/ Check-in [b74e5f3f]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improved detection of shadow table corruption in the fts5_decode() SQL function.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: b74e5f3f3057ee7a98ebcb14ca0751048eacbec8fca3e11e241883029a57ecdf
User & Date: drh 2019-01-12 00:45:20
Context
2019-01-12
14:58
Fix a problem with corrupt database handling in the fts3 matchinfo() function. check-in: 703646b1 user: dan tags: trunk
00:45
Improved detection of shadow table corruption in the fts5_decode() SQL function. check-in: b74e5f3f user: drh tags: trunk
00:12
Improved shadow table corruption detection in the matchinfo() function of FTS3. check-in: 567be3bb user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_index.c.

  6394   6394       if( iRowidOff!=0 ){
  6395   6395         iOff = iRowidOff;
  6396   6396       }else if( iTermOff!=0 ){
  6397   6397         iOff = iTermOff;
  6398   6398       }else{
  6399   6399         iOff = szLeaf;
  6400   6400       }
         6401  +    if( iOff>n ){
         6402  +      rc = FTS5_CORRUPT;
         6403  +      goto decode_out;
         6404  +    }
  6401   6405       fts5DecodePoslist(&rc, &s, &a[4], iOff-4);
  6402   6406   
  6403   6407       /* Decode any more doclist data that appears on the page before the
  6404   6408       ** first term. */
  6405   6409       nDoclist = (iTermOff ? iTermOff : szLeaf) - iOff;
  6406   6410       fts5DecodeDoclist(&rc, &s, &a[iOff], nDoclist);
  6407   6411   
................................................................................
  6430   6434           if( nByte>term.n ){
  6431   6435             rc = FTS5_CORRUPT;
  6432   6436             break;
  6433   6437           }
  6434   6438           term.n = nByte;
  6435   6439         }
  6436   6440         iOff += fts5GetVarint32(&a[iOff], nByte);
         6441  +      if( iOff+nByte>n ){
         6442  +        rc = FTS5_CORRUPT;
         6443  +        break;
         6444  +      }
  6437   6445         fts5BufferAppendBlob(&rc, &term, nByte, &a[iOff]);
  6438   6446         iOff += nByte;
  6439   6447   
  6440   6448         sqlite3Fts5BufferAppendPrintf(
  6441   6449             &rc, &s, " term=%.*s", term.n, (const char*)term.p
  6442   6450         );
  6443   6451         iOff += fts5DecodeDoclist(&rc, &s, &a[iOff], iEnd-iOff);