fts5SegIterNextPage(p, pIter);
pLeaf = pIter->pLeaf;
if( pLeaf==0 ) break;
- if( (iOff = fts5GetU16(&pLeaf->p[0])) ){
+ if( (iOff = fts5GetU16(&pLeaf->p[0])) && iOff<pLeaf->n ){
iOff += sqlite3Fts5GetVarint(&pLeaf->p[iOff], (u64*)&pIter->iRowid);
pIter->iLeafOffset = iOff;
}
pIter->iLeafOffset = iOff;
bNewTerm = 1;
}
+ if( iOff>=pLeaf->n ){
+ p->rc = FTS5_CORRUPT;
+ return;
+ }
}
}
int h;
int bGe = (flags & FTS5INDEX_QUERY_SCAN);
int bDlidx = 0; /* True if there is a doclist-index */
+ Fts5Data *pLeaf;
assert( bGe==0 || (flags & FTS5INDEX_QUERY_DESC)==0 );
assert( pTerm && nTerm );
pIter->iLeafPgno = iPg - 1;
fts5SegIterNextPage(p, pIter);
- if( pIter->pLeaf ){
+ if( (pLeaf = pIter->pLeaf) ){
int res;
- pIter->iLeafOffset = fts5GetU16(&pIter->pLeaf->p[2]);
- fts5SegIterLoadTerm(p, pIter, 0);
- fts5SegIterLoadNPos(p, pIter);
- do {
- res = fts5BufferCompareBlob(&pIter->term, pTerm, nTerm);
- if( res>=0 ) break;
- fts5SegIterNext(p, pIter, 0);
- }while( pIter->pLeaf && p->rc==SQLITE_OK );
-
- if( bGe==0 && res ){
- /* Set iterator to point to EOF */
- fts5DataRelease(pIter->pLeaf);
- pIter->pLeaf = 0;
+ pIter->iLeafOffset = fts5GetU16(&pLeaf->p[2]);
+ if( pIter->iLeafOffset<4 || pIter->iLeafOffset>=pLeaf->n ){
+ p->rc = FTS5_CORRUPT;
+ }else{
+ fts5SegIterLoadTerm(p, pIter, 0);
+ fts5SegIterLoadNPos(p, pIter);
+ do {
+ res = fts5BufferCompareBlob(&pIter->term, pTerm, nTerm);
+ if( res>=0 ) break;
+ fts5SegIterNext(p, pIter, 0);
+ }while( pIter->pLeaf && p->rc==SQLITE_OK );
+
+ if( bGe==0 && res ){
+ /* Set iterator to point to EOF */
+ fts5DataRelease(pIter->pLeaf);
+ pIter->pLeaf = 0;
+ }
}
}
int nSegment, /* Number of segments to merge (iLevel>=0) */
Fts5MultiSegIter **ppOut /* New object */
){
- int nSeg; /* Number of segment-iters in use */
+ int nSeg = 0; /* Number of segment-iters in use */
int iIter = 0; /* */
int iSeg; /* Used to iterate through segments */
Fts5StructureLevel *pLvl;
if( pLeaf ){
i64 iRowid;
int iRowidOff = fts5GetU16(&pLeaf->p[0]);
- fts5GetVarint(&pLeaf->p[iRowidOff], (u64*)&iRowid);
- if( iRowid!=fts5DlidxIterRowid(pDlidx) ) p->rc = FTS5_CORRUPT;
+ if( iRowidOff>=pLeaf->n ){
+ p->rc = FTS5_CORRUPT;
+ }else{
+ fts5GetVarint(&pLeaf->p[iRowidOff], (u64*)&iRowid);
+ if( iRowid!=fts5DlidxIterRowid(pDlidx) ) p->rc = FTS5_CORRUPT;
+ }
fts5DataRelease(pLeaf);
}
}
-C Merge\schanges\sto\sget\sFTS5\sworking\swith\sMSVC.
-D 2015-06-26T17:10:12.989
+C Fix\ssome\scases\sin\sthe\sfts5\scode\swhere\sa\scorrupt\sdatabase\scould\scause\sa\sbuffer\soverread.
+D 2015-06-26T18:50:29.818
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
F Makefile.in 285a0a234ed7610d431d91671c136098c2bd86a9
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
F ext/fts5/fts5_config.c d40da53f5e94214c553b2af3d6fd9aebac5f3f05
F ext/fts5/fts5_expr.c 3386ab0a71dbab7e1259c3b16d6113c97d14123e
F ext/fts5/fts5_hash.c c1cfdb2cae0fad00b06fae38a40eaf9261563ccc
-F ext/fts5/fts5_index.c 0c5a5218eb9fddd65c7d5bbad72c383d102c9648
+F ext/fts5/fts5_index.c ad32235180757f182050b8d24c9dbe61056385d2
F ext/fts5/fts5_main.c c5b2a219d65967c07fd1bc8fd45206863a2fe360
F ext/fts5/fts5_storage.c 3e672a0d35f63979556903861b324e7b8932cecc
F ext/fts5/fts5_tcl.c b82f13f73a30f0959f539743f8818bece994a970
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P c91a93b343b4d3b1a19afdb5d23d1c508f9779d2 bfcd16089cf8c65130c011a9718bf7812685c841
-R 297861c6724b6a9194bdf2ab25858763
-T +closed bfcd16089cf8c65130c011a9718bf7812685c841
-U mistachkin
-Z d2f82b98bab3ebc4b4555fb7502228b7
+P 954231d29d60460d423ecb132bbfb725b0ea375a
+R f24cf4dc2b8231a9cc4f2e0f89642df3
+U dan
+Z eeb5dd5cce2b08a289c0b394982d9461
projects / thirdparty / sqlite.git / commitdiff
