/ Check-in [1abb83d2]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:In FTS3, avoid calling memcpy() with a NULL source pointer, even if the transfer amount is zero bytes.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 1abb83d29a06308c96bea379311b390240347c5f81824749348d18ad75840c96
User & Date: drh 2018-12-21 18:51:27
Context
2018-12-21
20:18
Add new sqlite3_prepare_v3() flag SQLITE_PREPARE_NO_VTAB, for preparing statements that are not allowed to use any virtual tables. Use this to prevent circular references in triggers on virtual table shadow tables from causing resource leaks. check-in: da587d18 user: dan tags: trunk
19:29
Add new sqlite3_prepare_v3() flag SQLITE_PREPARE_NO_VTAB, for preparing statements that are not allowed to use any virtual tables. Use this to prevent circular references in triggers on virtual table shadow tables from causing resource leaks. check-in: 25666e3d user: dan tags: prepare-no-vtab
18:51
In FTS3, avoid calling memcpy() with a NULL source pointer, even if the transfer amount is zero bytes. check-in: 1abb83d2 user: drh tags: trunk
18:50
The fts4umlaut.test module requires FTS5, so do not try to run it without that module. check-in: dee3ae90 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts3/fts3_write.c.

  1603   1603     sqlite3_int64 iEndBlock,        /* Final block of segment */
  1604   1604     const char *zRoot,              /* Buffer containing root node */
  1605   1605     int nRoot,                      /* Size of buffer containing root node */
  1606   1606     Fts3SegReader **ppReader        /* OUT: Allocated Fts3SegReader */
  1607   1607   ){
  1608   1608     Fts3SegReader *pReader;         /* Newly allocated SegReader object */
  1609   1609     int nExtra = 0;                 /* Bytes to allocate segment root node */
         1610  +
         1611  +  assert( zRoot!=0 || nRoot==0 );
         1612  +#ifdef CORRUPT_DB
         1613  +  assert( zRoot!=0 || CORRUPT_DB );
         1614  +#endif
  1610   1615   
  1611   1616     if( iStartLeaf==0 ){
  1612   1617       nExtra = nRoot + FTS3_NODE_PADDING;
  1613   1618     }
  1614   1619   
  1615   1620     pReader = (Fts3SegReader *)sqlite3_malloc(sizeof(Fts3SegReader) + nExtra);
  1616   1621     if( !pReader ){
................................................................................
  1624   1629     pReader->iEndBlock = iEndBlock;
  1625   1630   
  1626   1631     if( nExtra ){
  1627   1632       /* The entire segment is stored in the root node. */
  1628   1633       pReader->aNode = (char *)&pReader[1];
  1629   1634       pReader->rootOnly = 1;
  1630   1635       pReader->nNode = nRoot;
  1631         -    memcpy(pReader->aNode, zRoot, nRoot);
         1636  +    if( nRoot ) memcpy(pReader->aNode, zRoot, nRoot);
  1632   1637       memset(&pReader->aNode[nRoot], 0, FTS3_NODE_PADDING);
  1633   1638     }else{
  1634   1639       pReader->iCurrentBlock = iStartLeaf-1;
  1635   1640     }
  1636   1641     *ppReader = pReader;
  1637   1642     return SQLITE_OK;
  1638   1643   }

Added test/fts3fuzz001.test.

            1  +# 2012-12-21
            2  +#
            3  +# The author disclaims copyright to this source code.  In place of
            4  +# a legal notice, here is a blessing:
            5  +#
            6  +#    May you do good and not evil.
            7  +#    May you find forgiveness for yourself and forgive others.
            8  +#    May you share freely, never taking more than you give.
            9  +#
           10  +#***********************************************************************
           11  +#
           12  +# Test cases for corrupt database files.
           13  +
           14  +set testdir [file dirname $argv0]
           15  +source $testdir/tester.tcl
           16  +
           17  +ifcapable !deserialize||!fts3 {
           18  +  finish_test
           19  +  return
           20  +}
           21  +database_may_be_corrupt
           22  +
           23  +do_test fts3fuzz001-100 {
           24  +  sqlite3 db {}
           25  +  db deserialize [decode_hexdb {
           26  +| size 24576 pagesize 4096 filename c6.db
           27  +| page 1 offset 0
           28  +|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
           29  +|     16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 06   .....@  ........
