From: drh <drh@noemail.net>
Date: Mon, 17 Jul 2017 15:38:57 +0000 (+0000)
Subject: Improved the interface to the fts5() extension mechanism for enhanced
X-Git-Tag: version-3.20.0~35^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=72495b44e043b6e2cdddf3aa899dd528ea2b1373;p=thirdparty%2Fsqlite.git

Improved the interface to the fts5() extension mechanism for enhanced
security.

FossilOrigin-Name: bc78235f547977f1a821342ca8f3e03103a0eb351f8b3115ac10b43dd9c7044d
---

diff --git a/ext/fts5/fts5_main.c b/ext/fts5/fts5_main.c
index e1bab8e059..d59cd5b7cc 100644
--- a/ext/fts5/fts5_main.c
+++ b/ext/fts5/fts5_main.c
@@ -2609,15 +2609,14 @@ static void fts5ModuleDestroy(void *pCtx){
 static void fts5Fts5Func(
   sqlite3_context *pCtx,          /* Function call context */
   int nArg,                       /* Number of args */
-  sqlite3_value **apUnused        /* Function arguments */
+  sqlite3_value **apArg           /* Function arguments */
 ){
   Fts5Global *pGlobal = (Fts5Global*)sqlite3_user_data(pCtx);
-  char buf[8];
-  UNUSED_PARAM2(nArg, apUnused);
-  assert( nArg==0 );
-  assert( sizeof(buf)>=sizeof(pGlobal) );
-  memcpy(buf, (void*)&pGlobal, sizeof(pGlobal));
-  sqlite3_result_blob(pCtx, buf, sizeof(pGlobal), SQLITE_TRANSIENT);
+  fts5_api **ppApi;
+  UNUSED_PARAM(nArg);
+  assert( nArg==1 );
+  ppApi = (fts5_api**)sqlite3_value_pointer(apArg[0], "fts5_api_ptr");
+  if( ppApi ) *ppApi = &pGlobal->api;
 }
 
 /*
@@ -2682,7 +2681,7 @@ static int fts5Init(sqlite3 *db){
     if( rc==SQLITE_OK ) rc = sqlite3Fts5VocabInit(pGlobal, db);
     if( rc==SQLITE_OK ){
       rc = sqlite3_create_function(
-          db, "fts5", 0, SQLITE_UTF8, p, fts5Fts5Func, 0, 0
+          db, "fts5", 1, SQLITE_UTF8, p, fts5Fts5Func, 0, 0
       );
     }
     if( rc==SQLITE_OK ){
diff --git a/ext/fts5/fts5_tcl.c b/ext/fts5/fts5_tcl.c
index 5fe690f6b7..99120e3d27 100644
--- a/ext/fts5/fts5_tcl.c
+++ b/ext/fts5/fts5_tcl.c
@@ -99,16 +99,13 @@ static int SQLITE_TCLAPI f5tDbAndApi(
     sqlite3_stmt *pStmt = 0;
     fts5_api *pApi = 0;
 
-    rc = sqlite3_prepare_v2(db, "SELECT fts5()", -1, &pStmt, 0);
+    rc = sqlite3_prepare_v2(db, "SELECT fts5(?1)", -1, &pStmt, 0);
     if( rc!=SQLITE_OK ){
       Tcl_AppendResult(interp, "error: ", sqlite3_errmsg(db), 0);
       return TCL_ERROR;
     }
-
-    if( SQLITE_ROW==sqlite3_step(pStmt) ){
-      const void *pPtr = sqlite3_column_blob(pStmt, 0);
-      memcpy((void*)&pApi, pPtr, sizeof(pApi));
-    }
+    sqlite3_bind_pointer(pStmt, 1, (void*)&pApi, "fts5_api_ptr");
+    sqlite3_step(pStmt);
 
     if( sqlite3_finalize(pStmt)!=SQLITE_OK ){
       Tcl_AppendResult(interp, "error: ", sqlite3_errmsg(db), 0);
diff --git a/ext/fts5/fts5_test_mi.c b/ext/fts5/fts5_test_mi.c
index a905b85bb9..49220b6410 100644
--- a/ext/fts5/fts5_test_mi.c
+++ b/ext/fts5/fts5_test_mi.c
@@ -73,13 +73,10 @@ static int fts5_api_from_db(sqlite3 *db, fts5_api **ppApi){
   int rc;
 
   *ppApi = 0;
-  rc = sqlite3_prepare(db, "SELECT fts5()", -1, &pStmt, 0);
+  rc = sqlite3_prepare(db, "SELECT fts5(?1)", -1, &pStmt, 0);
   if( rc==SQLITE_OK ){
-    if( SQLITE_ROW==sqlite3_step(pStmt) 
-        && sizeof(fts5_api*)==sqlite3_column_bytes(pStmt, 0)
-      ){
-      memcpy(ppApi, sqlite3_column_blob(pStmt, 0), sizeof(fts5_api*));
-    }
+    sqlite3_bind_pointer(pStmt, 1, (void*)ppApi, "fts5_api_ptr");
+    (void)sqlite3_step(pStmt);
     rc = sqlite3_finalize(pStmt);
   }
 
