Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a one byte buffer overread in fts3. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
6e3e014af91601ed1f3a9cbe23f7c426 |
| User & Date: | dan 2010-03-05 17:27:02 |
Context
|
2010-03-05
| ||
| 18:46 | Change a condition in sqlite3VdbeMemShallowCopy() to avoid accessing an unitialized variable (doing so was not dangerous, but caused a valgrind error). (check-in: 4793c381c6 user: dan tags: trunk) | |
| 17:27 | Fix a one byte buffer overread in fts3. (check-in: 6e3e014af9 user: dan tags: trunk) | |
| 16:32 | Modify the vdbe so that the comparison operator opcodes do not modify the data type of operands. Fix for [aa92c76cd4]. (check-in: 8858042fa1 user: dan tags: trunk) | |
Changes
Changes to ext/fts3/fts3.c.
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
....
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
|
assert( iVal-*piPrev > 0 || (*piPrev==0 && iVal==0) );
*pp += sqlite3Fts3PutVarint(*pp, iVal-*piPrev);
*piPrev = iVal;
}
/*
** When this function is called, *ppPoslist is assumed to point to the
** start of a position-list.
*/
static void fts3PoslistCopy(char **pp, char **ppPoslist){
char *pEnd = *ppPoslist;
char c = 0;
/* The end of a position list is marked by a zero encoded as an FTS3
** varint. A single 0x00 byte. Except, if the 0x00 byte is preceded by
................................................................................
char *pEnd = &pExpr->aDoclist[pExpr->nDoclist];
char *pCsr = pExpr->pCurrent;
assert( pCsr );
while( pCsr<pEnd ){
if( pExpr->iCurrent<iDocid ){
fts3PoslistCopy(0, &pCsr);
fts3GetDeltaVarint(&pCsr, &pExpr->iCurrent);
pExpr->pCurrent = pCsr;
}else{
if( pExpr->iCurrent==iDocid ){
int iThis = 0;
if( iCol<0 ){
/* If iCol is negative, return a pointer to the start of the
** position-list (instead of a pointer to the start of a list
|
|
>
>
>
>
>
>
|
>
|
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
....
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
|
assert( iVal-*piPrev > 0 || (*piPrev==0 && iVal==0) ); *pp += sqlite3Fts3PutVarint(*pp, iVal-*piPrev); *piPrev = iVal; } /* ** When this function is called, *ppPoslist is assumed to point to the ** start of a position-list. After it returns, *ppPoslist points to the ** first byte after the position-list. ** ** If pp is not NULL, then the contents of the position list are copied ** to *pp. *pp is set to point to the first byte past the last byte copied ** before this function returns. */ static void fts3PoslistCopy(char **pp, char **ppPoslist){ char *pEnd = *ppPoslist; char c = 0; /* The end of a position list is marked by a zero encoded as an FTS3 ** varint. A single 0x00 byte. Except, if the 0x00 byte is preceded by ................................................................................ char *pEnd = &pExpr->aDoclist[pExpr->nDoclist]; char *pCsr = pExpr->pCurrent; assert( pCsr ); while( pCsr<pEnd ){ if( pExpr->iCurrent<iDocid ){ fts3PoslistCopy(0, &pCsr); if( pCsr<pEnd ){ fts3GetDeltaVarint(&pCsr, &pExpr->iCurrent); } pExpr->pCurrent = pCsr; }else{ if( pExpr->iCurrent==iDocid ){ int iThis = 0; if( iCol<0 ){ /* If iCol is negative, return a pointer to the start of the ** position-list (instead of a pointer to the start of a list |