SQLite

Check-in [68b89838]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | branch-3.22
Files: files | file ages | folders
SHA3-256: 68b898381ac2942965a3dbd416a45ddf813d6df7ea160f500ae4978e44a3a050
User & Date: drh 2019-09-03 18:36:11
Context
2020-01-17
14:18
Import all FTS3/4 enhancements and fixes that exist on the latest trunk (3.31.0-beta) that do not require extensive change to the SQLite core into the 3.22 branch. Basically, the 3.31.0 FTS3 sources are copied into 3.22.0, with minor changes to work around core enhancements that are not available in 3.22.0. (Leaf check-in: cbcbb1e5 user: drh tags: branch-3.22)
2019-09-03
18:36
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (check-in: 68b89838 user: drh tags: branch-3.22)
18:04
Disable the undocumented rtreenode() SQL function that is only used for testing, except when doing a build that is specifically intended for testing. (check-in: 8452fd54 user: drh tags: branch-3.22)
2019-03-18
15:49
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (check-in: b3fa58dd user: dan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_hash.c. 

441
442
443
444
445
446
447

448

449
450
451
452
453
454
455

  ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
  if( !ap ) return SQLITE_NOMEM;
  memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);

  for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
    Fts5HashEntry *pIter;
    for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){

      if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){

        Fts5HashEntry *pEntry = pIter;
        pEntry->pScanNext = 0;
        for(i=0; ap[i]; i++){
          pEntry = fts5HashEntryMerge(pEntry, ap[i]);
          ap[i] = 0;
        }
        ap[i] = pEntry;








>
|
>








441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457

  ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
  if( !ap ) return SQLITE_NOMEM;
  memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);

  for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
    Fts5HashEntry *pIter;
    for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
      if( pTerm==0 
       || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm))
      ){
        Fts5HashEntry *pEntry = pIter;
        pEntry->pScanNext = 0;
        for(i=0; ap[i]; i++){
          pEntry = fts5HashEntryMerge(pEntry, ap[i]);
          ap[i] = 0;
        }
        ap[i] = pEntry;

Changes to ext/fts5/test/fts5aa.test. 

587
588
589
590
591
592
593
594



595









596
597

  COMMIT;
}

do_execsql_test 22.1 {
  SELECT rowid FROM t9('a*')
} {1}

}














finish_test








|
>
>
>
|
>
>
>
>
>
>
>
>
>



587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609

  COMMIT;
}

do_execsql_test 22.1 {
  SELECT rowid FROM t9('a*')
} {1}


#-------------------------------------------------------------------------
do_execsql_test 25.0 {
  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
}
do_execsql_test 25.1 {
  BEGIN;
  INSERT INTO t13 VALUES('AAAA');
SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');

  END;
}

}

finish_test