Fix a problem handling 'NEAR("" token)' in fts5 found by fuzzing.

author dan <dan@noemail.net>

Sat, 12 Mar 2016 19:33:47 +0000 (19:33 +0000)

committer dan <dan@noemail.net>

Sat, 12 Mar 2016 19:33:47 +0000 (19:33 +0000)
author dan <dan@noemail.net>
Sat, 12 Mar 2016 19:33:47 +0000 (19:33 +0000)
committer dan <dan@noemail.net>
Sat, 12 Mar 2016 19:33:47 +0000 (19:33 +0000)
diff --git a/ext/fts5/fts5_expr.c b/ext/fts5/fts5_expr.c

index 153d1c64721d33c69f3c83720f425998ca87d1e4..26ee3f9472945fb847a2fc4ec4540bb58ed4b148 100644 (file)
--- a/ext/fts5/fts5_expr.c
+++ b/ext/fts5/fts5_expr.c
@@ -1445,6 +1445,21 @@ Fts5ExprNearset *sqlite3Fts5ParseNearset(
      sqlite3Fts5ParseNearsetFree(pNear);
      sqlite3Fts5ParsePhraseFree(pPhrase);
    }else{
+    if( pRet->nPhrase>0 ){
+      Fts5ExprPhrase *pLast = pRet->apPhrase[pRet->nPhrase-1];
+      assert( pLast==pParse->apPhrase[pParse->nPhrase-2] );
+      if( pPhrase->nTerm==0 ){
+        fts5ExprPhraseFree(pPhrase);
+        pRet->nPhrase--;
+        pParse->nPhrase--;
+        pPhrase = pLast;
+      }else if( pLast->nTerm==0 ){
+        fts5ExprPhraseFree(pLast);
+        pParse->apPhrase[pParse->nPhrase-2] = pPhrase;
+        pParse->nPhrase--;
+        pRet->nPhrase--;
+      }
+    }
      pRet->apPhrase[pRet->nPhrase++] = pPhrase;
    }
    return pRet;
diff --git a/ext/fts5/test/fts5fuzz1.test b/ext/fts5/test/fts5fuzz1.test

index 638620d02583d84e9cfa665290a91e9417dd618a..326229181d00555015fef5ebb86351a426cd68ee 100644 (file)
--- a/ext/fts5/test/fts5fuzz1.test
+++ b/ext/fts5/test/fts5fuzz1.test
@@ -59,11 +59,11 @@ do_execsql_test 2.4 {
  
  do_execsql_test 2.5 {
    SELECT a, b FROM f1('NEAR("" c, 5)');
-} {}
+} {{a b} {c d}}
  
  do_execsql_test 2.6 {
    SELECT a, b FROM f1('NEAR("" c d, 5)');
-} {}
+} {{a b} {c d}}
  
  do_execsql_test 2.7 {
    SELECT a, b FROM f1('NEAR(c d, 5)');
diff --git a/manifest b/manifest

index b9bfda53ca445ec73e744bdb6f692ce6a774d827..4616625054a6c64dc888d96ab145daec5cc0842f 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\shandling\sof\sstrings\sthat\scontain\szero\stokens\sin\sfts5.\sAnd\sother\sproblems\sfound\sby\sfuzzing.
-D 2016-03-12T16:32:16.002
+C Fix\sa\sproblem\shandling\s'NEAR(""\stoken)'\sin\sfts5\sfound\sby\sfuzzing.
+D 2016-03-12T19:33:47.637
  F Makefile.in f53429fb2f313c099283659d0df6f20f932c861f
  F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
  F Makefile.msc df0bf9ff7f8b3f4dd9fb4cc43f92fe58f6ec5c66
@@ -102,7 +102,7 @@ F ext/fts5/fts5Int.h 4060504b7979601d99e1385c2b5713036854979a
  F ext/fts5/fts5_aux.c daa57fb45216491814520bbb587e97bf81ced458
  F ext/fts5/fts5_buffer.c 4c1502d4c956cd092c89ce4480867f9d8bf325cd
  F ext/fts5/fts5_config.c 5af9c360e99669d29f06492c370892394aba0857
-F ext/fts5/fts5_expr.c c4166ba0de2e87c444a7eedc8623e32653138ca0
+F ext/fts5/fts5_expr.c f11757a251346df38c04fd67d0703fbb0c084ef7
  F ext/fts5/fts5_hash.c f3a7217c86eb8f272871be5f6aa1b6798960a337
  F ext/fts5/fts5_index.c d4f0c12e4f04bbc3a06b6da052039f2ce3e45438
  F ext/fts5/fts5_main.c b8501e1a6a11591c53b18ce7aea7e5386cfb0421
@@ -159,7 +159,7 @@ F ext/fts5/test/fts5fault9.test e10e395428a9ea0596ebe752ff7123d16ab78e08
  F ext/fts5/test/fts5faultA.test fa5d59c0ff62b7125cd14eee38ded1c46e15a7ea
  F ext/fts5/test/fts5faultB.test 92ae906284062bf081b6c854afa54dcb1aa9ef88
  F ext/fts5/test/fts5full.test 6f6143af0c6700501d9fd597189dfab1555bb741
-F ext/fts5/test/fts5fuzz1.test 7a6411c39959d8f4cb8f11e840a787e74a3bfbef
+F ext/fts5/test/fts5fuzz1.test 74b638ca214b91614cadb2de14e6269385819e99
  F ext/fts5/test/fts5hash.test 06f9309ccb4d5050a131594e9e47d0b21456837d
  F ext/fts5/test/fts5integrity.test f5e4f8d284385875068ad0f3e894ce43e9de835d
  F ext/fts5/test/fts5matchinfo.test f7dde99697bcb310ea8faa8eb2714d9f4dfc0e1b
@@ -1456,7 +1456,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 74f5d3b07f6e5e977858c73957c6f9337ae3ca3e
-R 561f4a7c15c16c270cfb03e11b79c482
+P 72b3ff0f0df83e62adda6584b4281cf086d45e45
+R f6701c1b7c325b06b9e793bf0b9b6f39
  U dan
-Z 78cc445fb6679cc3e05486871c5dafe8
+Z ac91e536ca766cb3c7d727597fcc6975
diff --git a/manifest.uuid b/manifest.uuid

index 00db2d08b1c3475d044680b14cfc910a9a6d1115..c16d8c43cdee978d209418c97c3db27cea643399 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-72b3ff0f0df83e62adda6584b4281cf086d45e45
-\ No newline at end of file
+10a827ae5f3f322af836c15e581fdc958a433a5a
+\ No newline at end of file
author	dan <dan@noemail.net>
	Sat, 12 Mar 2016 19:33:47 +0000 (19:33 +0000)
committer	dan <dan@noemail.net>
	Sat, 12 Mar 2016 19:33:47 +0000 (19:33 +0000)
ext/fts5/fts5_expr.c		patch \| blob \| blame \| history
ext/fts5/test/fts5fuzz1.test		patch \| blob \| blame \| history
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history