Fix a problem in fts5 where a corrupt db could lead to a (huge) buffer overread.

author dan <dan@noemail.net>

Mon, 29 Feb 2016 17:34:16 +0000 (17:34 +0000)

committer dan <dan@noemail.net>

Mon, 29 Feb 2016 17:34:16 +0000 (17:34 +0000)
author dan <dan@noemail.net>
Mon, 29 Feb 2016 17:34:16 +0000 (17:34 +0000)
committer dan <dan@noemail.net>
Mon, 29 Feb 2016 17:34:16 +0000 (17:34 +0000)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c

index cb6360ad67d135b490f32864f3aa80efd79c06c6..ac97a7d75f6c0a6111f451c2bac578e200ab7eb3 100644 (file)
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -698,6 +698,7 @@ static Fts5Data *fts5DataRead(Fts5Index *p, i64 iRowid){
    return pRet;
  }
  
+
  /*
  ** Release a reference to data record returned by an earlier call to
  ** fts5DataRead().
@@ -2154,6 +2155,10 @@ static void fts5LeafSeek(
    iPgidx = szLeaf;
    iPgidx += fts5GetVarint32(&a[iPgidx], iTermOff);
    iOff = iTermOff;
+  if( iOff>n ){
+    p->rc = FTS5_CORRUPT;
+    return;
+  }
  
    while( 1 ){
  
diff --git a/manifest b/manifest

index 0a0a2a762c3428cc853b67cf7d13c64466001175..bacddf080cf561dc339bab6bca6e7444a7f21fd0 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\san\sfts5\sproblem\scausing\s'optimize'\sto\scorrupt\sthe\sfts\sindex\sunder\ssome\scircumstances.
-D 2016-02-29T17:16:26.225
+C Fix\sa\sproblem\sin\sfts5\swhere\sa\scorrupt\sdb\scould\slead\sto\sa\s(huge)\sbuffer\soverread.
+D 2016-02-29T17:34:16.069
  F Makefile.in 4e90dc1521879022aa9479268a4cd141d1771142
  F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
  F Makefile.msc 4f319afb7c049d40aff7af6e8c4e7cc2ba18e079
@@ -104,7 +104,7 @@ F ext/fts5/fts5_buffer.c 4c1502d4c956cd092c89ce4480867f9d8bf325cd
  F ext/fts5/fts5_config.c 35c5173cae4eb17e82164a7f5aeef56a48903079
  F ext/fts5/fts5_expr.c 8e8e4635f655133eb39018072fc0f0942a2c4337
  F ext/fts5/fts5_hash.c f3a7217c86eb8f272871be5f6aa1b6798960a337
-F ext/fts5/fts5_index.c 745bc6f0e0c13c3b659be0bae72fa6067d1708c9
+F ext/fts5/fts5_index.c 26a4a6112864feb599a6f6144d06a78bb179736a
  F ext/fts5/fts5_main.c db24ac714c6c4a1b3c24a1f8c25889f2952148c1
  F ext/fts5/fts5_storage.c f8343db90d8c95a4d4b52f6676e354b4649ffd6e
  F ext/fts5/fts5_tcl.c f8731e0508299bd43f1a2eff7dbeaac870768966
@@ -1451,7 +1451,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 4b55c520f554163edc174e5995e66242f169cb04
-R e6d22f9f71f3990f592583cd83eb05c9
+P 251d6473f7c9ad95adbdcc49cb8eaf7c0956764b
+R 1a43d3061a1f154a38fc05ffa17e1f4a
  U dan
-Z fe2b648248ba7cac53004b260ee02700
+Z 0ef60cd2035dd9bea82e9df13f5bcf57
diff --git a/manifest.uuid b/manifest.uuid

index 6e08bfef9460f9ba2dfb9f7d082b891328f98b60..2a4a25da5e8ff4680a636bde71ca60bc46aef60f 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-251d6473f7c9ad95adbdcc49cb8eaf7c0956764b
-\ No newline at end of file
+c9a30e117f2c6c9ef0cc0c6ca5227d2961715b8f
+\ No newline at end of file
author	dan <dan@noemail.net>
	Mon, 29 Feb 2016 17:34:16 +0000 (17:34 +0000)
committer	dan <dan@noemail.net>
	Mon, 29 Feb 2016 17:34:16 +0000 (17:34 +0000)
ext/fts5/fts5_index.c		patch \| blob \| blame \| history
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history