Fix a couple of crashes in fts3 that can occur if the database contents are inconsistent.

FossilOrigin-Name: 811e12cddfb3246c6cf3d5085bd9b72b12e05550

diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index 106f7b37bb75ae351758664cec42a404801060f5..61def9993a78e9bb927a8bc5e6b211037198b4bb 100644 (file)
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -1102,25 +1102,28 @@ int sqlite3Fts3SegReaderCost(
       ** to right.
       */
       sqlite3_stmt *pStmt;
-      rc = fts3SqlStmt(p, SQL_SELECT_DOCTOTAL, &pStmt, 0);
+      sqlite3_int64 nDoc = 0;
+      sqlite3_int64 nByte = 0;
+      const char *a;
+      rc = sqlite3Fts3SelectDoctotal(p, &pStmt);
       if( rc ) return rc;
-      if( sqlite3_data_count(pStmt) || sqlite3_step(pStmt)==SQLITE_ROW ){
-        sqlite3_int64 nDoc = 0;
-        sqlite3_int64 nByte = 0;
-        const char *a = sqlite3_column_blob(pStmt, 0);
-        if( a ){
-          const char *pEnd = &a[sqlite3_column_bytes(pStmt, 0)];
-          a += sqlite3Fts3GetVarint(a, &nDoc);
-          while( a<pEnd ){
-            a += sqlite3Fts3GetVarint(a, &nByte);
-          }
+      a = sqlite3_column_blob(pStmt, 0);
+      if( a ){
+        const char *pEnd = &a[sqlite3_column_bytes(pStmt, 0)];
+        a += sqlite3Fts3GetVarint(a, &nDoc);
+        while( a<pEnd ){
+          a += sqlite3Fts3GetVarint(a, &nByte);
         }
-
-        pCsr->nRowAvg = (int)(((nByte / nDoc) + pgsz) / pgsz);
-        assert( pCsr->nRowAvg>0 ); 
       }
+      if( nDoc==0 || nByte==0 ){
+        sqlite3_reset(pStmt);
+        return SQLITE_CORRUPT;
+      }
+
+      pCsr->nRowAvg = (int)(((nByte / nDoc) + pgsz) / pgsz);
+      assert( pCsr->nRowAvg>0 ); 
       rc = sqlite3_reset(pStmt);
-      if( rc!=SQLITE_OK || pCsr->nRowAvg==0 ) return rc;
+      if( rc!=SQLITE_OK ) return rc;
     }
 
