| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| From: Darwin Huang <huangdarwin@chromium.org> |
| Date: Tue, 19 Nov 2019 15:34:00 -0800 |
| Subject: [PATCH 7/8] Improve corruption detection in fts4 |
| |
| Backports https://www.sqlite.org/src/info/10f8a3b718e0f47b |
| |
| Bug: 1025467 |
| --- |
| third_party/sqlite/patched/ext/fts3/fts3_snippet.c | 4 ++-- |
| third_party/sqlite/patched/test/fts4aa.test | 11 +++++++++++ |
| 2 files changed, 13 insertions(+), 2 deletions(-) |
| |
| diff --git a/third_party/sqlite/patched/ext/fts3/fts3_snippet.c b/third_party/sqlite/patched/ext/fts3/fts3_snippet.c |
| index 39455dd104c5..dda71c3985af 100644 |
| --- a/third_party/sqlite/patched/ext/fts3/fts3_snippet.c |
| +++ b/third_party/sqlite/patched/ext/fts3/fts3_snippet.c |
| @@ -1065,10 +1065,10 @@ static int fts3MatchinfoSelectDoctotal( |
| } |
| pEnd = a + n; |
| a += sqlite3Fts3GetVarintBounded(a, pEnd, &nDoc); |
| - if( nDoc==0 || a>pEnd ){ |
| + if( nDoc<=0 || a>pEnd ){ |
| return FTS_CORRUPT_VTAB; |
| } |
| - *pnDoc = (u32)nDoc; |
| + *pnDoc = nDoc; |
| |
| if( paLen ) *paLen = a; |
| if( ppEnd ) *ppEnd = pEnd; |
| diff --git a/third_party/sqlite/patched/test/fts4aa.test b/third_party/sqlite/patched/test/fts4aa.test |
| index ddb6c177cf0a..ac477f4706dc 100644 |
| --- a/third_party/sqlite/patched/test/fts4aa.test |
| +++ b/third_party/sqlite/patched/test/fts4aa.test |
| @@ -226,6 +226,17 @@ do_catchsql_test fts4aa-5.70 { |
| SELECT quote(matchinfo(t1,'a')) FROM t1 WHERE t1 MATCH 'one two'; |
| } {1 {database disk image is malformed}} |
| |
| +# 2019-11-18 https://bugs.chromium.org/p/chromium/issues/detail?id=1025467 |
| +db close |
| +sqlite3 db :memory: |
| +do_execsql_test fts4aa-6.10 { |
| + CREATE VIRTUAL TABLE f USING fts4(); |
| + INSERT INTO f_segdir VALUES (77,91,0,0,'255 77',x'0001308000004d5c4ddddddd4d4d7b4d4d4d614d8019ff4d05000001204d4d2e4d6e4d4d4d4b4d6c4d004d4d4d4d4d4d3d000000004d5d4d4d645d4d004d4d4d4d4d4d4d4d4d454d6910004d05ffff054d646c4d004d5d4d4d4d4d3d000000004d4d4d4d4d4d4d4d4d4d4d69624d4d4d04004d4d4d4d4d604d4ce1404d554d45'); |
| + INSERT INTO f_segdir VALUES (77,108,0,0,'255 77',x'0001310000fa64004d4d4d3c5d4d654d4d4d614d8000ff4d05000001204d4d2e4d6e4d4d4dff4d4d4d4d4d4d00104d4d4d4d000000004d4d4d0400311d4d4d4d4d4d4d4d4d4d684d6910004d05ffff054d4d6c4d004d4d4d4d4d4d3d000000004d4d4d4d644d4d4d4d4d4d69624d4d4d03ed4d4d4d4d4d604d4ce1404d550080'); |
| + INSERT INTO f_stat VALUES (0,x'80808080100000000064004d4d4d3c4d4d654d4d4d614d8000ff4df6ff1a00204d4d2e4d6e4d4d4d104d4d4d4d4d4d00104d4d4d4d4d4d69574d4d4d000031044d4d4d3e4d4d4c4d05004d6910'); |
| + SELECT quote(matchinfo(f,'pnax')) from f where f match '0 1'; |
| +} {X'0200000000000000000000000E0000000E00000001000000010000000100000001000000'} |
| + |
| # 2019-11-18 Detect infinite loop in fts3SelectLeaf() |
| db close |
| sqlite3 db :memory: |
| -- |
| 2.24.0.432.g9d3f5f5b63-goog |
| |