test