     /* Assume that a blob flows over onto overflow pages if it is larger

diff --git a/manifest b/manifest
index f6a6ce4aa784ebdae791a91fbaf754ad84cf5075..4753dfeee51e8d18aa9ecbdd08a9879459494e90 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\ssegfault\sthat\scan\soccur\sin\smatchinfo\sif\san\sfts4\stable\scontains\smostly\szero-length\sdocuments.\sSpecifically,\sif\sthe\stable\scontains\smore\srows\sthan\sit\sdoes\sbytes\sof\stext.
-D 2011-01-13T10:58:27
+C Fix\sa\scouple\sof\scrashes\sin\sfts3\sthat\scan\soccur\sif\sthe\sdatabase\scontents\sare\sinconsistent.
+D 2011-01-13T11:20:04
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in de6498556d536ae60bb8bb10e8c1ba011448658c
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -73,7 +73,7 @@ F ext/fts3/fts3_snippet.c 196c5e6cde57bfc1907c2d60e9c29590e4f93fb6
 F ext/fts3/fts3_tokenizer.c 055f3dc7369585350b28db1ee0f3b214dca6724d
 F ext/fts3/fts3_tokenizer.h 13ffd9fcb397fec32a05ef5cd9e0fa659bf3dbd3
 F ext/fts3/fts3_tokenizer1.c 6e5cbaa588924ac578263a598e4fb9f5c9bb179d
-F ext/fts3/fts3_write.c 9f3545ae27c13553a6f433fa0ec260fe8bf0cf2f
+F ext/fts3/fts3_write.c 3eea26b9ca4219e1711b0db74fd5a9d448a6afbb
 F ext/fts3/fts3speed.tcl b54caf6a18d38174f1a6e84219950d85e98bb1e9
 F ext/fts3/mkfts3amal.tcl 252ecb7fe6467854f2aa237bf2c390b74e71f100
 F ext/icu/README.txt bf8461d8cdc6b8f514c080e4e10dc3b2bbdfefa9
@@ -450,7 +450,7 @@ F test/fts3expr.test 5e745b2b6348499d9ef8d59015de3182072c564c
 F test/fts3expr2.test 18da930352e5693eaa163a3eacf96233b7290d1a
 F test/fts3fault.test f83e556465bb69dc8bc676339eca408dce4ca246
 F test/fts3malloc.test 9c8cc3f885bb4dfc66d0460c52f68f45e4710d1b
-F test/fts3matchinfo.test 32e31467963698cc7fa311e9a61f99d7d06cf72b
+F test/fts3matchinfo.test cc0b009edbbf575283d5fdb53271179e0d8019ba
 F test/fts3near.test 2e318ee434d32babd27c167142e2b94ddbab4844
 F test/fts3query.test ef79d31fdb355d094baec1c1b24b60439a1fb8a2
 F test/fts3rnd.test 2b1a579be557ab8ac54a51b39caa4aa8043cc4ad
@@ -895,7 +895,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
-P 114640d920e16c85de90b19d53c485135875de5b
-R f5eb10b21437fad711a6b9be4e7a8db9
+P fe9047668eaaf76e7aa1ef1f32dec7c7c4226e45
+R 92da6ba399b108dc3885073a225af042
 U dan
-Z a737930e0e8a10b4bde0b31ffbd88e53
+Z 1a6f8ebc8ef3ebfc6cb5f32bb01c2e00

diff --git a/manifest.uuid b/manifest.uuid
index 2d44df5bca80fe383c7ad5e0ab0c44791e0fa7d3..6f0b1a326a3a57d72d033cf47c0c465a1b91d7de 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-fe9047668eaaf76e7aa1ef1f32dec7c7c4226e45
\ No newline at end of file
+811e12cddfb3246c6cf3d5085bd9b72b12e05550
\ No newline at end of file

diff --git a/test/fts3matchinfo.test b/test/fts3matchinfo.test
index bfa704080feeb8157928fd42dd772caa882a934d..8f194e72cb38f078472393041643557474b4dca5 100644 (file)
--- a/test/fts3matchinfo.test
+++ b/test/fts3matchinfo.test
@@ -364,5 +364,21 @@ do_execsql_test 8.3 {
   SELECT mit(matchinfo(t11, 'nxa')) FROM t11 WHERE t11 MATCH 'a*'
 } {{204 1 3 3 0} {204 1 3 3 0} {204 1 3 3 0}}
 
+# Corruption related tests.
+do_execsql_test  8.4.1.1 { UPDATE t11_stat SET value = X'0000'; }
+do_catchsql_test 8.5.1.2 {
+  SELECT mit(matchinfo(t11, 'nxa')) FROM t11 WHERE t11 MATCH 'a*'
+} {1 {database disk image is malformed}}
+
+do_execsql_test  8.4.2.1 { UPDATE t11_stat SET value = X'00'; }
+do_catchsql_test 8.5.2.2 {
+  SELECT mit(matchinfo(t11, 'nxa')) FROM t11 WHERE t11 MATCH 'a*'
+} {1 {database disk image is malformed}}
+
+do_execsql_test  8.4.3.1 { UPDATE t11_stat SET value = NULL; }
+do_catchsql_test 8.5.3.2 {
+  SELECT mit(matchinfo(t11, 'nxa')) FROM t11 WHERE t11 MATCH 'a*'
+} {1 {database disk image is malformed}}
+
 finish_test