SQLite

Check-in [b54aa18b]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | branch-3.18
Files: files | file ages | folders
SHA3-256: b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973
User & Date: dan 2019-09-03 19:40:52
Context
2019-09-03
19:40
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (Leaf check-in: b54aa18b user: dan tags: branch-3.18)
17:46
Disable the undocumented rtreenode() SQL function that is only used for testing, except when doing a build that is specifically intended for testing. (check-in: 0a1cce49 user: drh tags: branch-3.18)
2019-03-18
15:49
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. (check-in: b3fa58dd user: dan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_hash.c.

434
435
436
437
438
439
440

441

442
443
444
445
446
447
448
  ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
  if( !ap ) return SQLITE_NOMEM;
  memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);

  for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
    Fts5HashEntry *pIter;
    for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){

      if( pTerm==0 || 0==memcmp(pIter->zKey, pTerm, nTerm) ){

        Fts5HashEntry *pEntry = pIter;
        pEntry->pScanNext = 0;
        for(i=0; ap[i]; i++){
          pEntry = fts5HashEntryMerge(pEntry, ap[i]);
          ap[i] = 0;
        }
        ap[i] = pEntry;







>
|
>







434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
  ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
  if( !ap ) return SQLITE_NOMEM;
  memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);

  for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
    Fts5HashEntry *pIter;
    for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
      if( pTerm==0 
       || (strlen(pIter->zKey)>=nTerm && 0==memcmp(pIter->zKey, pTerm, nTerm))
      ){
        Fts5HashEntry *pEntry = pIter;
        pEntry->pScanNext = 0;
        for(i=0; ap[i]; i++){
          pEntry = fts5HashEntryMerge(pEntry, ap[i]);
          ap[i] = 0;
        }
        ap[i] = pEntry;

Changes to ext/fts5/test/fts5aa.test.

556
557
558
559
560
561
562













563
564
565
566
567
568
569
]
do_test 20.1 {
  foreach id $::ids {
    execsql { INSERT INTO tmp(rowid, x) VALUES($id, 'x y z') }
  }
  execsql { SELECT rowid FROM tmp WHERE tmp MATCH 'y' }
} $::ids














}


finish_test









>
>
>
>
>
>
>
>
>
>
>
>
>







556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
]
do_test 20.1 {
  foreach id $::ids {
    execsql { INSERT INTO tmp(rowid, x) VALUES($id, 'x y z') }
  }
  execsql { SELECT rowid FROM tmp WHERE tmp MATCH 'y' }
} $::ids

#-------------------------------------------------------------------------
do_execsql_test 25.0 {
  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
}
do_execsql_test 25.1 {
  BEGIN;
  INSERT INTO t13 VALUES('AAAA');
  SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');

  END;
}


}


finish_test