Fix an fts5 problem with corrupt database handling found by address-sanitizer.

FossilOrigin-Name: e22252e1da4cd9e41b970970a1c4f466aa6cc133

diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 65b92a2b99b1c5baaee9cdb80f0e46387dac9474..ef36e007dfddc212b4e7f1dda345109b6a275c6f 100644 (file)
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -702,7 +702,6 @@ static Fts5Data *fts5DataRead(Fts5Index *p, i64 iRowid){
   return pRet;
 }
 
-
 /*
 ** Release a reference to data record returned by an earlier call to
 ** fts5DataRead().
@@ -711,6 +710,18 @@ static void fts5DataRelease(Fts5Data *pData){
   sqlite3_free(pData);
 }
 
+static Fts5Data *fts5LeafRead(Fts5Index *p, i64 iRowid){
+  Fts5Data *pRet = fts5DataRead(p, iRowid);
+  if( pRet ){
+    if( pRet->szLeaf>pRet->nn ){
+      p->rc = FTS5_CORRUPT;
+      fts5DataRelease(pRet);
+      pRet = 0;
+    }
+  }
+  return pRet;
+}
+
 static int fts5IndexPrepareStmt(
   Fts5Index *p,
   sqlite3_stmt **ppStmt,
@@ -1519,7 +1530,7 @@ static void fts5SegIterNextPage(
     pIter->pLeaf = pIter->pNextLeaf;
     pIter->pNextLeaf = 0;
   }else if( pIter->iLeafPgno<=pSeg->pgnoLast ){
-    pIter->pLeaf = fts5DataRead(p, 
+    pIter->pLeaf = fts5LeafRead(p, 
         FTS5_SEGMENT_ROWID(pSeg->iSegid, pIter->iLeafPgno)
     );
   }else{
@@ -2022,9 +2033,8 @@ static void fts5SegIterNext(
         if( pLeaf->nn>pLeaf->szLeaf ){
           pIter->iPgidxOff = pLeaf->szLeaf + fts5GetVarint32(
               &pLeaf->p[pLeaf->szLeaf], pIter->iEndofDoclist
-              );
+          );
         }
-
       }
       else if( pLeaf->nn>pLeaf->szLeaf ){
         pIter->iPgidxOff = pLeaf->szLeaf + fts5GetVarint32(
@@ -2269,6 +2279,11 @@ static void fts5LeafSeek(
     iTermOff += nKeep;
     iOff = iTermOff;
 
+    if( iOff>=n ){
+      p->rc = FTS5_CORRUPT;
+      return;
+    }
+
     /* Read the nKeep field of the next term. */
     fts5FastGetVarint32(a, iOff, nKeep);
   }

diff --git a/ext/fts5/test/fts5corrupt2.test b/ext/fts5/test/fts5corrupt2.test
index 3a4fcfaaedd81ae7bdac59a105a3135dbe2f5c71..c10017a266782f92bf902da60880bdb4d2beac9c 100644 (file)
--- a/ext/fts5/test/fts5corrupt2.test
+++ b/ext/fts5/test/fts5corrupt2.test
@@ -37,7 +37,7 @@ do_execsql_test 1.0 {
 }
 set mask [expr 31 << 31]
 
-if 1 {
+if 0 {
 
 # Test 1:
 #
@@ -84,6 +84,8 @@ foreach {tno stmt} {
   }
 }
 
+}
+
 # Using the same database as the 1.* tests.
 #
 # Run N-1 tests, where N is the number of bytes in the rightmost leaf page
@@ -212,8 +214,6 @@ foreach {tn nCut} {
   # do_test 4.$tn.x { expr $nCorrupt>0 } 1
 }
 
-}
-
 set doc [string repeat "A B C " 1000]
 do_execsql_test 5.0 {
   CREATE VIRTUAL TABLE x5 USING fts5(tt);

diff --git a/manifest b/manifest
index a564676413213cef4bdb3dcb0bdf1cab10a2a992..6436f4369f7be0ccc8d0206f9b08b136c12c6da1 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sbuffer\soverread\sin\sfts5.
-D 2016-08-13T06:38:31.533
+C Fix\san\sfts5\sproblem\swith\scorrupt\sdatabase\shandling\sfound\sby\saddress-sanitizer.
+D 2016-08-13T10:34:12.755
 F Makefile.in cfd8fb987cd7a6af046daa87daa146d5aad0e088
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc d66d0395c38571aab3804f8db0fa20707ae4609a
@@ -104,7 +104,7 @@ F ext/fts5/fts5_buffer.c 4c1502d4c956cd092c89ce4480867f9d8bf325cd
 F ext/fts5/fts5_config.c 5af9c360e99669d29f06492c370892394aba0857
 F ext/fts5/fts5_expr.c 1ee97156421919e497595bfa962bb88ad1665401
 F ext/fts5/fts5_hash.c 880998e596b60f078348d48732ca4ad9a90caad2
-F ext/fts5/fts5_index.c 05386732609221d066d204b22c4a5275a0225ed4
+F ext/fts5/fts5_index.c 2d146d5c547f60d22d6fc4014d5e2b64248cd7c4
 F ext/fts5/fts5_main.c f85281445dcf8be32d18841c93a6f90fe27dbfe2
 F ext/fts5/fts5_storage.c de0ed8a06738bde433afe11e92295ceaffbc4e58
 F ext/fts5/fts5_tcl.c 4a901f00c8553740dba63511603f5527d741c26a
@@ -141,7 +141,7 @@ F ext/fts5/test/fts5config.test 7788b9c058074d640dfcdd81d97b6a9480000368
 F ext/fts5/test/fts5conflict.test 26f4e46c4d31e16221794832a990dc4e30e18de5
 F ext/fts5/test/fts5content.test 9a952c95518a14182dc3b59e3c8fa71cda82a4e1
 F ext/fts5/test/fts5corrupt.test c2ad090192708150d50d961278df10ae7a4b8b62
-F ext/fts5/test/fts5corrupt2.test 26c0a39dd9ff73207e6229f83b50b21d37c7658c
+F ext/fts5/test/fts5corrupt2.test 128eb6e2d26b09f4da339e581f424b3321e0fdaa
 F ext/fts5/test/fts5corrupt3.test f77f65e386231daf62902466b40ff998b2c8ce4f
 F ext/fts5/test/fts5detail.test ef5c690535a797413acaf5ad9b8ab5d49972df69
 F ext/fts5/test/fts5determin.test 10648edb75ef1e196b10978fd21a9be0c31e09c3
@@ -1510,7 +1510,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P ed406d31ff54ee3de8db91690a966e5c561f8f94
-R c7f71e9982fe95b86462907f7307b757
+P fcfbee6c7d33a9ae7feb46044a0c2fe680460d39
+R ca2c772c8f9b99e461286a4305c18761
 U dan
-Z faa5a19931d7d3892f5c4860f7744222
+Z c72588ab1f18a0198f4aa8645b38264f

diff --git a/manifest.uuid b/manifest.uuid
index b2e843f3ec0f32ae252c7b7c085364743ecdf281..5e6595cd5eb3f73c559074f1994704a0ea16216a 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-fcfbee6c7d33a9ae7feb46044a0c2fe680460d39
\ No newline at end of file
+e22252e1da4cd9e41b970970a1c4f466aa6cc133
\ No newline at end of file