/ Check-in [6b6751cd]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a "jump depends on unititialized value" valgrind error in fts5 triggered by corrupt database records.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 6b6751cd90601a1e2744a7d233c973291ecb783801b9327c3b99734dd22bcd27
User & Date: dan 2019-09-18 11:46:34
Context
2019-09-18
12:49
Fix another potential "jump depends on uninitialized value" warning. check-in: 633b214e user: drh tags: trunk
11:46
Fix a "jump depends on unititialized value" valgrind error in fts5 triggered by corrupt database records. check-in: 6b6751cd user: dan tags: trunk
11:16
Fix an OOB read in the INSTR() function introduced yesterday by check-in [3fb40f518086c1e8] and detected by OSSFuzz. The test case is in TH3. check-in: d49047c1 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_index.c.

   709    709   static void fts5DataRelease(Fts5Data *pData){
   710    710     sqlite3_free(pData);
   711    711   }
   712    712   
   713    713   static Fts5Data *fts5LeafRead(Fts5Index *p, i64 iRowid){
   714    714     Fts5Data *pRet = fts5DataRead(p, iRowid);
   715    715     if( pRet ){
   716         -    if( pRet->szLeaf>pRet->nn ){
          716  +    if( pRet->nn<4 || pRet->szLeaf>pRet->nn ){
   717    717         p->rc = FTS5_CORRUPT;
   718    718         fts5DataRelease(pRet);
   719    719         pRet = 0;
   720    720       }
   721    721     }
   722    722     return pRet;
   723    723   }

Changes to ext/fts5/test/fts5corrupt3.test.

