From: dan <dan@noemail.net>
Date: Fri, 12 Feb 2016 18:48:09 +0000 (+0000)
Subject: Fix a potential buffer overread provoked by invalid utf-8 in fts5.
X-Git-Tag: version-3.11.0~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=53ff9c2972aed305e67f3a28375c35977bb17534;p=thirdparty%2Fsqlite.git

Fix a potential buffer overread provoked by invalid utf-8 in fts5.

FossilOrigin-Name: a049fbbde5da2e43d41aa8c2b41f9eb21507ac76
---

diff --git a/ext/fts3/unicode/mkunicode.tcl b/ext/fts3/unicode/mkunicode.tcl
index a2e9b1da29..aafb4e9f9b 100644
--- a/ext/fts3/unicode/mkunicode.tcl
+++ b/ext/fts3/unicode/mkunicode.tcl
@@ -226,9 +226,9 @@ proc print_isalnum {zFunc lRange} {
   an_print_range_array $lRange
   an_print_ascii_bitmap $lRange
   puts {
-  if( c<128 ){
+  if( (unsigned int)c<128 ){
     return ( (aAscii[c >> 5] & (1 << (c & 0x001F)))==0 );
-  }else if( c<(1<<22) ){
+  }else if( (unsigned int)c<(1<<22) ){
     unsigned int key = (((unsigned int)c)<<10) | 0x000003FF;
     int iRes = 0;
     int iHi = sizeof(aEntry)/sizeof(aEntry[0]) - 1;
diff --git a/ext/fts5/fts5_unicode2.c b/ext/fts5/fts5_unicode2.c
index 8ad709d0fd..1ef56f6156 100644
--- a/ext/fts5/fts5_unicode2.c
+++ b/ext/fts5/fts5_unicode2.c
@@ -125,9 +125,9 @@ int sqlite3Fts5UnicodeIsalnum(int c){
     0xFFFFFFFF, 0xFC00FFFF, 0xF8000001, 0xF8000001,
   };
 
-  if( c<128 ){
+  if( (unsigned int)c<128 ){
     return ( (aAscii[c >> 5] & (1 << (c & 0x001F)))==0 );
-  }else if( c<(1<<22) ){
+  }else if( (unsigned int)c<(1<<22) ){
     unsigned int key = (((unsigned int)c)<<10) | 0x000003FF;
     int iRes = 0;
     int iHi = sizeof(aEntry)/sizeof(aEntry[0]) - 1;
diff --git a/manifest b/manifest
index 0dad1bc0fe..edbefc847e 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sfairly\sobscure\sbuffer\soverread\sin\sfts5.
-D 2016-02-12T17:56:27.467
+C Fix\sa\spotential\sbuffer\soverread\sprovoked\sby\sinvalid\sutf-8\sin\sfts5.
+D 2016-02-12T18:48:09.224
 F Makefile.in 4e90dc1521879022aa9479268a4cd141d1771142
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc 30f075dc4f27a07abb76088946b2944178d85347
@@ -94,7 +94,7 @@ F ext/fts3/mkfts3amal.tcl 252ecb7fe6467854f2aa237bf2c390b74e71f100
 F ext/fts3/tool/fts3view.c 5d78b668f4e9598af9147f8999632599fb0d9dd5
 F ext/fts3/unicode/CaseFolding.txt 8c678ca52ecc95e16bc7afc2dbf6fc9ffa05db8c
 F ext/fts3/unicode/UnicodeData.txt cd07314edb62d49fde34debdaf92fa2aa69011e7
-F ext/fts3/unicode/mkunicode.tcl 95cf7ec186e48d4985e433ff8a1c89090a774252
+F ext/fts3/unicode/mkunicode.tcl 2debed3f582d77b3fdd0b8830880250021571fd8
 F ext/fts3/unicode/parseunicode.tcl da577d1384810fb4e2b209bf3313074353193e95
 F ext/fts5/extract_api_docs.tcl a36e54ec777172ddd3f9a88daf593b00848368e0
 F ext/fts5/fts5.h ff9c2782e8ed890b0de2f697a8d63971939e70c7
@@ -111,7 +111,7 @@ F ext/fts5/fts5_tcl.c f8731e0508299bd43f1a2eff7dbeaac870768966
 F ext/fts5/fts5_test_mi.c 1ec66ffdf7632077fbd773b7a6df5153272ec070
 F ext/fts5/fts5_test_tok.c db08af63673c3a7d39f053b36fd6e065017706be
 F ext/fts5/fts5_tokenize.c 2ce7b44183538ec46b7907726262ee43ffdd39a8
-F ext/fts5/fts5_unicode2.c 78273fbd588d1d9bd0a7e4e0ccc9207348bae33c
+F ext/fts5/fts5_unicode2.c b450b209b157d598f7b9df9f837afb75a14c24bf
 F ext/fts5/fts5_varint.c a5aceacda04dafcbae725413d7a16818ecd65738
 F ext/fts5/fts5_vocab.c dba72ca393d71c2588548b51380387f6b44c77a8
 F ext/fts5/fts5parse.y 59432ea369f1aa65511bad465f55d31a22f9f223
@@ -1427,7 +1427,7 @@ F tool/vdbe_profile.tcl 246d0da094856d72d2c12efec03250d71639d19f
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh ef6ebc6fd8d2dc35db3b622015c16a023d4fef4f
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P d9c985878cf7c74a79ccdb9cf94a2d48fdde3e6f
-R 0a862bd7a75e07028d820b1669759dd1
+P 130580207ab5cee762b2893808acef7c8afad027
+R f6628307ca7dcc5e74da260d3c3d6ac5
 U dan
-Z 281d4ece2b41724c1d776859918d3659
+Z 7972d84e46f7d6d6e270e54f6c76821e
diff --git a/manifest.uuid b/manifest.uuid
index d57148a112..10c0eea158 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-130580207ab5cee762b2893808acef7c8afad027
\ No newline at end of file
+a049fbbde5da2e43d41aa8c2b41f9eb21507ac76
\ No newline at end of file