/ Check-in [fcfbee6c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread in fts5.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: fcfbee6c7d33a9ae7feb46044a0c2fe680460d39
User & Date: dan 2016-08-13 06:38:31
Context
2016-08-13
10:34
Fix an fts5 problem with corrupt database handling found by address-sanitizer. check-in: e22252e1 user: dan tags: trunk
06:38
Fix a buffer overread in fts5. check-in: fcfbee6c user: dan tags: trunk
2016-08-11
18:05
Add the "modeof=<filename>" URI parameter to os_unix.c - used to specify a file to copy permissions from when a new database is created. Also allow passing NULL as the second parameter to sqlite3rbu_vacuum(). check-in: ed406d31 user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_expr.c.

  1655   1655     if( rc==SQLITE_OK ){
  1656   1656       pNew->pRoot->pNear = (Fts5ExprNearset*)sqlite3Fts5MallocZero(&rc, 
  1657   1657           sizeof(Fts5ExprNearset) + sizeof(Fts5ExprPhrase*));
  1658   1658     }
  1659   1659     if( rc==SQLITE_OK ){
  1660   1660       Fts5Colset *pColsetOrig = pOrig->pNode->pNear->pColset;
  1661   1661       if( pColsetOrig ){
  1662         -      int nByte = sizeof(Fts5Colset) + pColsetOrig->nCol * sizeof(int);
         1662  +      int nByte = sizeof(Fts5Colset) + (pColsetOrig->nCol-1) * sizeof(int);
  1663   1663         Fts5Colset *pColset = (Fts5Colset*)sqlite3Fts5MallocZero(&rc, nByte);
  1664   1664         if( pColset ){ 
  1665   1665           memcpy(pColset, pColsetOrig, nByte);
  1666   1666         }
  1667   1667         pNew->pRoot->pNear->pColset = pColset;
  1668   1668       }
  1669   1669     }