third_party/sqlite/patches/0003-Shadow-Table-Corruption-Detection-improvements-in-ft.patch - chromium/src - Git at Google

 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Darwin Huang <huangdarwin@chromium.org>
 Date: Tue, 19 Nov 2019 15:04:03 -0800
 Subject: [PATCH 3/8] Shadow Table Corruption Detection improvements in fts3

 Backports https://www.sqlite.org/src/info/51525f9c3235967b

 Bug: 1025466

 Note: Does not backport changes to binary file test/fuzzdata8.db
 ---
  third_party/sqlite/patched/ext/fts3/fts3.c       |  4 ++++
  third_party/sqlite/patched/ext/fts3/fts3Int.h    | 10 ++++++++++
  third_party/sqlite/patched/ext/fts3/fts3_write.c | 14 +++++++++++---
  3 files changed, 25 insertions(+), 3 deletions(-)

 diff --git a/third_party/sqlite/patched/ext/fts3/fts3.c b/third_party/sqlite/patched/ext/fts3/fts3.c
 index 3e72cd255bef..d15809f3198d 100644
 --- a/third_party/sqlite/patched/ext/fts3/fts3.c
 +++ b/third_party/sqlite/patched/ext/fts3/fts3.c
 @@ -1486,6 +1486,10 @@ static int fts3InitVtab(
    fts3DatabasePageSize(&rc, p);
    p->nNodeSize = p->nPgsz-35;

 +#if defined(SQLITE_DEBUG)||defined(SQLITE_TEST)
 +  p->nMergeCount = FTS3_MERGE_COUNT;
 +#endif
 +
    /* Declare the table schema to SQLite. */
    fts3DeclareVtab(&rc, p);

 diff --git a/third_party/sqlite/patched/ext/fts3/fts3Int.h b/third_party/sqlite/patched/ext/fts3/fts3Int.h
 index 22045109617c..edbac06ae7cc 100644
 --- a/third_party/sqlite/patched/ext/fts3/fts3Int.h
 +++ b/third_party/sqlite/patched/ext/fts3/fts3Int.h
 @@ -301,9 +301,19 @@ struct Fts3Table {
    /* True to disable the incremental doclist optimization. This is controled
    ** by special insert command 'test-no-incr-doclist'.  */
    int bNoIncrDoclist;
 +
 +  /* Number of segments in a level */
 +  int nMergeCount;
  #endif
  };

 +/* Macro to find the number of segments to merge */
 +#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
 +# define MergeCount(P) ((P)->nMergeCount)
 +#else
 +# define MergeCount(P) FTS3_MERGE_COUNT
 +#endif
 +
  /*
  ** When the core wants to read from the virtual table, it creates a
  ** virtual table cursor (an instance of the following structure) using
 diff --git a/third_party/sqlite/patched/ext/fts3/fts3_write.c b/third_party/sqlite/patched/ext/fts3/fts3_write.c
 index b7c6cd5a4be9..c28358c17479 100644
 --- a/third_party/sqlite/patched/ext/fts3/fts3_write.c
 +++ b/third_party/sqlite/patched/ext/fts3/fts3_write.c
 @@ -1153,7 +1153,7 @@ static int fts3AllocateSegdirIdx(
      ** segment and allocate (newly freed) index 0 at level iLevel. Otherwise,
      ** if iNext is less than FTS3_MERGE_COUNT, allocate index iNext.
      */
 -    if( iNext>=FTS3_MERGE_COUNT ){
 +    if( iNext>=MergeCount(p) ){
        fts3LogMerge(16, getAbsoluteLevel(p, iLangid, iIndex, iLevel));
        rc = fts3SegmentMerge(p, iLangid, iIndex, iLevel);
        *piIdx = 0;
 @@ -4280,6 +4280,10 @@ static int fts3IncrmergeLoad(
        int i;
        int nHeight = (int)aRoot[0];
        NodeWriter *pNode;
 +      if( nHeight<1 || nHeight>FTS_MAX_APPENDABLE_HEIGHT ){
 +        sqlite3_reset(pSelect);
 +        return FTS_CORRUPT_VTAB;
 +      }

