Ensure that a key comparison does not read a collating sequence past the

author drh <drh@noemail.net>

Tue, 22 Jan 2019 02:34:35 +0000 (02:34 +0000)

committer drh <drh@noemail.net>

Tue, 22 Jan 2019 02:34:35 +0000 (02:34 +0000)
author drh <drh@noemail.net>
Tue, 22 Jan 2019 02:34:35 +0000 (02:34 +0000)
committer drh <drh@noemail.net>
Tue, 22 Jan 2019 02:34:35 +0000 (02:34 +0000)
diff --git a/manifest b/manifest

index ce5d58bd974db0803f701e0236b927f50e820fec..b5b6515872fa2ab103a0530053d55802a3689151 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Enhance\sthe\sbtree\ssearch\sroutine\sso\sthat\sit\sdoes\searly\sdetection\sof\s\nimpossibly\slarge\skeys\sand\sthereby\savoids\sa\slarge\smalloc()\scall.
-D 2019-01-21T23:18:22.833
+C Ensure\sthat\sa\skey\scomparison\sdoes\snot\sread\sa\scollating\ssequence\spast\sthe\nend\sof\sthe\sKeyInfo,\seven\sif\sthe\skey\sfield\sof\san\sindex\sis\scorrupted\sby\shaving\na\sstring\sin\sthe\slast\scolumn\sinstead\sof\sthe\sROWID.
+D 2019-01-22T02:34:35.566
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F Makefile.in 0e7c107ebcaff26681bc5bcf017557db85aa828d6f7fd652d748b7a78072c298
@@ -589,7 +589,7 @@ F src/vdbe.c 090d40c688b56b4602fb196a78e9d17213f381984258131c1e8f665636ca35ac
  F src/vdbe.h 712bca562eaed1c25506b9faf9680bdc75fc42e2f4a1cd518d883fa79c7a4237
  F src/vdbeInt.h a76d5eed62c76bcd8de7afd3147fac1bc40c5a870582664bcd7d071ef437c37f
  F src/vdbeapi.c 57a2d794a8833f269b878dbc24e955369bdb379af6c4e93ebc5ce1a20fa3daf4
-F src/vdbeaux.c c0c3c0820cd4f85f449876a068258f0691c5dbaa5b3f9e3dfa652f56ec101578
+F src/vdbeaux.c f6cd3f538697aff71f1ef92a769feb18173eb9df80372f570d741a237ea30628
  F src/vdbeblob.c f5c70f973ea3a9e915d1693278a5f890dc78594300cf4d54e64f2b0917c94191
  F src/vdbemem.c 7b3305bc4a5139f4536ac9b5f61da0f915e49d2e3fdfa87dfdfa9d7aba8bc1e9
  F src/vdbesort.c 90aad5a92608f2dd771c96749beabdb562c9d881131a860a7a5bccf66dc3be7f
@@ -1801,7 +1801,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 505ed9a47825240979338a24044559613fbbd2a7850bdff70c7164da054ec63d
-R e2e2c083d84dd4ed74c396601ff8b668
+P 3ecaaee69f49e43d38047b7d53b82689eba7f7d33541fcac3c32b6dc8a568458
+R f385ece7541b622a43ba00abbbceac4f
  U drh
-Z e752d990073956697e5a14d1f923521d
+Z 76c735b46ba59f636dafee5ffda43520
diff --git a/manifest.uuid b/manifest.uuid

index eaf6920801154952d28bb3e297f6944ddc35e565..cea1bb0d78b4af848c5d0a8c4423754b9a547430 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-3ecaaee69f49e43d38047b7d53b82689eba7f7d33541fcac3c32b6dc8a568458
-\ No newline at end of file
+058a8006dceda78a894ea9446f057aa60b6d38e96506d4d91bda0ee2f9314ba3
+\ No newline at end of file
diff --git a/src/vdbeaux.c b/src/vdbeaux.c

index 57b3db8c1abfb119301f31aece28ed5d355fa26a..a8e337ae3c0853832fa46aee9c776dfcbd428eec 100644 (file)
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -3902,7 +3902,8 @@ static int vdbeRecordCompareDebug(
  
      /* Do the comparison
      */
-    rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i], pKeyInfo->aColl[i]);
+    rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i],
+                           pKeyInfo->nAllField>i ? pKeyInfo->aColl[i] : 0);
      if( rc!=0 ){
        assert( mem1.szMalloc==0 );  /* See comment below */
        if( pKeyInfo->aSortOrder[i] ){
@@ -4333,10 +4334,12 @@ int sqlite3VdbeRecordCompareWithSkip(
          mem1.n = (serial_type - 12) / 2;
          testcase( (d1+mem1.n)==(unsigned)nKey1 );
          testcase( (d1+mem1.n+1)==(unsigned)nKey1 );
-        if( (d1+mem1.n) > (unsigned)nKey1 ){
+        if( (d1+mem1.n) > (unsigned)nKey1
+         || (pKeyInfo = pPKey2->pKeyInfo)->nAllField<=i
+        ){
            pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
            return 0;                /* Corruption */
-        }else if( (pKeyInfo = pPKey2->pKeyInfo)->aColl[i] ){
+        }else if( pKeyInfo->aColl[i] ){
            mem1.enc = pKeyInfo->enc;
            mem1.db = pKeyInfo->db;
            mem1.flags = MEM_Str;
author	drh <drh@noemail.net>
	Tue, 22 Jan 2019 02:34:35 +0000 (02:34 +0000)
committer	drh <drh@noemail.net>
	Tue, 22 Jan 2019 02:34:35 +0000 (02:34 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/vdbeaux.c		patch \| blob \| blame \| history