third_party/sqlite/patches/0007-Improve-corruption-detection-in-fts4.patch - chromium/src - Git at Google

 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Darwin Huang <huangdarwin@chromium.org>
 Date: Tue, 19 Nov 2019 15:34:00 -0800
 Subject: [PATCH 7/8] Improve corruption detection in fts4

 Backports https://www.sqlite.org/src/info/10f8a3b718e0f47b

 Bug: 1025467
 ---
  third_party/sqlite/patched/ext/fts3/fts3_snippet.c |  4 ++--
  third_party/sqlite/patched/test/fts4aa.test        | 11 +++++++++++
  2 files changed, 13 insertions(+), 2 deletions(-)

 diff --git a/third_party/sqlite/patched/ext/fts3/fts3_snippet.c b/third_party/sqlite/patched/ext/fts3/fts3_snippet.c
 index 39455dd104c5..dda71c3985af 100644
 --- a/third_party/sqlite/patched/ext/fts3/fts3_snippet.c
 +++ b/third_party/sqlite/patched/ext/fts3/fts3_snippet.c
 @@ -1065,10 +1065,10 @@ static int fts3MatchinfoSelectDoctotal(
    }
    pEnd = a + n;
    a += sqlite3Fts3GetVarintBounded(a, pEnd, &nDoc);
 -  if( nDoc==0 || a>pEnd ){
 +  if( nDoc<=0 || a>pEnd ){
      return FTS_CORRUPT_VTAB;
    }
 -  *pnDoc = (u32)nDoc;
 +  *pnDoc = nDoc;

    if( paLen ) *paLen = a;
    if( ppEnd ) *ppEnd = pEnd;
 diff --git a/third_party/sqlite/patched/test/fts4aa.test b/third_party/sqlite/patched/test/fts4aa.test
 index ddb6c177cf0a..ac477f4706dc 100644
 --- a/third_party/sqlite/patched/test/fts4aa.test
 +++ b/third_party/sqlite/patched/test/fts4aa.test
 @@ -226,6 +226,17 @@ do_catchsql_test fts4aa-5.70 {
    SELECT quote(matchinfo(t1,'a')) FROM t1 WHERE t1 MATCH 'one two';
  } {1 {database disk image is malformed}}

 +# 2019-11-18 https://bugs.chromium.org/p/chromium/issues/detail?id=1025467
 +db close
 +sqlite3 db :memory:
 +do_execsql_test fts4aa-6.10 {
 +  CREATE VIRTUAL TABLE f USING fts4();
 +  INSERT INTO f_segdir VALUES (77,91,0,0,'255 77',x'0001308000004d5c4ddddddd4d4d7b4d4d4d614d8019ff4d05000001204d4d2e4d6e4d4d4d4b4d6c4d004d4d4d4d4d4d3d000000004d5d4d4d645d4d004d4d4d4d4d4d4d4d4d454d6910004d05ffff054d646c4d004d5d4d4d4d4d3d000000004d4d4d4d4d4d4d4d4d4d4d69624d4d4d04004d4d4d4d4d604d4ce1404d554d45');
 +  INSERT INTO f_segdir VALUES (77,108,0,0,'255 77',x'0001310000fa64004d4d4d3c5d4d654d4d4d614d8000ff4d05000001204d4d2e4d6e4d4d4dff4d4d4d4d4d4d00104d4d4d4d000000004d4d4d0400311d4d4d4d4d4d4d4d4d4d684d6910004d05ffff054d4d6c4d004d4d4d4d4d4d3d000000004d4d4d4d644d4d4d4d4d4d69624d4d4d03ed4d4d4d4d4d604d4ce1404d550080');
 +  INSERT INTO f_stat VALUES (0,x'80808080100000000064004d4d4d3c4d4d654d4d4d614d8000ff4df6ff1a00204d4d2e4d6e4d4d4d104d4d4d4d4d4d00104d4d4d4d4d4d69574d4d4d000031044d4d4d3e4d4d4c4d05004d6910');
 +  SELECT quote(matchinfo(f,'pnax')) from f where f match '0 1';
 +} {X'0200000000000000000000000E0000000E00000001000000010000000100000001000000'}
 +
  # 2019-11-18 Detect infinite loop in fts3SelectLeaf()
  db close
  sqlite3 db :memory:
 --
 2.24.0.432.g9d3f5f5b63-goog
	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	From: Darwin Huang <huangdarwin@chromium.org>
	Date: Tue, 19 Nov 2019 15:34:00 -0800
	Subject: [PATCH 7/8] Improve corruption detection in fts4