        pWriter->nLeafEst = (int)((iEnd - iStart) + 1)/FTS_MAX_APPENDABLE_HEIGHT;
        pWriter->iStart = iStart;
 @@ -5039,7 +5043,7 @@ static int fts3DoIncrmerge(
    const char *zParam              /* Nul-terminated string containing "A,B" */
  ){
    int rc;
 -  int nMin = (FTS3_MERGE_COUNT / 2);
 +  int nMin = (MergeCount(p) / 2);
    int nMerge = 0;
    const char *z = zParam;

 @@ -5084,7 +5088,7 @@ static int fts3DoAutoincrmerge(
    int rc = SQLITE_OK;
    sqlite3_stmt *pStmt = 0;
    p->nAutoincrmerge = fts3Getint(&zParam);
 -  if( p->nAutoincrmerge==1 || p->nAutoincrmerge>FTS3_MERGE_COUNT ){
 +  if( p->nAutoincrmerge==1 || p->nAutoincrmerge>MergeCount(p) ){
      p->nAutoincrmerge = 8;
    }
    if( !p->bHasStat ){
 @@ -5372,6 +5376,10 @@ static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){
      }else if( nVal>21 && 0==sqlite3_strnicmp(zVal,"test-no-incr-doclist=",21) ){
        p->bNoIncrDoclist = atoi(&zVal[21]);
        rc = SQLITE_OK;
 +    }else if( nVal>11 && 0==sqlite3_strnicmp(zVal,"mergecount=",11) ){
 +      v = atoi(&zVal[11]);
 +      if( v>=4 && v<=FTS3_MERGE_COUNT && (v&1)==0 ) p->nMergeCount = v;
 +      rc = SQLITE_OK;
      }
  #endif

 --
 2.24.0.432.g9d3f5f5b63-goog
	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	From: Darwin Huang <huangdarwin@chromium.org>
	Date: Tue, 19 Nov 2019 15:04:03 -0800
	Subject: [PATCH 3/8] Shadow Table Corruption Detection improvements in fts3

	Backports https://www.sqlite.org/src/info/51525f9c3235967b

	Bug: 1025466

	Note: Does not backport changes to binary file test/fuzzdata8.db
	---
	third_party/sqlite/patched/ext/fts3/fts3.c \| 4 ++++
	third_party/sqlite/patched/ext/fts3/fts3Int.h \| 10 ++++++++++
	third_party/sqlite/patched/ext/fts3/fts3_write.c \| 14 +++++++++++---
	3 files changed, 25 insertions(+), 3 deletions(-)

	diff --git a/third_party/sqlite/patched/ext/fts3/fts3.c b/third_party/sqlite/patched/ext/fts3/fts3.c
	index 3e72cd255bef..d15809f3198d 100644
	--- a/third_party/sqlite/patched/ext/fts3/fts3.c
	+++ b/third_party/sqlite/patched/ext/fts3/fts3.c
	@@ -1486,6 +1486,10 @@ static int fts3InitVtab(
	fts3DatabasePageSize(&rc, p);
	p->nNodeSize = p->nPgsz-35;

	+#if defined(SQLITE_DEBUG)\|\|defined(SQLITE_TEST)
	+ p->nMergeCount = FTS3_MERGE_COUNT;
	+#endif
	+
	/* Declare the table schema to SQLite. */
	fts3DeclareVtab(&rc, p);

	diff --git a/third_party/sqlite/patched/ext/fts3/fts3Int.h b/third_party/sqlite/patched/ext/fts3/fts3Int.h
	index 22045109617c..edbac06ae7cc 100644
	--- a/third_party/sqlite/patched/ext/fts3/fts3Int.h
	+++ b/third_party/sqlite/patched/ext/fts3/fts3Int.h
	@@ -301,9 +301,19 @@ struct Fts3Table {
	/* True to disable the incremental doclist optimization. This is controled
	** by special insert command 'test-no-incr-doclist'. */
	int bNoIncrDoclist;
	+
	+ /* Number of segments in a level */
	+ int nMergeCount;
	#endif
	};

