Fix a buffer overread in the fts5_structure virtual table (test code).

FossilOrigin-Name: b837aff79cd159061b46af59eaf96a1a1920eeece27e9e27931cf3387068d96a

diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index e46840c2e852ff7248cf16a3071d5a42d670babf..6ea9d9f88f3a16cdd5bed80f400e582413217318 100644 (file)
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -8092,15 +8092,16 @@ static int fts5structCloseMethod(sqlite3_vtab_cursor *cur){
 */
 static int fts5structNextMethod(sqlite3_vtab_cursor *cur){
   Fts5StructVcsr *pCsr = (Fts5StructVcsr*)cur;
+  Fts5Structure *p = pCsr->pStruct;
 
   assert( pCsr->pStruct );
   pCsr->iSeg++;
   pCsr->iRowid++;
-  while( pCsr->iSeg>=pCsr->pStruct->aLevel[pCsr->iLevel].nSeg ){
+  while( pCsr->iLevel<p->nLevel && pCsr->iSeg>=p->aLevel[pCsr->iLevel].nSeg ){
     pCsr->iLevel++;
     pCsr->iSeg = 0;
   }
-  if( pCsr->iLevel>=pCsr->pStruct->nLevel ){
+  if( pCsr->iLevel>=p->nLevel ){
     fts5StructureRelease(pCsr->pStruct);
     pCsr->pStruct = 0;
   }

diff --git a/manifest b/manifest
index 6986817d2d41b52c602506d399ce1ecc54a4937c..5734a3a0ae6b27c004596374cc2ee1ce4720f8c7 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Simplification\sto\sthe\ssqlite3_stmt_explain()\simplementation.
-D 2023-07-29T17:05:35.577
+C Fix\sa\sbuffer\soverread\sin\sthe\sfts5_structure\svirtual\stable\s(test\scode).
+D 2023-07-29T20:13:19.050
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -92,7 +92,7 @@ F ext/fts5/fts5_buffer.c 3001fbabb585d6de52947b44b455235072b741038391f830d6b7292
 F ext/fts5/fts5_config.c 054359543566cbff1ba65a188330660a5457299513ac71c53b3a07d934c7b081
 F ext/fts5/fts5_expr.c 2473c13542f463cae4b938c498d6193c90d38ea1a2a4f9849c0479736e50d24d
 F ext/fts5/fts5_hash.c 65e7707bc8774706574346d18c20218facf87de3599b995963c3e6d6809f203d
-F ext/fts5/fts5_index.c a4e35cd126c19df66887801db15ccae7290b51129add3d4cdd31e2d9ea240398
+F ext/fts5/fts5_index.c 9f7a24e206072b9deda2b9b6eec8d162128486d1dfad2ada92116faecc623cc8
 F ext/fts5/fts5_main.c 2f87ee44fdb21539c264541149f07f70e065d58f37420063e5ddef80ba0f5ede
 F ext/fts5/fts5_storage.c 3c9b41fce41b6410f2e8f82eb035c6a29b2560483f773e6dc98cf3cb2e4ddbb5
 F ext/fts5/fts5_tcl.c b1445cbe69908c411df8084a10b2485500ac70a9c747cdc8cda175a3da59d8ae
@@ -2049,8 +2049,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 3848f04e542e2f0f8975e82632af598aac3b60312bd244b0472f7ddf1dda77df
-R e759fdc886a125e6d3d4d4dcc3b27f36
-U drh
-Z 8ab9c0b6287b81d079ea01ec27d5783d
+P dd5eb4c7f71c658aff8c2f11ff163c5e79f0ebfd49fd13ca8e28381fe63cc82f
+R 0b6893e373afada2996a2e53d25def3d
+U dan
+Z f4778f5c18f1cf158f159587c61f699b
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index 7b9e2b1b5f6f9131a33456c999e17d8ba0fbc230..bf918f42e84cc79d318f23a839390f5a9b2cb35a 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-dd5eb4c7f71c658aff8c2f11ff163c5e79f0ebfd49fd13ca8e28381fe63cc82f
\ No newline at end of file
+b837aff79cd159061b46af59eaf96a1a1920eeece27e9e27931cf3387068d96a
\ No newline at end of file