patches/0008-Further-improve-corruption-detection-in-fts3.patch - chromium/src/third_party/sqlite - Git at Google

 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Darwin Huang <huangdarwin@chromium.org>
 Date: Wed, 20 Nov 2019 10:58:51 -0800
 Subject: [PATCH 8/8] Further improve corruption detection in fts3

 Backports https://sqlite.org/src/info/a0f6d526baecd061 (aka
 https://sqlite.org/src/info/a0f6d526baecd061a5e2)

 Bug: 1025473, 1025465
 ---
  third_party/sqlite/patched/ext/fts3/fts3.c       | 2 +-
  third_party/sqlite/patched/ext/fts3/fts3_write.c | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)

 diff --git a/third_party/sqlite/patched/ext/fts3/fts3.c b/third_party/sqlite/patched/ext/fts3/fts3.c
 index 518497f24a06..8d48f22fec24 100644
 --- a/third_party/sqlite/patched/ext/fts3/fts3.c
 +++ b/third_party/sqlite/patched/ext/fts3/fts3.c
 @@ -2025,7 +2025,7 @@ static int fts3SelectLeaf(
      if( rc==SQLITE_OK ){
        int iNewHeight = 0;
        fts3GetVarint32(zBlob, &iNewHeight);
 -      if( iNewHeight<=iHeight ){
 +      if( iNewHeight>=iHeight ){
          rc = FTS_CORRUPT_VTAB;
        }else{
          rc = fts3SelectLeaf(p, zTerm, nTerm, zBlob, nBlob, piLeaf, piLeaf2);
 diff --git a/third_party/sqlite/patched/ext/fts3/fts3_write.c b/third_party/sqlite/patched/ext/fts3/fts3_write.c
 index 146c507b5d0b..953b9d86959e 100644
 --- a/third_party/sqlite/patched/ext/fts3/fts3_write.c
 +++ b/third_party/sqlite/patched/ext/fts3/fts3_write.c
 @@ -1379,7 +1379,7 @@ static int fts3SegReaderNext(
    pNext += fts3GetVarint32(pNext, &nSuffix);
    if( nSuffix<=0
     || (&pReader->aNode[pReader->nNode] - pNext)<nSuffix
 -   || nPrefix>pReader->nTermAlloc
 +   || nPrefix>pReader->nTerm
    ){
      return FTS_CORRUPT_VTAB;
    }
 --
 2.24.0.432.g9d3f5f5b63-goog
	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	From: Darwin Huang <huangdarwin@chromium.org>
	Date: Wed, 20 Nov 2019 10:58:51 -0800
	Subject: [PATCH 8/8] Further improve corruption detection in fts3

	Backports https://sqlite.org/src/info/a0f6d526baecd061 (aka
	https://sqlite.org/src/info/a0f6d526baecd061a5e2)

	Bug: 1025473, 1025465
	---
	third_party/sqlite/patched/ext/fts3/fts3.c \| 2 +-
	third_party/sqlite/patched/ext/fts3/fts3_write.c \| 2 +-
	2 files changed, 2 insertions(+), 2 deletions(-)

	diff --git a/third_party/sqlite/patched/ext/fts3/fts3.c b/third_party/sqlite/patched/ext/fts3/fts3.c
	index 518497f24a06..8d48f22fec24 100644
	--- a/third_party/sqlite/patched/ext/fts3/fts3.c
	+++ b/third_party/sqlite/patched/ext/fts3/fts3.c
	@@ -2025,7 +2025,7 @@ static int fts3SelectLeaf(
	if( rc==SQLITE_OK ){
	int iNewHeight = 0;
	fts3GetVarint32(zBlob, &iNewHeight);
	- if( iNewHeight<=iHeight ){
	+ if( iNewHeight>=iHeight ){
	rc = FTS_CORRUPT_VTAB;
	}else{
	rc = fts3SelectLeaf(p, zTerm, nTerm, zBlob, nBlob, piLeaf, piLeaf2);
	diff --git a/third_party/sqlite/patched/ext/fts3/fts3_write.c b/third_party/sqlite/patched/ext/fts3/fts3_write.c
	index 146c507b5d0b..953b9d86959e 100644
	--- a/third_party/sqlite/patched/ext/fts3/fts3_write.c
	+++ b/third_party/sqlite/patched/ext/fts3/fts3_write.c
	@@ -1379,7 +1379,7 @@ static int fts3SegReaderNext(
	pNext += fts3GetVarint32(pNext, &nSuffix);
	if( nSuffix<=0
	\|\| (&pReader->aNode[pReader->nNode] - pNext)<nSuffix
	- \|\| nPrefix>pReader->nTermAlloc
	+ \|\| nPrefix>pReader->nTerm
	){
	return FTS_CORRUPT_VTAB;
	}
	--
	2.24.0.432.g9d3f5f5b63-goog