           30  +|     32: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 04   ................
           31  +|     48: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00   ................
           32  +|     96: 00 00 00 00 0d 0e f9 00 06 0d ec 00 0f cd 0f 69   ...............i
           33  +|    112: 0f 01 0e 10 0e c6 0d ec 00 00 00 00 00 00 00 00   ................
           34  +|   3552: 00 00 00 00 00 00 00 00 00 00 00 00 22 06 06 17   ............"...
           35  +|   3568: 11 11 01 31 74 61 62 6c 65 74 32 74 32 06 43 52   ...1tablet2t2.CR
           36  +|   3584: 45 41 54 45 20 54 41 42 4c 45 20 74 32 28 78 29   EATE TABLE t2(x)
           37  +|   3600: 81 33 04 07 17 1f 1f 01 82 35 74 61 62 6c 65 74   .3.......5tablet
           38  +|   3616: 31 5f 73 65 67 64 69 72 74 31 5f 73 65 67 64 69   1_segdirt1_segdi
           39  +|   3632: 72 04 43 52 45 41 54 45 20 54 41 42 4c 45 20 27   r.CREATE TABLE '
           40  +|   3648: 74 31 5f 73 65 67 64 69 72 27 28 6c 65 76 65 6c   t1_segdir'(level
           41  +|   3664: 20 49 4e 54 45 47 45 52 2c 69 64 78 20 49 4e 54    INTEGER,idx INT
           42  +|   3680: 45 47 45 52 2c 73 74 61 72 74 5f 62 6c 6f 63 6b   EGER,start_block
           43  +|   3696: 20 49 4e 54 45 47 45 52 2c 6c 65 61 76 65 73 5f    INTEGER,leaves_
           44  +|   3712: 65 6e 64 5f 62 6c 6f 63 6b 20 49 4e 54 45 47 45   end_block INTEGE
           45  +|   3728: 52 2c 65 6e 64 5f 62 6c 6f 63 6b 20 49 4e 54 45   R,end_block INTE
           46  +|   3744: 47 45 52 2c 72 6f 6f 74 20 42 4c 4f 42 2c 50 52   GER,root BLOB,PR
           47  +|   3760: 49 4d 41 52 59 20 4b 45 59 28 6c 65 76 65 6c 2c   IMARY KEY(level,
           48  +|   3776: 20 69 64 78 29 29 31 05 06 17 45 1f 01 00 69 6e    idx))1...E...in
           49  +|   3792: 64 65 78 73 71 6c 69 74 65 5f 61 75 74 6f 69 6e   dexsqlite_autoin
           50  +|   3808: 64 65 78 5f 74 15 f7 36 56 76 46 97 25 f3 17 43   dex_t..6VvF.%..C
           51  +|   3824: 15 5f 73 65 67 64 69 72 05 00 00 00 08 00 00 00   ._segdir........
           52  +|   3840: 00 66 03 07 17 23 23 01 81 13 74 61 62 6c 65 74   .f...##...tablet
           53  +|   3856: 31 5f 73 65 67 6d 65 6e 74 73 74 31 5f 73 65 67   1_segmentst1_seg
           54  +|   3872: 6d 65 6e 74 73 03 43 52 45 41 54 45 20 54 41 42   ments.CREATE TAB
           55  +|   3888: 4c 45 20 27 74 31 5f 73 65 67 6d 65 6e 74 73 27   LE 't1_segments'
           56  +|   3904: 28 62 6c 6f 63 6b 69 64 20 49 4e 54 45 47 45 52   (blockid INTEGER
           57  +|   3920: 20 50 52 49 4d 41 52 59 20 4b 45 59 2c 20 62 6c    PRIMARY KEY, bl
           58  +|   3936: 6f 63 6b 20 42 4c 4f 42 29 62 02 07 17 21 21 01   ock BLOB)b...!!.
