/ Check-in [0770363b30]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | branch-3.19
Files: files | file ages | folders
SHA3-256: 0770363b30382af76e87009192f3b59b8b089e2e2ad3dfac3392f52e78633a3b
User & Date: drh 2019-09-03 18:43:33
Context
2019-09-03
18:43
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. Leaf check-in: 0770363b30 user: drh tags: branch-3.19
17:55
Disable the undocumented rtreenode() SQL function that is only used for testing, except when doing a build that is specifically intended for testing. check-in: 34cd2d929e user: drh tags: branch-3.19
2019-03-18
15:49
Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. check-in: b3fa58dd74 user: dan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/fts5/fts5_hash.c.

440
441
442
443
444
445
446

447

448
449
450
451
452
453
454
  ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
  if( !ap ) return SQLITE_NOMEM;
  memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);

  for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
    Fts5HashEntry *pIter;
    for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){

      if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){

        Fts5HashEntry *pEntry = pIter;
        pEntry->pScanNext = 0;
        for(i=0; ap[i]; i++){
          pEntry = fts5HashEntryMerge(pEntry, ap[i]);
          ap[i] = 0;
        }
        ap[i] = pEntry;







>
|
>







440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
  ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
  if( !ap ) return SQLITE_NOMEM;
  memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);

  for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
    Fts5HashEntry *pIter;
    for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
      if( pTerm==0 
       || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm))
      ){
        Fts5HashEntry *pEntry = pIter;
        pEntry->pScanNext = 0;
        for(i=0; ap[i]; i++){
          pEntry = fts5HashEntryMerge(pEntry, ap[i]);
          ap[i] = 0;
        }
        ap[i] = pEntry;

Changes to ext/fts5/test/fts5aa.test.

587
588
589
590
591
592
593
594


595




596
597

598
599



  COMMIT;
}

do_execsql_test 22.1 {
  SELECT rowid FROM t9('a*')
} {1}

}








finish_test













|
>
>
|
>
>
>
>

<
>
|

>
>
>
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602

603
604
605
606
607
608
  COMMIT;
}

do_execsql_test 22.1 {
  SELECT rowid FROM t9('a*')
} {1}


do_execsql_test 25.0 {
  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
}
do_execsql_test 25.1 {
  BEGIN;
  INSERT INTO t13 VALUES('AAAA');
SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');


  END;
}

}

finish_test