From: drh <drh@noemail.net>
Date: Mon, 18 Nov 2019 10:37:57 +0000 (+0000)
Subject: Improved detection of corruption in the %_stat table of FTS4.
X-Git-Tag: version-3.31.0~311
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=19d4175d6570133bbde56d12ea51e121a0ec2af6;p=thirdparty%2Fsqlite.git

Improved detection of corruption in the %_stat table of FTS4.
Chromium ticket 1025467.

FossilOrigin-Name: 10f8a3b718e0f47be528fba086c318e1dfe18ead383d01cfa24dedabad41e0a2
---

diff --git a/ext/fts3/fts3_snippet.c b/ext/fts3/fts3_snippet.c
index b8e2bbaac9..48b8cf4ab4 100644
--- a/ext/fts3/fts3_snippet.c
+++ b/ext/fts3/fts3_snippet.c
@@ -1065,10 +1065,10 @@ static int fts3MatchinfoSelectDoctotal(
   }
   pEnd = a + n;
   a += sqlite3Fts3GetVarintBounded(a, pEnd, &nDoc);
-  if( nDoc==0 || a>pEnd ){
+  if( nDoc<=0 || a>pEnd ){
     return FTS_CORRUPT_VTAB;
   }
-  *pnDoc = (u32)nDoc;
+  *pnDoc = nDoc;
 
   if( paLen ) *paLen = a;
   if( ppEnd ) *ppEnd = pEnd;
diff --git a/manifest b/manifest
index d256e1644b..1981bb2560 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\san\sassert\sthat\scan\sfail\sif\sthe\sschema\sis\scorrupt.
-D 2019-11-17T11:47:50.999
+C Improved\sdetection\sof\scorruption\sin\sthe\s%_stat\stable\sof\sFTS4.\nChromium\sticket\s1025467.
+D 2019-11-18T10:37:57.210
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -90,7 +90,7 @@ F ext/fts3/fts3_hash.c 8b6e31bfb0844c27dc6092c2620bdb1fca17ed613072db057d96952c6
 F ext/fts3/fts3_hash.h 39cf6874dc239d6b4e30479b1975fe5b22a3caaf
 F ext/fts3/fts3_icu.c 305ce7fb6036484085b5556a9c8e62acdc7763f0f4cdf5fd538212a9f3720116
 F ext/fts3/fts3_porter.c 3565faf04b626cddf85f03825e86056a4562c009
-F ext/fts3/fts3_snippet.c 70e8aa4a42a9e0338d0d73d0ec996db29ce5421404e29a86703cb8c39949b0cc
+F ext/fts3/fts3_snippet.c bc9b1236cf26013b584698277f7fc8d9e30cf2558b9555799a8d87a6fe55d5f6
 F ext/fts3/fts3_term.c f45a1e7c6ef464abb1231245d123dae12266b69e05cc56e14045b76591ae92d1
 F ext/fts3/fts3_test.c 73b16e229e517c1b1f0fb8e1046182a4e5dbc8dbe6eea8a5d4353fcce7dbbf39
 F ext/fts3/fts3_tokenize_vtab.c 1de9a61acfa2a0445ed989310c31839c57f6b6086dd9d5c97177ae734a17fd8b
@@ -973,7 +973,7 @@ F test/fts3sort.test ed34c716a11cc2009a35210e84ad5f9c102362ca
 F test/fts3tok1.test a663f4cac22a9505400bc22aacb818d7055240409c28729669ea7d4cc2120d15
 F test/fts3tok_err.test 52273cd193b9036282f7bacb43da78c6be87418d
 F test/fts3varint.test 0b84a3fd4eba8a39f3687523804d18f3b322e6d4539a55bf342079c3614f2ada
-F test/fts4aa.test 9a90721c2a36ef07783aa4b74f1425df4b8b5ab14749029026949c202c35fc4d
+F test/fts4aa.test 86cf2d603a7dcce9cfaea5f582699181f70896b521a05e8a1925638eb0dadeed
 F test/fts4check.test 6259f856604445d7b684c9b306b2efb6346834c3f50e8fc4a59a2ca6d5319ad0
 F test/fts4content.test 1518195a9f92b711d94419f76409a31cc78755854fb0abb1da2b74b9e0cf843e
 F test/fts4docid.test e33c383cfbdff0284685604d256f347a18fdbf01
@@ -1849,7 +1849,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 1e449687881f4d388e54a0e51bcabba41ab10cf7e596ff65e31e88a23c70d497
-R 34046cb8959003a11a67b66c8db4d70c
+P ed57c48e4bb337810521bda2da79614313e4835a317ca4eadb52bd67e4eadf98
+R 11f48b2460fa250b126c367bee79a533
 U drh
-Z b99bb99bc2fe46e8b5443bc31b14c739
+Z 2cd5c488ac2ec64086389266d74cbd79
diff --git a/manifest.uuid b/manifest.uuid
index 8ce68a37aa..57455a397a 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-ed57c48e4bb337810521bda2da79614313e4835a317ca4eadb52bd67e4eadf98
\ No newline at end of file
+10f8a3b718e0f47be528fba086c318e1dfe18ead383d01cfa24dedabad41e0a2
\ No newline at end of file
diff --git a/test/fts4aa.test b/test/fts4aa.test
index 3e85a77ecc..25319c3afd 100644
--- a/test/fts4aa.test
+++ b/test/fts4aa.test
@@ -226,7 +226,16 @@ do_catchsql_test fts4aa-5.70 {
   SELECT quote(matchinfo(t1,'a')) FROM t1 WHERE t1 MATCH 'one two';
 } {1 {database disk image is malformed}}
 
-
+# 2019-11-18 https://bugs.chromium.org/p/chromium/issues/detail?id=1025467
+db close
+sqlite3 db :memory:
+do_execsql_test fts4aa-6.10 {
+  CREATE VIRTUAL TABLE f USING fts4();
+  INSERT INTO f_segdir VALUES (77,91,0,0,'255 77',x'0001308000004d5c4ddddddd4d4d7b4d4d4d614d8019ff4d05000001204d4d2e4d6e4d4d4d4b4d6c4d004d4d4d4d4d4d3d000000004d5d4d4d645d4d004d4d4d4d4d4d4d4d4d454d6910004d05ffff054d646c4d004d5d4d4d4d4d3d000000004d4d4d4d4d4d4d4d4d4d4d69624d4d4d04004d4d4d4d4d604d4ce1404d554d45');
+  INSERT INTO f_segdir VALUES (77,108,0,0,'255 77',x'0001310000fa64004d4d4d3c5d4d654d4d4d614d8000ff4d05000001204d4d2e4d6e4d4d4dff4d4d4d4d4d4d00104d4d4d4d000000004d4d4d0400311d4d4d4d4d4d4d4d4d4d684d6910004d05ffff054d4d6c4d004d4d4d4d4d4d3d000000004d4d4d4d644d4d4d4d4d4d69624d4d4d03ed4d4d4d4d4d604d4ce1404d550080');
+  INSERT INTO f_stat VALUES (0,x'80808080100000000064004d4d4d3c4d4d654d4d4d614d8000ff4df6ff1a00204d4d2e4d6e4d4d4d104d4d4d4d4d4d00104d4d4d4d4d4d69574d4d4d000031044d4d4d3e4d4d4c4d05004d6910');
+  SELECT quote(matchinfo(f,'pnax')) from f where f match '0 1';
+} {X'0200000000000000000000000E0000000E00000001000000010000000100000001000000'}
 
 
 finish_test