           59  +|   3952: 81 0f 74 61 62 6c 65 74 31 5f 63 6f 6e 74 65 6e   ..tablet1_conten
           60  +|   3968: 74 74 31 5f 63 6f 6e 74 65 6e 74 02 43 52 45 41   tt1_content.CREA
           61  +|   3984: 54 45 20 54 41 42 4c 45 20 27 74 31 5f 63 6f 6e   TE TABLE 't1_con
           62  +|   4000: 74 65 6e 74 27 28 64 6f 63 69 64 20 49 4e 54 45   tent'(docid INTE
           63  +|   4016: 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59 2c   GER PRIMARY KEY,
           64  +|   4032: 20 27 63 30 63 6f 6e 74 65 6e 74 27 29 31 01 06    'c0content')1..
           65  +|   4048: 17 11 11 08 51 74 61 62 6c 65 74 31 74 31 43 52   ....Qtablet1t1CR
           66  +|   4064: 45 41 54 45 20 56 49 52 54 55 41 4c 20 54 41 42   EATE VIRTUAL TAB
           67  +|   4080: 4c 45 20 74 31 20 55 53 49 4e 47 20 66 74 73 33   LE t1 USING fts3
           68  +| page 2 offset 4096
           69  +|      0: 0d 00 00 00 03 0f e0 00 0f f6 0f ec 0f e0 00 00   ................
           70  +|   4064: 0a 03 03 00 1b 61 62 61 6e 64 6f 6e 08 02 03 00   .....abandon....
           71  +|   4080: 17 61 62 61 66 74 08 01 03 00 17 61 62 61 63 6b   .abaft.....aback
           72  +| page 3 offset 8192
           73  +|      0: 0d 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00   ................
           74  +| page 4 offset 12288
           75  +|      0: 0d 00 00 00 01 0f d6 00 0f 00 00 00 00 00 00 00   ................
           76  +|   4048: 00 00 00 00 00 00 28 01 07 08 08 08 08 15 46 30   ......(.......F0
           77  +|   4064: 20 32 39 00 05 61 62 61 63 6b 03 01 02 00 03 02    29..aback......
           78  +|   4080: 66 74 03 02 02 00 03 04 6e 64 6f 6e 03 03 02 00   ft......ndon....
           79  +| page 5 offset 16384
           80  +|      0: 0a 00 00 00 01 0f fb 00 0f fb 00 00 00 00 00 00   ................
           81  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 04 04 08 08 09   ................
           82  +| page 6 offset 20480
           83  +|      0: 0d 00 00 00 05 0f b8 00 0f f4 0f e9 0f d6 0f c7   ................
           84  +|     16: 0f b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
           85  +|   4016: 00 00 00 00 00 00 00 00 0d 05 02 23 61 75 74 6f   ...........#auto
           86  +|   4032: 6d 65 72 67 65 3d 35 0d 04 02 23 6d 65 72 67 65   merge=5...#merge
           87  +|   4048: 3d 31 30 30 2c 38 11 03 02 2b 69 6e 74 65 67 72   =100,8...+integr
           88  +|   4064: 69 74 79 3d 63 68 65 63 6b 09 02 02 1b 72 65 62   ity=check....reb
           89  +|   4080: 75 69 6c 64 0a 01 02 1d 6f 70 74 69 6d 69 7a 65   uild....optimize
           90  +| end c6.db
           91  +  }]
           92  +  catchsql {
           93  +    INSERT INTO t1(t1) SELECT x FROM t2;
           94  +  }
           95  +} {1 {database disk image is malformed}}
           96  +do_test fts3fuzz001-110 {
           97  +  catchsql {
           98  +    INSERT INTO t1(t1) VALUES('integrity-check');
           99  +  }
          100  +} {1 {database disk image is malformed}}
          101  +do_test fts3fuzz001-120 {
          102  +  catchsql {
          103  +    INSERT INTO t1(t1) VALUES('optimize');
          104  +  }
          105  +} {0 {}}
          106  +do_test fts3fuzz001-121 {
          107  +  catchsql {
          108  +    INSERT INTO t1(t1) VALUES('integrity-check');
          109  +  }
          110  +} {1 {database disk image is malformed}}
          111  +
          112  +
          113  +finish_test