/ Check-in [0770363b]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | branch-3.19
Files: files | file ages | folders
SHA3-256: 0770363b30382af76e87009192f3b59b8b089e2e2ad3dfac3392f52e78633a3b
User & Date: drh 2019-09-03 18:43:33
Context
2019-09-03
18:43
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. Leaf check-in: 0770363b user: drh tags: branch-3.19
17:55
Disable the undocumented rtreenode() SQL function that is only used for testing, except when doing a build that is specifically intended for testing. check-in: 34cd2d92 user: drh tags: branch-3.19
2019-03-18
15:49
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. check-in: b3fa58dd user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_hash.c.

   440    440     ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
   441    441     if( !ap ) return SQLITE_NOMEM;
   442    442     memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);
   443    443   
   444    444     for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
   445    445       Fts5HashEntry *pIter;
   446    446       for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
   447         -      if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){
          447  +      if( pTerm==0 
          448  +       || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm))
          449  +      ){
   448    450           Fts5HashEntry *pEntry = pIter;
   449    451           pEntry->pScanNext = 0;
   450    452           for(i=0; ap[i]; i++){
   451    453             pEntry = fts5HashEntryMerge(pEntry, ap[i]);
   452    454             ap[i] = 0;
   453    455           }
   454    456           ap[i] = pEntry;

Changes to ext/fts5/test/fts5aa.test.

   587    587     COMMIT;
   588    588   }
   589    589   
   590    590   do_execsql_test 22.1 {
   591    591     SELECT rowid FROM t9('a*')
   592    592   } {1}
   593    593   
          594  +
          595  +do_execsql_test 25.0 {
          596  +  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
          597  +}
          598  +do_execsql_test 25.1 {
          599  +  BEGIN;
          600  +  INSERT INTO t13 VALUES('AAAA');
          601  +SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');
          602  +
          603  +  END;
   594    604   }
   595    605   
          606  +}
   596    607   
   597    608   finish_test
   598         -
   599         -