From: dan <dan@noemail.net>
Date: Wed, 26 Dec 2018 11:39:39 +0000 (+0000)
Subject: Avoid a left-shift of a negative value (undefined behaviour) when dealing with
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b5bf1e03926a2f73d6ee14f10b91401a1ed46a9;p=thirdparty%2Fsqlite.git

Avoid a left-shift of a negative value (undefined behaviour) when dealing with
a corrupt database in fts3. Cherrypick of [b851d12474].

FossilOrigin-Name: 2fa63a8be62a06136a34d32351229b54bea58253a63275edf82efe0e83d412ca
---

diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index bb22a77c7f..5a946ebe79 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -338,7 +338,7 @@ int sqlite3Fts3PutVarint(char *p, sqlite_int64 v){
 }
 
 #define GETVARINT_STEP(v, ptr, shift, mask1, mask2, var, ret) \
-  v = (v & mask1) | ( (*ptr++) << shift );                    \
+  v = (v & mask1) | ( (*(ptr++)) << shift );  \
   if( (v & mask2)==0 ){ var = v; return ret; }
 #define GETVARINT_INIT(v, ptr, shift, mask1, mask2, var, ret) \
   v = (*ptr++);                                               \
@@ -376,20 +376,21 @@ int sqlite3Fts3GetVarint(const char *pBuf, sqlite_int64 *v){
 ** a non-negative 32-bit integer before it is returned.
 */
 int sqlite3Fts3GetVarint32(const char *p, int *pi){
+  const unsigned char *ptr = (const unsigned char*)p;
   u32 a;
 
 #ifndef fts3GetVarint32
-  GETVARINT_INIT(a, p, 0,  0x00,     0x80, *pi, 1);
+  GETVARINT_INIT(a, ptr, 0,  0x00,     0x80, *pi, 1);
 #else
-  a = (*p++);
+  a = (*ptr++);
   assert( a & 0x80 );
 #endif
 
-  GETVARINT_STEP(a, p, 7,  0x7F,     0x4000, *pi, 2);
-  GETVARINT_STEP(a, p, 14, 0x3FFF,   0x200000, *pi, 3);
-  GETVARINT_STEP(a, p, 21, 0x1FFFFF, 0x10000000, *pi, 4);
+  GETVARINT_STEP(a, ptr, 7,  0x7F,     0x4000, *pi, 2);
+  GETVARINT_STEP(a, ptr, 14, 0x3FFF,   0x200000, *pi, 3);
+  GETVARINT_STEP(a, ptr, 21, 0x1FFFFF, 0x10000000, *pi, 4);
   a = (a & 0x0FFFFFFF );
-  *pi = (int)(a | ((u32)(*p & 0x07) << 28));
+  *pi = (int)(a | ((u32)(*ptr & 0x07) << 28));
   assert( 0==(a & 0x80000000) );
   assert( *pi>=0 );
   return 5;
diff --git a/manifest b/manifest
index c085447e27..42075b5a72 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Change\sthe\sway\sa\scomparison\sused\sto\sdetect\scorrupt\sdatabases\sin\sfts3\sis\sdone\nto\savoid\spotential\spointer\soverflow\sin\s32-bit\sbuilds.\sCherrypick\sof\n[95a9a39ff7].
-D 2018-12-24T13:39:13.977
+C Avoid\sa\sleft-shift\sof\sa\snegative\svalue\s(undefined\sbehaviour)\swhen\sdealing\swith\na\scorrupt\sdatabase\sin\sfts3.\sCherrypick\sof\s[b851d12474].
+D 2018-12-26T11:39:39.560
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in 38f84f301cbef443b2d269f67a74b8cc536469831f70df7c3e912acc04932cc2
@@ -78,7 +78,7 @@ F ext/fts3/README.content fdc666a70d5257a64fee209f97cf89e0e6e32b51
 F ext/fts3/README.syntax a19711dc5458c20734b8e485e75fb1981ec2427a
 F ext/fts3/README.tokenizers e0a8b81383ea60d0334d274fadf305ea14a8c314
 F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d
-F ext/fts3/fts3.c 829e2943ac3449d074e465ee04815f472667e345afb682b42306d9c36eac4991
+F ext/fts3/fts3.c 5adba0be37f75eb71fe6f38a784f40ca4c2455900b948e1a80e05d5061a30979
 F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe
 F ext/fts3/fts3Int.h eb2502000148e80913b965db3e59f29251266d0a
 F ext/fts3/fts3_aux.c 9edc3655fcb287f0467d0a4b886a01c6185fe9f1
@@ -1702,8 +1702,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P c255889bd95bd5430dc7ced3317011ae2abb483d6c9af883af3dc7d6c2c2f234
-Q +95a9a39ff784b960b62dd6298e722a620ba3f9c8b76839a49bbef35d7bc84a8e
-R 59b57eaf6788c45abc849f51361db5b0
+P 271993803cc99305642e9809cbe81cbefd944f4c42fc0de370e52eb69103dcdd
+Q +b851d12474035328df8354c7da8d81bc78833c8c704153f9f573c19b47a8487e
+R cfd81a11c14c38f2eacec621253b7d4a
 U dan
-Z 15cd32de688a5ebf9e83177e1ecf89e7
+Z cb5a77d0772d98773d0f1307124b9c0e
diff --git a/manifest.uuid b/manifest.uuid
index 6d10a0404f..6252cc0787 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-271993803cc99305642e9809cbe81cbefd944f4c42fc0de370e52eb69103dcdd
\ No newline at end of file
+2fa63a8be62a06136a34d32351229b54bea58253a63275edf82efe0e83d412ca
\ No newline at end of file