From: dan <dan@noemail.net>
Date: Thu, 10 Dec 2009 18:20:31 +0000 (+0000)
Subject: Fix an OOM related problem in the snippet() and offsets() functions of fts3.
X-Git-Tag: version-3.7.2~719
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2c11d597c738aeebb2c389ef24bd1559eb19e831;p=thirdparty%2Fsqlite.git

Fix an OOM related problem in the snippet() and offsets() functions of fts3.

FossilOrigin-Name: 61efff414254f209f1c69728ae2da3b3888b7290
---

diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index bde51d5751..9de30dff35 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -877,7 +877,7 @@ static int fulltextClose(sqlite3_vtab_cursor *pCursor){
   return SQLITE_OK;
 }
 
-static int fts3CursorSeek(Fts3Cursor *pCsr){
+static int fts3CursorSeek(sqlite3_context *pContext, Fts3Cursor *pCsr){
   if( pCsr->isRequireSeek ){
     pCsr->isRequireSeek = 0;
     sqlite3_bind_int64(pCsr->pStmt, 1, pCsr->iPrevId);
@@ -893,6 +893,9 @@ static int fts3CursorSeek(Fts3Cursor *pCsr){
         rc = SQLITE_CORRUPT;
       }
       pCsr->isEof = 1;
+      if( pContext && rc!=SQLITE_OK ){
+        sqlite3_result_error_code(pContext, rc);
+      }
       return rc;
     }
   }else{
@@ -2004,7 +2007,7 @@ static int fts3ColumnMethod(
     sqlite3_result_blob(pContext, &pCsr, sizeof(pCsr), SQLITE_TRANSIENT);
     rc = SQLITE_OK;
   }else{
-    rc = fts3CursorSeek(pCsr);
+    rc = fts3CursorSeek(0, pCsr);
     if( rc==SQLITE_OK ){
       sqlite3_result_value(pContext, sqlite3_column_value(pCsr->pStmt, iCol+1));
     }
@@ -2123,8 +2126,11 @@ static void fts3SnippetFunc(
     case 3: zEnd = (const char*)sqlite3_value_text(apVal[2]);
     case 2: zStart = (const char*)sqlite3_value_text(apVal[1]);
   }
-
-  sqlite3Fts3Snippet(pContext, pCsr, zStart, zEnd, zEllipsis);
+  if( !zStart || !zEnd || !zEllipsis ){
+    sqlite3_result_error_nomem(pContext);
+  }else if( SQLITE_OK==fts3CursorSeek(pContext, pCsr) ){
+    sqlite3Fts3Snippet(pContext, pCsr, zStart, zEnd, zEllipsis);
+  }
 }
 
 /*
@@ -2136,13 +2142,16 @@ static void fts3OffsetsFunc(
   sqlite3_value **apVal           /* Array of arguments */
 ){
   Fts3Cursor *pCsr;               /* Cursor handle passed through apVal[0] */
+  int rc;
 
   UNUSED_PARAMETER(nVal);
 
   assert( nVal==1 );
   if( fts3FunctionArg(pContext, "offsets", apVal[0], &pCsr) ) return;
   assert( pCsr );
-  sqlite3Fts3Offsets(pContext, pCsr);
+  if( SQLITE_OK==fts3CursorSeek(pContext, pCsr) ){
+    sqlite3Fts3Offsets(pContext, pCsr);
+  }
 }
 
 /* 
diff --git a/manifest b/manifest
index e6db9014d6..0e30936202 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Changes\sto\sfts3\sto\savoid\sflushing\sdata\sto\sdisk\swithin\sa\sSELECT\sstatement.
-D 2009-12-10T16:04:26
+C Fix\san\sOOM\srelated\sproblem\sin\sthe\ssnippet()\sand\soffsets()\sfunctions\sof\sfts3.
+D 2009-12-10T18:20:32
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in c5827ead754ab32b9585487177c93bb00b9497b3
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -56,7 +56,7 @@ F ext/fts2/mkfts2amal.tcl 974d5d438cb3f7c4a652639262f82418c1e4cff0
 F ext/fts3/README.syntax a19711dc5458c20734b8e485e75fb1981ec2427a
 F ext/fts3/README.tokenizers 998756696647400de63d5ba60e9655036cb966e9
 F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d
-F ext/fts3/fts3.c f72d7fdb5cca933a9311037e63610a182d9369b4
+F ext/fts3/fts3.c a52050eb59dd190cacfce49e82dd11e66885aef9
 F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe
 F ext/fts3/fts3Int.h 1419e2973b44ee78f0ae8f7e03abfa2bdaf14f54
 F ext/fts3/fts3_expr.c fcf6812dbfd9cb9a2cabaf50e741411794f83e7e
@@ -377,7 +377,7 @@ F test/fts2q.test b2fbbe038b7a31a52a6079b215e71226d8c6a682
 F test/fts2r.test b154c30b63061d8725e320fba1a39e2201cadd5e
 F test/fts2token.test d8070b241a15ff13592a9ae4a8b7c171af6f445a
 F test/fts3.test ae0433b09b12def08105640e57693726c4949338
-F test/fts3_common.tcl 363b6b215cb88ad9a59c5fd7c9d4dd0581446497
+F test/fts3_common.tcl dbed2fca2162d695908895680071a2b7e0a2eb55
 F test/fts3aa.test 5327d4c1d9b6c61021696746cc9a6cdc5bf159c0
 F test/fts3ab.test 09aeaa162aee6513d9ff336b6932211008b9d1f9
 F test/fts3ac.test 356280144a2c92aa7b11474afadfe62a437fcd69
@@ -778,7 +778,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
-P ee9b1c05a7f12d3d668b804bd11ae0def984b66e
-R 58b4a041207a70975c8de2329badf743
+P 48c0db0eb2d134bb302bb5eca6beb0ec46736257
+R 4df67170c38eb456078008bc38ed8026
 U dan
-Z 97d832b78b48585e6dc269202723d83a
+Z bd1d5b1e641b924be3a08e7b99336f40
diff --git a/manifest.uuid b/manifest.uuid
index 16362b9ba4..4bd5b24b95 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-48c0db0eb2d134bb302bb5eca6beb0ec46736257
\ No newline at end of file
+61efff414254f209f1c69728ae2da3b3888b7290
\ No newline at end of file
diff --git a/test/fts3_common.tcl b/test/fts3_common.tcl
index 13319382fa..0670c3319b 100644
--- a/test/fts3_common.tcl
+++ b/test/fts3_common.tcl
@@ -330,7 +330,7 @@ proc doPassiveTest {name sql catchres} {
   set str [join $answers " OR "]
 
   foreach {nRepeat zName} $modes {
-    for {set iFail 48} 1 {incr iFail} {
+    for {set iFail 1} 1 {incr iFail} {
       if {$::DO_MALLOC_TEST} {sqlite3_memdebug_fail $iFail -repeat $nRepeat}
 
       set res [uplevel [list catchsql $sql]]