Fix a buffer overread that could occur when running fts5 prefix queries inside a...

author dan <dan@noemail.net>

Tue, 3 Sep 2019 19:40:52 +0000 (19:40 +0000)

committer dan <dan@noemail.net>

Tue, 3 Sep 2019 19:40:52 +0000 (19:40 +0000)
author dan <dan@noemail.net>
Tue, 3 Sep 2019 19:40:52 +0000 (19:40 +0000)
committer dan <dan@noemail.net>
Tue, 3 Sep 2019 19:40:52 +0000 (19:40 +0000)
diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c

index afa2a30739156c3612c7bcf01516f5a0aee8d95f..8fc73e1af5a1a2a2f243509deaeea0f97e98c91b 100644 (file)
--- a/ext/fts5/fts5_hash.c
+++ b/ext/fts5/fts5_hash.c
@@ -438,7 +438,9 @@ static int fts5HashEntrySort(
    for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
      Fts5HashEntry *pIter;
      for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
-      if( pTerm==0 || 0==memcmp(pIter->zKey, pTerm, nTerm) ){
+      if( pTerm==0 
+       || (strlen(pIter->zKey)>=nTerm && 0==memcmp(pIter->zKey, pTerm, nTerm))
+      ){
          Fts5HashEntry *pEntry = pIter;
          pEntry->pScanNext = 0;
          for(i=0; ap[i]; i++){
diff --git a/ext/fts5/test/fts5aa.test b/ext/fts5/test/fts5aa.test

index 428ca6c1eabf453e749c68ff46533d906836b92a..659735dd35867c94766294ca84d9e306e9e64858 100644 (file)
--- a/ext/fts5/test/fts5aa.test
+++ b/ext/fts5/test/fts5aa.test
@@ -561,6 +561,19 @@ do_test 20.1 {
    execsql { SELECT rowid FROM tmp WHERE tmp MATCH 'y' }
  } $::ids
  
+#-------------------------------------------------------------------------
+do_execsql_test 25.0 {
+  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
+}
+do_execsql_test 25.1 {
+  BEGIN;
+  INSERT INTO t13 VALUES('AAAA');
+  SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');
+
+  END;
+}
+
+
  }
  
  
diff --git a/manifest b/manifest

index 20f746374f33047cfdd868298a16e21b8843b5b6..c4c7352583a5a61b9d30241e0f0da677d1159a14 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Disable\sthe\sundocumented\srtreenode()\sSQL\sfunction\sthat\sis\sonly\sused\sfor\stesting,\nexcept\swhen\sdoing\sa\sbuild\sthat\sis\sspecifically\sintended\sfor\stesting.
-D 2019-09-03T17:46:35.824
+C Fix\sa\sbuffer\soverread\sthat\scould\soccur\swhen\srunning\sfts5\sprefix\squeries\sinside\sa\stransaction.
+D 2019-09-03T19:40:52.501
  F Makefile.in 1cc758ce3374a32425e4d130c2fe7b026b20de5b8843243de75f087c0a2661fb
  F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
  F Makefile.msc 1faf9f06aadc9284c212dea7bbc7c0dea7e8337f0287c81001eff500912c790a
@@ -104,7 +104,7 @@ F ext/fts5/fts5_aux.c 67acf8d51723cf28ffc3828210ba662df4b8d267
  F ext/fts5/fts5_buffer.c 4c1502d4c956cd092c89ce4480867f9d8bf325cd
  F ext/fts5/fts5_config.c 5af9c360e99669d29f06492c370892394aba0857
  F ext/fts5/fts5_expr.c c6ecc2280162a3714d15dce2a8f2299f748b627c
-F ext/fts5/fts5_hash.c 880998e596b60f078348d48732ca4ad9a90caad2
+F ext/fts5/fts5_hash.c 2b1149273e77f0a700435307e9ee0bf830339316d0aa01dcdf8f81116d55ca3a
  F ext/fts5/fts5_index.c f67032a9a529ba52a545e6e3ab970764199c05d4
  F ext/fts5/fts5_main.c f85281445dcf8be32d18841c93a6f90fe27dbfe2
  F ext/fts5/fts5_storage.c 8f0e65cb33bde8f449e1c9b4be4600d18b4da6e9
@@ -118,7 +118,7 @@ F ext/fts5/fts5_vocab.c e44fefa7f0c1db252998af071daf06a7147e17e7
  F ext/fts5/fts5parse.y e51b375403421b8b37428a89b095d00597129aae
  F ext/fts5/mkportersteps.tcl 5acf962d2e0074f701620bb5308155fa1e4a63ba
  F ext/fts5/test/fts5_common.tcl b01c584144b5064f30e6c648145a2dd6bc440841
-F ext/fts5/test/fts5aa.test bd2d88182b9f7f30d300044048ad14683306b745
+F ext/fts5/test/fts5aa.test 71f3ce62bce9b730b86e9ae9827a063ecf06f9b6b1e69beb6ab17f2da68f1d17
  F ext/fts5/test/fts5ab.test 30325a89453280160106be411bba3acf138e6d1b
  F ext/fts5/test/fts5ac.test 55cad4275a1f5acabfe14d8442a8046b47e49e5f
  F ext/fts5/test/fts5ad.test 36995f0586f30f5602074e012b9224c71ec5171c
@@ -1570,8 +1570,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 4bb21d8205b3c72b94442018a0544ecc55e3320ef2593f0e3350142b7f2a7663
-Q +7b4583f932ff0933280aa73ee69294b488f96d4f2bdc8422cd0136d944d9fb60
-R 47a875971b982e4114bcb5499100f999
-U drh
-Z 6ec6389d9f8787c98a516ede19c40183
+P 0a1cce496c515a2ff9c044021ac0e84756830f4ffbb86f5f736bdbb49fb74927
+Q +b3fa58dd7403dbd4d2e9f3ae23d7d1337830d6fef2aa2f137ac5174de0d5828e
+R b5d4ef6556ce4ce428174043997d4f82
+U dan
+Z 4eb9bb565f0c4ead36743645c9b39e85
diff --git a/manifest.uuid b/manifest.uuid

index 2fcc091c4181e5d43d2232c8e42226df4eec93b1..368c735b70c3632b461228e9172dbd2e5dd61c70 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-0a1cce496c515a2ff9c044021ac0e84756830f4ffbb86f5f736bdbb49fb74927
-\ No newline at end of file
+b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973
+\ No newline at end of file
author	dan <dan@noemail.net>
	Tue, 3 Sep 2019 19:40:52 +0000 (19:40 +0000)
committer	dan <dan@noemail.net>
	Tue, 3 Sep 2019 19:40:52 +0000 (19:40 +0000)
ext/fts5/fts5_hash.c		patch \| blob \| blame \| history
ext/fts5/test/fts5aa.test		patch \| blob \| blame \| history
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history