	Backports https://www.sqlite.org/src/info/10f8a3b718e0f47b

	Bug: 1025467
	---
	third_party/sqlite/patched/ext/fts3/fts3_snippet.c \| 4 ++--
	third_party/sqlite/patched/test/fts4aa.test \| 11 +++++++++++
	2 files changed, 13 insertions(+), 2 deletions(-)

	diff --git a/third_party/sqlite/patched/ext/fts3/fts3_snippet.c b/third_party/sqlite/patched/ext/fts3/fts3_snippet.c
	index 39455dd104c5..dda71c3985af 100644
	--- a/third_party/sqlite/patched/ext/fts3/fts3_snippet.c
	+++ b/third_party/sqlite/patched/ext/fts3/fts3_snippet.c
	@@ -1065,10 +1065,10 @@ static int fts3MatchinfoSelectDoctotal(
	}
	pEnd = a + n;
	a += sqlite3Fts3GetVarintBounded(a, pEnd, &nDoc);
	- if( nDoc==0 \|\| a>pEnd ){
	+ if( nDoc<=0 \|\| a>pEnd ){
	return FTS_CORRUPT_VTAB;
	}
	- *pnDoc = (u32)nDoc;
	+ *pnDoc = nDoc;

	if( paLen ) *paLen = a;
	if( ppEnd ) *ppEnd = pEnd;
	diff --git a/third_party/sqlite/patched/test/fts4aa.test b/third_party/sqlite/patched/test/fts4aa.test
	index ddb6c177cf0a..ac477f4706dc 100644
	--- a/third_party/sqlite/patched/test/fts4aa.test
	+++ b/third_party/sqlite/patched/test/fts4aa.test
	@@ -226,6 +226,17 @@ do_catchsql_test fts4aa-5.70 {
	SELECT quote(matchinfo(t1,'a')) FROM t1 WHERE t1 MATCH 'one two';
	} {1 {database disk image is malformed}}

	+# 2019-11-18 https://bugs.chromium.org/p/chromium/issues/detail?id=1025467
	+db close
	+sqlite3 db :memory:
	+do_execsql_test fts4aa-6.10 {
	+ CREATE VIRTUAL TABLE f USING fts4();
	+ INSERT INTO f_segdir VALUES (77,91,0,0,'255 77',x'0001308000004d5c4ddddddd4d4d7b4d4d4d614d8019ff4d05000001204d4d2e4d6e4d4d4d4b4d6c4d004d4d4d4d4d4d3d000000004d5d4d4d645d4d004d4d4d4d4d4d4d4d4d454d6910004d05ffff054d646c4d004d5d4d4d4d4d3d000000004d4d4d4d4d4d4d4d4d4d4d69624d4d4d04004d4d4d4d4d604d4ce1404d554d45');
	+ INSERT INTO f_segdir VALUES (77,108,0,0,'255 77',x'0001310000fa64004d4d4d3c5d4d654d4d4d614d8000ff4d05000001204d4d2e4d6e4d4d4dff4d4d4d4d4d4d00104d4d4d4d000000004d4d4d0400311d4d4d4d4d4d4d4d4d4d684d6910004d05ffff054d4d6c4d004d4d4d4d4d4d3d000000004d4d4d4d644d4d4d4d4d4d69624d4d4d03ed4d4d4d4d4d604d4ce1404d550080');
	+ INSERT INTO f_stat VALUES (0,x'80808080100000000064004d4d4d3c4d4d654d4d4d614d8000ff4df6ff1a00204d4d2e4d6e4d4d4d104d4d4d4d4d4d00104d4d4d4d4d4d69574d4d4d000031044d4d4d3e4d4d4c4d05004d6910');
	+ SELECT quote(matchinfo(f,'pnax')) from f where f match '0 1';
	+} {X'0200000000000000000000000E0000000E00000001000000010000000100000001000000'}
	+
	# 2019-11-18 Detect infinite loop in fts3SelectLeaf()
	db close
	sqlite3 db :memory:
	--
	2.24.0.432.g9d3f5f5b63-goog