	+/* Macro to find the number of segments to merge */
	+#if defined(SQLITE_DEBUG) \|\| defined(SQLITE_TEST)
	+# define MergeCount(P) ((P)->nMergeCount)
	+#else
	+# define MergeCount(P) FTS3_MERGE_COUNT
	+#endif
	+
	/*
	** When the core wants to read from the virtual table, it creates a
	** virtual table cursor (an instance of the following structure) using
	diff --git a/third_party/sqlite/patched/ext/fts3/fts3_write.c b/third_party/sqlite/patched/ext/fts3/fts3_write.c
	index b7c6cd5a4be9..c28358c17479 100644
	--- a/third_party/sqlite/patched/ext/fts3/fts3_write.c
	+++ b/third_party/sqlite/patched/ext/fts3/fts3_write.c
	@@ -1153,7 +1153,7 @@ static int fts3AllocateSegdirIdx(
	** segment and allocate (newly freed) index 0 at level iLevel. Otherwise,
	** if iNext is less than FTS3_MERGE_COUNT, allocate index iNext.
	*/
	- if( iNext>=FTS3_MERGE_COUNT ){
	+ if( iNext>=MergeCount(p) ){
	fts3LogMerge(16, getAbsoluteLevel(p, iLangid, iIndex, iLevel));
	rc = fts3SegmentMerge(p, iLangid, iIndex, iLevel);
	*piIdx = 0;
	@@ -4280,6 +4280,10 @@ static int fts3IncrmergeLoad(
	int i;
	int nHeight = (int)aRoot[0];
	NodeWriter *pNode;
	+ if( nHeight<1 \|\| nHeight>FTS_MAX_APPENDABLE_HEIGHT ){
	+ sqlite3_reset(pSelect);
	+ return FTS_CORRUPT_VTAB;
	+ }

	pWriter->nLeafEst = (int)((iEnd - iStart) + 1)/FTS_MAX_APPENDABLE_HEIGHT;
	pWriter->iStart = iStart;
	@@ -5039,7 +5043,7 @@ static int fts3DoIncrmerge(
	const char zParam / Nul-terminated string containing "A,B" */
	){
	int rc;
	- int nMin = (FTS3_MERGE_COUNT / 2);
	+ int nMin = (MergeCount(p) / 2);
	int nMerge = 0;
	const char *z = zParam;

	@@ -5084,7 +5088,7 @@ static int fts3DoAutoincrmerge(
	int rc = SQLITE_OK;
	sqlite3_stmt *pStmt = 0;
	p->nAutoincrmerge = fts3Getint(&zParam);
	- if( p->nAutoincrmerge==1 \|\| p->nAutoincrmerge>FTS3_MERGE_COUNT ){
	+ if( p->nAutoincrmerge==1 \|\| p->nAutoincrmerge>MergeCount(p) ){
	p->nAutoincrmerge = 8;
	}
	if( !p->bHasStat ){
	@@ -5372,6 +5376,10 @@ static int fts3SpecialInsert(Fts3Table p, sqlite3_value pVal){
	}else if( nVal>21 && 0==sqlite3_strnicmp(zVal,"test-no-incr-doclist=",21) ){
	p->bNoIncrDoclist = atoi(&zVal[21]);
	rc = SQLITE_OK;
	+ }else if( nVal>11 && 0==sqlite3_strnicmp(zVal,"mergecount=",11) ){
	+ v = atoi(&zVal[11]);
	+ if( v>=4 && v<=FTS3_MERGE_COUNT && (v&1)==0 ) p->nMergeCount = v;
	+ rc = SQLITE_OK;
	}
	#endif

	--
	2.24.0.432.g9d3f5f5b63-goog