Fix an undefined-integer-overflow problem in fts3.c.

author dan <Dan Kennedy>

Wed, 5 May 2021 11:47:34 +0000 (11:47 +0000)

committer dan <Dan Kennedy>

Wed, 5 May 2021 11:47:34 +0000 (11:47 +0000)
author dan <Dan Kennedy>
Wed, 5 May 2021 11:47:34 +0000 (11:47 +0000)
committer dan <Dan Kennedy>
Wed, 5 May 2021 11:47:34 +0000 (11:47 +0000)
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c

index e1c8b49c054f510b2f3493613dc88eff5f7c93ad..9c5703d3f18f6a8698ce7a09323c6e113cdb5b2f 100644 (file)
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -1899,7 +1899,7 @@ static int fts3ScanInteriorNode(
    char *zBuffer = 0;              /* Buffer to load terms into */
    i64 nAlloc = 0;                 /* Size of allocated buffer */
    int isFirstTerm = 1;            /* True when processing first term on page */
-  sqlite3_int64 iChild;           /* Block id of child node to descend to */
+  u64 iChild;                     /* Block id of child node to descend to */
    int nBuffer = 0;                /* Total term size */
  
    /* Skip over the 'height' varint that occurs at the start of every 
@@ -1915,8 +1915,8 @@ static int fts3ScanInteriorNode(
    ** table, then there are always 20 bytes of zeroed padding following the
    ** nNode bytes of content (see sqlite3Fts3ReadBlock() for details).
    */
-  zCsr += sqlite3Fts3GetVarint(zCsr, &iChild);
-  zCsr += sqlite3Fts3GetVarint(zCsr, &iChild);
+  zCsr += sqlite3Fts3GetVarintU(zCsr, &iChild);
+  zCsr += sqlite3Fts3GetVarintU(zCsr, &iChild);
    if( zCsr>zEnd ){
      return FTS_CORRUPT_VTAB;
    }
@@ -1969,20 +1969,20 @@ static int fts3ScanInteriorNode(
      */
      cmp = memcmp(zTerm, zBuffer, (nBuffer>nTerm ? nTerm : nBuffer));
      if( piFirst && (cmp<0 || (cmp==0 && nBuffer>nTerm)) ){
-      *piFirst = iChild;
+      *piFirst = (i64)iChild;
        piFirst = 0;
      }
  
      if( piLast && cmp<0 ){
-      *piLast = iChild;
+      *piLast = (i64)iChild;
        piLast = 0;
      }
  
      iChild++;
    };
  
-  if( piFirst ) *piFirst = iChild;
-  if( piLast ) *piLast = iChild;
+  if( piFirst ) *piFirst = (i64)iChild;
+  if( piLast ) *piLast = (i64)iChild;
  
   finish_scan:
    sqlite3_free(zBuffer);
diff --git a/manifest b/manifest

index aeb02f9bce292d661523f45dcec075e1598ec9ed..6ca5e623da07d21a857a64df99717c2be61e85b6 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C When\sapplying\sthe\soptimization\sthat\sdisables\sWHERE\sclause\sterms\sthat\sdrive\nindexes,\smake\ssure\snot\sto\sdo\sso\sif\sthe\sterm\sbeing\sdisabled\sis\sa\stransitive\nconstraint.\s\sFix\sfor\sthe\sproblem\sidentified\sby\n[forum:forumpost/eb8613976a|forum\spost\seb8613976a].
-D 2021-05-04T23:21:35.526
+C Fix\san\sundefined-integer-overflow\sproblem\sin\sfts3.c.
+D 2021-05-05T11:47:34.391
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -84,7 +84,7 @@ F ext/fts3/README.content b9078d0843a094d86af0d48dffbff13c906702b4c3558012e67b9c
  F ext/fts3/README.syntax a19711dc5458c20734b8e485e75fb1981ec2427a
  F ext/fts3/README.tokenizers b92bdeb8b46503f0dd301d364efc5ef59ef9fa8e2758b8e742f39fa93a2e422d
  F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d
-F ext/fts3/fts3.c 1d80d0a1e53ce5e7316e1379969c842079c46237369e131fd378288e64ebbf5f
+F ext/fts3/fts3.c 95f55e24550c01c2a325d09c9ea8fdff61e923a4675f8545b28bf3c470e57dfb
  F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe
  F ext/fts3/fts3Int.h bde280294d56ff50ee29d03e5140f0b6953b44d1c969bb5831e8ae85e3e76715
  F ext/fts3/fts3_aux.c 1af58af8f2b00a49f4fb1c2602f8da2054ad60076f46c8ebf85c5410eccccb65
@@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 625fb253eecd6c10fce5d0127d516361df0c1d1661502b396fc418dcdb4ae999
-R fc9428e1e84cc459623c4cb5fd643660
-U drh
-Z 77c8f6fc1b9f65abd817f039fe767b40
+P f1f9b5de3c59489b94963685660b3ddc45eece5535b02fec399b6ece0e38563d
+R 3eb42cf1a3ad75d68c55702010a6c049
+U dan
+Z eb102c3d91184be0441ddd1aaca152a2
diff --git a/manifest.uuid b/manifest.uuid

index ca5460c1c5af0b027c7de1ad8899c27d505e75c8..ad7aa86c4d849a07dd37c9a3c08a369c2dcc5374 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-f1f9b5de3c59489b94963685660b3ddc45eece5535b02fec399b6ece0e38563d
-\ No newline at end of file
+a0bf931bd712037e44e8d7cac3c00a6715c1b451f222bad3184d3ecab1a4c7f4
+\ No newline at end of file
author	dan <Dan Kennedy>
	Wed, 5 May 2021 11:47:34 +0000 (11:47 +0000)
committer	dan <Dan Kennedy>
	Wed, 5 May 2021 11:47:34 +0000 (11:47 +0000)
ext/fts3/fts3.c		patch \| blob \| blame \| history
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history