  9688   9688   |   4080: 00 00 00 00 0b 03 1b 01 76 65 72 73 69 6f 6e 04   ........version.
  9689   9689   | end crash-3aef66940ace0c.db
  9690   9690   }]} {}
  9691   9691   
  9692   9692   do_catchsql_test 65.1 {
  9693   9693     SELECT ( MATCH (t1,591)) FROM t1 WHERE t1 MATCH 'e*eŸ'
  9694   9694   } {1 {database disk image is malformed}}
         9695  +
         9696  +#-------------------------------------------------------------------------
         9697  +#
         9698  +reset_db
         9699  +do_test 66.0 {
         9700  +  sqlite3 db {}
         9701  +  db deserialize [decode_hexdb {
         9702  +.open --hexdb
         9703  +| size 28672 pagesize 4096 filename crash-37cecb4e784e9f.db
         9704  +| page 1 offset 0
         9705  +|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
         9706  +|     16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 07   .....@  ........
         9707  +|     96: 00 00 00 00 0d 00 00 00 07 0d d2 00 0f c4 0f 6d   ...............m
         9708  +|    112: 0f 02 0e ab 0e 4e 0d f6 0d d2 00 00 00 00 00 00   .....N..........
         9709  +|   3536: 00 00 22 07 06 17 11 11 01 31 74 61 62 6c 65 74   .........1tablet
         9710  +|   3552: 32 74 32 07 43 52 45 41 54 45 20 54 41 42 4c 45   2t2.CREATE TABLE
         9711  +|   3568: 20 74 32 28 78 29 56 06 06 17 1f 1f 01 7d 74 61    t2(x)V.......ta
         9712  +|   3584: 62 6c 65 74 31 5f 63 6f 6e 66 69 67 74 31 5f 63   blet1_configt1_c
         9713  +|   3600: 6f 6e 66 69 67 06 43 52 45 41 54 45 20 54 41 42   onfig.CREATE TAB
         9714  +|   3616: 4c 45 20 27 74 31 5f 63 6f 6e 66 69 67 27 28 6b   LE 't1_config'(k
         9715  +|   3632: 20 50 52 49 4d 41 52 59 20 4b 45 59 2c 20 76 29    PRIMARY KEY, v)
         9716  +|   3648: 20 57 49 54 48 4f 55 54 20 52 4f 57 49 44 5b 05    WITHOUT ROWID[.
         9717  +|   3664: 07 17 21 21 01 81 01 74 61 62 6c 65 74 31 5f 64   ..!!...tablet1_d
         9718  +|   3680: 6f 63 73 69 7a 65 74 31 5f 64 6f 63 73 69 7a 65   ocsizet1_docsize
         9719  +|   3696: 05 43 52 45 41 54 45 20 54 41 42 4c 45 20 27 74   .CREATE TABLE 't
         9720  +|   3712: 31 5f 64 6f 63 73 69 7a 65 27 28 69 64 20 49 4e   1_docsize'(id IN
         9721  +|   3728: 54 45 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45   TEGER PRIMARY KE
         9722  +|   3744: 59 2c 20 73 7a 20 42 4c 4f 42 29 55 04 06 17 21   Y, sz BLOB)U...!
         9723  +|   3760: 21 01 77 74 61 62 6c 65 74 31 5f 63 6f 6e 74 65   !.wtablet1_conte
         9724  +|   3776: 6e 74 74 31 5f 63 6f 6e 74 65 6e 74 04 43 52 45   ntt1_content.CRE
         9725  +|   3792: 41 54 45 20 54 41 42 4c 45 20 27 74 31 5f 63 6f   ATE TABLE 't1_co
         9726  +|   3808: 6e 74 65 6e 74 27 28 69 64 20 49 4e 54 45 47 45   ntent'(id INTEGE
         9727  +|   3824: 52 20 50 52 49 4d 41 52 59 20 4b 45 59 2c 20 63   R PRIMARY KEY, c
         9728  +|   3840: 30 29 69 03 07 17 19 19 01 81 2d 74 61 62 6c 65   0)i.......-table
         9729  +|   3856: 74 31 5f 69 64 78 74 31 5f 69 64 78 03 43 52 45   t1_idxt1_idx.CRE
         9730  +|   3872: 41 54 45 20 54 41 42 4c 45 20 27 74 31 5f 69 64   ATE TABLE 't1_id
         9731  +|   3888: 78 27 28 73 65 67 69 64 2c 20 74 65 72 6d 2c 20   x'(segid, term, 
         9732  +|   3904: 70 67 6e 6f 2c 20 50 52 49 4d 41 52 59 20 4b 45   pgno, PRIMARY KE
         9733  +|   3920: 59 28 73 65 67 69 64 2c 20 74 65 72 6d 29 29 20   Y(segid, term)) 
         9734  +|   3936: 57 49 54 48 4f 55 54 20 52 4f 57 49 44 55 02 07   WITHOUT ROWIDU..
         9735  +|   3952: 17 1b 1b 01 81 01 74 61 62 6c 65 74 31 5f 64 61   ......tablet1_da
         9736  +|   3968: 74 61 74 31 5f 64 61 74 61 02 43 52 45 41 54 45   tat1_data.CREATE
         9737  +|   3984: 20 54 41 42 4c 45 20 27 74 31 5f 64 61 74 61 27    TABLE 't1_data'
         9738  +|   4000: 28 69 64 20 49 4e 54 45 47 45 52 20 50 52 49 4d   (id INTEGER PRIM
         9739  +|   4016: 41 52 49 20 4b 45 59 2c 20 62 6c 6f 63 6b 20 42   ARI KEY, block B
         9740  +|   4032: 4c 4f 42 29 3a 01 06 17 11 11 08 63 74 61 62 6c   LOB):......ctabl
         9741  +|   4048: 65 74 31 74 31 43 52 45 41 54 45 20 56 49 52 54   et1t1CREATE VIRT
         9742  +|   4064: 55 41 4c 20 54 41 42 4c 45 20 74 31 20 55 53 49   UAL TABLE t1 USI
         9743  +|   4080: 4e 47 20 66 74 73 35 28 63 6f 6e 74 65 6e 74 29   NG fts5(content)
         9744  +| page 2 offset 4096
         9745  +|      0: 0d 00 00 00 03 0f bd 00 0f e8 0f ef 0f bd 00 01   ................
         9746  +|   4016: 00 00 00 00 00 00 00 00 00 00 00 00 00 24 84 80   .............$..
         9747  +|   4032: 80 80 80 01 03 00 4e 00 00 00 1e 06 30 61 62 61   ......N.....0aba
         9748  +|   4048: 63 6b 01 02 02 04 02 66 74 02 02 02 04 04 6e 64   ck.....ft.....nd
         9749  +|   4064: 6f 6e 03 02 02 04 0a 07 05 01 03 00 10 03 03 0f   on..............
         9750  +|   4080: 0a 03 00 24 00 00 00 00 01 01 01 00 01 00 01 01   ...$............
         9751  +| page 3 offset 8192
         9752  +|      0: 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
         9753  +|   4080: 00 00 00 00 00 00 00 00 00 00 05 04 09 0c 01 02   ................
         9754  +| page 4 offset 12288
         9755  +|      0: 0d 00 00 00 03 0f e0 00 0f f6 0f ec 0f e0 00 00   ................
         9756  +|   4064: 0a 03 03 00 1b 61 62 61 6e 64 6f 6e 08 02 03 00   .....abandon....
         9757  +|   4080: 17 61 62 61 66 74 08 01 03 00 17 61 62 61 63 6b   .abaft.....aback
         9758  +| page 5 offset 16384
         9759  +|      0: 0d 00 00 00 03 0f ee 00 0f fa 0f f4 0f ee 00 00   ................
         9760  +|   4064: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 03   ................
         9761  +|   4080: 03 00 0e 01 04 02 03 00 0e 01 04 01 03 00 0e 01   ................
         9762  +| page 6 offset 20480
         9763  +|      0: 0a 00 00 01 01 0f f4 00 0f f4 00 00 00 00 00 00   ................
         9764  +|   4080: 00 00 00 00 0b 03 1b 01 76 65 72 73 69 6f 6e 04   ........version.
         9765  +| page 7 offset 24576
         9766  +|      0: 0d 00 00 00 03 0f d6 00 0f f4 0f e1 0f d6 00 00   ................
         9767  +|   4048: 00 00 00 00 00 00 09 01 52 1b 72 65 62 75 69 6c   ........R.rebuil
         9768  +|   4064: 64 11 02 02 2b 69 6e 74 65 67 72 69 74 79 2d 63   d...+integrity-c
         9769  +|   4080: 68 65 63 6b 0a 01 02 1d 6f 70 74 69 6d 69 7a 65   heck....optimize
         9770  +| end crash-37cecb4e784e9f.db
         9771  +}]} {}
         9772  +
         9773  +do_catchsql_test 66.1 {
         9774  +  INSERT INTO t1(t1) VALUES('integrity-check');
         9775  +} {1 {database disk image is malformed}}
  9695   9776   
  9696   9777   
  9697   9778   
  9698   9779   sqlite3_fts5_may_be_corrupt 0
  9699   9780   finish_test
  9700   9781