Fix a one byte buffer overread in fts3.

FossilOrigin-Name: 6e3e014af91601ed1f3a9cbe23f7c4260a4d177f

diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index 4176d933d193673b738df9701f02cb0951d36295..48a4847f363d472c3ff7804fa311dd9c6131a04a 100644 (file)
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -1037,7 +1037,12 @@ static void fts3PutDeltaVarint(
 
 /*
 ** When this function is called, *ppPoslist is assumed to point to the 
-** start of a position-list.
+** start of a position-list. After it returns, *ppPoslist points to the
+** first byte after the position-list.
+**
+** If pp is not NULL, then the contents of the position list are copied
+** to *pp. *pp is set to point to the first byte past the last byte copied
+** before this function returns.
 */
 static void fts3PoslistCopy(char **pp, char **ppPoslist){
   char *pEnd = *ppPoslist;
@@ -2181,7 +2186,9 @@ char *sqlite3Fts3FindPositions(
     while( pCsr<pEnd ){
       if( pExpr->iCurrent<iDocid ){
         fts3PoslistCopy(0, &pCsr);
-        fts3GetDeltaVarint(&pCsr, &pExpr->iCurrent);
+        if( pCsr<pEnd ){
+          fts3GetDeltaVarint(&pCsr, &pExpr->iCurrent);
+        }
         pExpr->pCurrent = pCsr;
       }else{
         if( pExpr->iCurrent==iDocid ){

diff --git a/manifest b/manifest
index 0d4e7787abc67a6bd30b48b96a0ce49f60acdbf7..016332a3eedfef18e766d3948a242d4d4fe9b007 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Modify\sthe\svdbe\sso\sthat\sthe\scomparison\soperator\sopcodes\sdo\snot\smodify\sthe\sdata\stype\sof\soperands.\sFix\sfor\s[aa92c76cd4].
-D 2010-03-05T16:32:12
+C Fix\sa\sone\sbyte\sbuffer\soverread\sin\sfts3.
+D 2010-03-05T17:27:02
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 4f2f967b7e58a35bb74fb7ec8ae90e0f4ca7868b
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -56,7 +56,7 @@ F ext/fts2/mkfts2amal.tcl 974d5d438cb3f7c4a652639262f82418c1e4cff0
 F ext/fts3/README.syntax a19711dc5458c20734b8e485e75fb1981ec2427a
 F ext/fts3/README.tokenizers 998756696647400de63d5ba60e9655036cb966e9
 F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d
-F ext/fts3/fts3.c c7a20cf4c2e9fa22c9f304bece60f466b4d92589
+F ext/fts3/fts3.c 15ca4d9baf2ca6efa132bc8afdc62911deb5a83e
 F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe
 F ext/fts3/fts3Int.h df812ef35f1b47a44ec68a44ec0c2a769c973d85
 F ext/fts3/fts3_expr.c f4ff02ebe854e97ac03ff00b38b728a9ab57fd4b
@@ -792,7 +792,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
-P 27413fc8dd52b754b4be9344a66bb9e0d752d48e
-R f2ab83c256285b8820ce8d6baa7f32be
+P 8858042fa1449516a2c7dbb991dca3eb6c5794cb
+R 8a9e89b47a06ff6e530c432a233196bb
 U dan
-Z 19b361fab49c5821c8736e06dd81041c
+Z 5bdb78b3531af14f46db30fbad40b790

diff --git a/manifest.uuid b/manifest.uuid
index 54fbd9da25d484bfbfa5bcae9971b416670029a5..479e58f5240ee080f54886468609e17b68fbf79d 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-8858042fa1449516a2c7dbb991dca3eb6c5794cb
\ No newline at end of file
+6e3e014af91601ed1f3a9cbe23f7c4260a4d177f
\ No newline at end of file