Fix a buffer overread that could occur when running fts5 prefix queries inside a...

author dan <dan@noemail.net>

Mon, 18 Mar 2019 15:49:07 +0000 (15:49 +0000)

committer dan <dan@noemail.net>

Mon, 18 Mar 2019 15:49:07 +0000 (15:49 +0000)
author dan <dan@noemail.net>
Mon, 18 Mar 2019 15:49:07 +0000 (15:49 +0000)
committer dan <dan@noemail.net>
Mon, 18 Mar 2019 15:49:07 +0000 (15:49 +0000)
diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c

index 249611a30914e37863a39ae6ad6aa9215debd7fe..13a2f8136f1b84ef308ec08304c57941f5d021c5 100644 (file)
--- a/ext/fts5/fts5_hash.c
+++ b/ext/fts5/fts5_hash.c
@@ -456,7 +456,9 @@ static int fts5HashEntrySort(
    for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
      Fts5HashEntry *pIter;
      for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
-      if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){
+      if( pTerm==0 
+       || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm))
+      ){
          Fts5HashEntry *pEntry = pIter;
          pEntry->pScanNext = 0;
          for(i=0; ap[i]; i++){
diff --git a/ext/fts5/test/fts5aa.test b/ext/fts5/test/fts5aa.test

index 740b663f5f563e151ec7edeb1c4c227dd0d3cde4..59ce4f6a1fd5d549e25b0e7a6d34eb34fcea0a53 100644 (file)
--- a/ext/fts5/test/fts5aa.test
+++ b/ext/fts5/test/fts5aa.test
@@ -622,6 +622,19 @@ do_execsql_test 24.3 {
      SELECT * FROM t12('aaaa');
  } {aaaa}
  
+#-------------------------------------------------------------------------
+do_execsql_test 25.0 {
+  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
+}
+do_execsql_test 25.1 {
+  BEGIN;
+  INSERT INTO t13 VALUES('AAAA');
+SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');
+
+  END;
+}
+
+
  }
  
  expand_all_sql db
diff --git a/manifest b/manifest

index 02326ab7fbcbb85dbcb58fd01572d28839d296f5..898d3e70aaec4f28164ccd132d36db183c0f0325 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\san\sfts5\sproblem\swith\sinterleaving\sreads\sand\swrites\sin\sa\ssingle\stransaction.
-D 2019-03-18T15:23:20.535
+C Fix\sa\sbuffer\soverread\sthat\scould\soccur\swhen\srunning\sfts5\sprefix\squeries\sinside\sa\stransaction.
+D 2019-03-18T15:49:07.421
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F Makefile.in 236d2739dc3e823c3c909bca2d6cef93009bafbefd7018a8f3281074ecb92954
@@ -114,7 +114,7 @@ F ext/fts5/fts5_aux.c afe8c2394cf6de2a48f278442f4f4342365bf99a5983709ef8e6955c2c
  F ext/fts5/fts5_buffer.c 2e750cd4c0d456d4e1a8dcc649382708422b535dc32b375fd3d3306fb9727046
  F ext/fts5/fts5_config.c eeec97cb0237991e7fa3bbae07b5cc354e3f238b661200c11228fe167c18f882
  F ext/fts5/fts5_expr.c 188d1dca5a262a0708efc5deb809f1aa6ecea4158986a439d2670cfe72d10b65
-F ext/fts5/fts5_hash.c 85e9a268fc2503150684d9f5d0f0e0011b2b72fb4dc3e520baca728e071b7c1c
+F ext/fts5/fts5_hash.c c27852a632e3cacf40cd8262afbf019f32a3d67d948c27225ecdede6ab6ae3e7
  F ext/fts5/fts5_index.c 39b59af94153bbac8ae5419700410518db54ff8a7a73b4e43cf2d69b797e7546
  F ext/fts5/fts5_main.c 95d63bbe6075955961e56878c3a8705dc475c2b17f5c767f7b8af14093ae614b
  F ext/fts5/fts5_storage.c 57e3f2b1a612961a27c944d6b8821028ec5fdb541d7e6b841785003ac3b0b43a
@@ -128,7 +128,7 @@ F ext/fts5/fts5_vocab.c 906dff069840347e68f654b12ca60a53a27cd1780daf155fbe7dd331
  F ext/fts5/fts5parse.y eb526940f892ade5693f22ffd6c4f2702543a9059942772526eac1fde256bb05
  F ext/fts5/mkportersteps.tcl 5acf962d2e0074f701620bb5308155fa1e4a63ba
  F ext/fts5/test/fts5_common.tcl b01c584144b5064f30e6c648145a2dd6bc440841
-F ext/fts5/test/fts5aa.test 9fa16772f8afc7821c2ffcf689ea380a42301c40cc729b917e2c31b96f7f97c6
+F ext/fts5/test/fts5aa.test 5bd43427b7d08ce2e19c488a26534be450538b9232d4d5305049e8de236e9aa9
  F ext/fts5/test/fts5ab.test 9205c839332c908aaad2b01ab8670ece8b161e8f2ec8a9fabf18ca9385880bb7
  F ext/fts5/test/fts5ac.test a7aa7e1fefc6e1918aa4d3111d5c44a09177168e962c5fd2cca9620de8a7ed6d
  F ext/fts5/test/fts5ad.test e8cf959dfcd57c8e46d6f5f25665686f3b6627130a9a981371dafdf6482790de
@@ -1806,7 +1806,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P c2f50aa4e7bad8821e91a7490283dd53e44047d10a8cfebc3e2da26c770a5218
-R e1294a4d68e9e2b2c1e9a05964bb8a73
+P 45c73deb440496e848cb24d4c1326d4105dacfee8bbafb115e567051855e6518
+R b354eb3ae18e41b071f475cec31f366e
  U dan
-Z ec4431dd5f6da3d8229eeb3b3dd00227
+Z 954dac95c3ff1d08e258c4cd7bd14b56
diff --git a/manifest.uuid b/manifest.uuid

index bea8961d56c29bc866dfe1915c10d36cf1694f31..a2b0f52a9d914b9da0983c2794aef497df5d5ce8 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-45c73deb440496e848cb24d4c1326d4105dacfee8bbafb115e567051855e6518
-\ No newline at end of file
+b3fa58dd7403dbd4d2e9f3ae23d7d1337830d6fef2aa2f137ac5174de0d5828e
+\ No newline at end of file
author	dan <dan@noemail.net>
	Mon, 18 Mar 2019 15:49:07 +0000 (15:49 +0000)
committer	dan <dan@noemail.net>
	Mon, 18 Mar 2019 15:49:07 +0000 (15:49 +0000)
ext/fts5/fts5_hash.c		patch \| blob \| blame \| history
ext/fts5/test/fts5aa.test		patch \| blob \| blame \| history
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history