Avoid a buffer overread in fts5 that could occur when parsing corrupt configuration...

author dan <dan@noemail.net>

Tue, 10 Dec 2019 03:40:11 +0000 (03:40 +0000)

committer dan <dan@noemail.net>

Tue, 10 Dec 2019 03:40:11 +0000 (03:40 +0000)
author dan <dan@noemail.net>
Tue, 10 Dec 2019 03:40:11 +0000 (03:40 +0000)
committer dan <dan@noemail.net>
Tue, 10 Dec 2019 03:40:11 +0000 (03:40 +0000)
diff --git a/ext/fts5/fts5_config.c b/ext/fts5/fts5_config.c

index c02d67e7cb6be5298fb71adf40e1eb467788f5a2..ddd2317974e67f559d86f4e36d5c8e8f75b9022f 100644 (file)
--- a/ext/fts5/fts5_config.c
+++ b/ext/fts5/fts5_config.c
@@ -150,7 +150,7 @@ static int fts5Dequote(char *z){
    assert( q=='[' || q=='\'' || q=='"' || q=='`' );
    if( q=='[' ) q = ']';  
  
-  while( ALWAYS(z[iIn]) ){
+  while( z[iIn] ){
      if( z[iIn]==q ){
        if( z[iIn+1]!=q ){
          /* Character iIn was the close quote. */
diff --git a/ext/fts5/test/fts5eb.test b/ext/fts5/test/fts5eb.test

index 6726485f185a36a9a61b7054e50b72f7593f2606..9d6f251ed18df1f9d1b40fcc067d0acbdd62f4b7 100644 (file)
--- a/ext/fts5/test/fts5eb.test
+++ b/ext/fts5/test/fts5eb.test
@@ -75,6 +75,11 @@ do_catchsql_test 2.5 {
    SELECT fts5_expr(NULL, NULL)
  } {1 {parse error in ""}}
  
+for {set i 0} {$i < 255} {incr i} {
+  do_test 2.6.$i {
+    lindex [catchsql {sELECT fts5_expr(NULL, char($i));}] 0
+  } 1
+}
  
  do_execsql_test 3.0 {
    CREATE VIRTUAL TABLE e1 USING fts5(text, tokenize = 'porter unicode61');
diff --git a/manifest b/manifest

index 01039c4e2bc5882e14eba72afec3529c31372566..27007b7a492d85caeb182133242c9be0c75ff0e7 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Set\sthe\saffinity\sof\sregular\scolumns\sprior\sto\scomputing\sthe\svalues\sof\ngenerated\scolumns.\s\sTicket\s[d7c3f125c925c522]
-D 2019-12-10T02:48:41.113
+C Avoid\sa\sbuffer\soverread\sin\sfts5\sthat\scould\soccur\swhen\sparsing\scorrupt\sconfiguration\srecords.
+D 2019-12-10T03:40:11.895
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -113,7 +113,7 @@ F ext/fts5/fts5.h c132a9323f22a972c4c93a8d5a3d901113a6e612faf30ca8e695788438c5ca
  F ext/fts5/fts5Int.h d7cbc214ee167496f70905667e18f73ea0402f7ef09236ce305e117e0efc866a
  F ext/fts5/fts5_aux.c dcc627d8b6e3fc773db528ff67b39955dab7b51628f9dba8e15849e5bedfd7fa
  F ext/fts5/fts5_buffer.c 5a5fe0159752c0fb0a5a93c722e9db2662822709490769d482b76a6dc8aaca70
-F ext/fts5/fts5_config.c aab6117f8f85933e051c66f227414fdcaf7f2313688e16276b895f9d42d28e5c
+F ext/fts5/fts5_config.c b447948f35ad3354e8fe5e242e0a7e7b5b941555400b9404259944e3aa570037
  F ext/fts5/fts5_expr.c 2be456484786333d559dc2987a00f2750981fab91d52db8452a8046278c5f22e
  F ext/fts5/fts5_hash.c 1cc0095646f5f3b46721aa112fb4f9bf29ae175cb5338f89dcec66ed97acfe75
  F ext/fts5/fts5_index.c 99b77ae1f503978ca76985bcfff7345c822aed8bbaa8edb3747f804f614685b5
@@ -165,7 +165,7 @@ F ext/fts5/test/fts5determin.test 1b77879b2ae818b5b71c859e534ee334dac088b7cf3ff3
  F ext/fts5/test/fts5dlidx.test b90852c55881b29dbac6380b274de27beae623ac4b6d567c6c8fb9cdc315a86e
  F ext/fts5/test/fts5doclist.test e39a6001495f1dc68e20323586ac965787986c2bf6f515b9b0285627b089d9e6
  F ext/fts5/test/fts5ea.test b01e3a18cdfabbff8104a96a5242a06a68a998a0
-F ext/fts5/test/fts5eb.test af1cd2d2cdff343bd40fd8ad9278e9161bfca81ad629e5aaa8c60a868b16044f
+F ext/fts5/test/fts5eb.test 239bb2f02571f8cccfc7018d08f502df1cd8cc6a69b65ed1dde5f6a070e3f669
  F ext/fts5/test/fts5fault1.test d28a65caee75db6897c3cf1358c5230d3bb2a3bf7fb31062c19c7e5382b3d2bd
  F ext/fts5/test/fts5fault2.test 69c8fdbef830cd0d450908d4504d5bb86609e255af99c421c20a0756251fe344
  F ext/fts5/test/fts5fault3.test da2f9e3e56ff5740d68ebdd6877c97089e7ed28ddff28a0da87a6afea27e5522
@@ -1852,7 +1852,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P f065cf003bd2a3a580cb5b9fa2eacd8be075fe8c2bbc5688e9a9406abbfb3804
-R 818408c4725ad345697d1e37e3d5ef64
-U drh
-Z 7d655f0df3955b1fe800872549949d0e
+P d47d66e3d360d8aa6203a855228d2bc40d9a00d69c15f5066b7632d8fb1ed2cc
+R efc161540e729c979ff7beb44c6e2cdb
+U dan
+Z a89ac56282038be9a7a814f5f50981fa
diff --git a/manifest.uuid b/manifest.uuid

index c74c2ec5fea595324ac51eb4a84f8b407821801b..0049b8ebcbac8980dd1aed37e9321b833596d1ad 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-d47d66e3d360d8aa6203a855228d2bc40d9a00d69c15f5066b7632d8fb1ed2cc
-\ No newline at end of file
+355afd77df21a2265871ca6d075f26b1fa121c7c2682cf512281944ff0c2186d
+\ No newline at end of file
author	dan <dan@noemail.net>
	Tue, 10 Dec 2019 03:40:11 +0000 (03:40 +0000)
committer	dan <dan@noemail.net>
	Tue, 10 Dec 2019 03:40:11 +0000 (03:40 +0000)
ext/fts5/fts5_config.c		patch \| blob \| blame \| history
ext/fts5/test/fts5eb.test		patch \| blob \| blame \| history
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history