@@ -422,4 +419,3 @@ int sqlite3Fts5TestRegisterMatchinfo(sqlite3 *db){
 }
 
 #endif /* SQLITE_ENABLE_FTS5 */
-
diff --git a/ext/fts5/test/fts5matchinfo.test b/ext/fts5/test/fts5matchinfo.test
index 13ad18fd2f..4dc04b7897 100644
--- a/ext/fts5/test/fts5matchinfo.test
+++ b/ext/fts5/test/fts5matchinfo.test
@@ -472,7 +472,7 @@ do_execsql_test 12.1 {
 #
 reset_db
 proc xyz {} {}
-db func fts5 -argcount 0 xyz
+db func fts5 -argcount 1 xyz
 do_test 13.1 {
   list [catch { sqlite3_fts5_register_matchinfo db } msg] $msg
 } {1 SQLITE_ERROR}
diff --git a/manifest b/manifest
index ed838f39b2..b132d68f89 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Comment\schanges\sclarifying\sdetails\sof\sthe\spointer-type\sparameter.\s\sNo\nchanges\sto\scode.
-D 2017-07-17T12:41:29.874
+C Improved\sthe\sinterface\sto\sthe\sfts5()\sextension\smechanism\sfor\senhanced\nsecurity.
+D 2017-07-17T15:38:57.883
 F Makefile.in eda8bedf08c4c93e2137ef1218b3d3302488c68c2774918de0335a1133aab157
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc 20850e3e8d4d4791e0531955852d768eb06f24138214870d543abb1a47346fba
@@ -106,10 +106,10 @@ F ext/fts5/fts5_config.c 5af9c360e99669d29f06492c370892394aba0857
 F ext/fts5/fts5_expr.c f2825f714d91bbe62ab5820aee9ad12e0c94205b2a01725eaa9072415ae9ff1c
 F ext/fts5/fts5_hash.c 32be400cf761868c9db33efe81a06eb19a17c5402ad477ee9efb51301546dd55
 F ext/fts5/fts5_index.c 2ce9d50ec5508b8205615aad69e1c9b2c77f017f21d4479e1fb2079c01fdd017
-F ext/fts5/fts5_main.c f32b3b878c21df7bd4ea4c096c7d4b36f3fa40b216899ddf29d2eb9b47053069
+F ext/fts5/fts5_main.c 24868f88ab2a865defbba7a92eebeb726cc991eb092b71b5f5508f180c72605b
 F ext/fts5/fts5_storage.c fb5ef3c27073f67ade2e1bea08405f9e43f68f5f3676ed0ab7013bce5ba10be6
-F ext/fts5/fts5_tcl.c 4a901f00c8553740dba63511603f5527d741c26a
-F ext/fts5/fts5_test_mi.c 783b86697ebf773c18fc109992426c0173a055bc
+F ext/fts5/fts5_tcl.c 4fab0eaba3d8a82c36195c9268e68e64c9b7acbd9e6b054e84fcf2ee97672714
+F ext/fts5/fts5_test_mi.c 03cfc256bb2dfe0d0f9516daea894ea651a7105cd3bdcfbd6c1f4d3145634931
 F ext/fts5/fts5_test_tok.c ffd657dd67e7fcdb31bf63fb60b6d867299a581d0f46e97086abacd66c2a9b26
 F ext/fts5/fts5_tokenize.c 2ce7b44183538ec46b7907726262ee43ffdd39a8
 F ext/fts5/fts5_unicode2.c b450b209b157d598f7b9df9f837afb75a14c24bf
@@ -169,7 +169,7 @@ F ext/fts5/test/fts5hash.test b0c8fc0abb5409db5238ffa3c0f83faea447f99ed79b471c69
 F ext/fts5/test/fts5integrity.test 6c4aad7f7380ec459a0c27ebbc0cb314fa67f3a3dad0cc820f612d33aa887166
 F ext/fts5/test/fts5lastrowid.test be98fe3e03235296585b72daad7aed5717ba0062bae5e5c18dd6e04e194c6b28
 F ext/fts5/test/fts5leftjoin.test c0b4cafb9661379e576dc4405c0891d8fcc2782680740513c4d1fc114b43d4ad
-F ext/fts5/test/fts5matchinfo.test f06a3f786089aef34856720e6d4c236749b306d36f513c0665fe504f0740b6e7
+F ext/fts5/test/fts5matchinfo.test 79129ff6c9a2d86943b287a5a8caa7ee639f6dcf004d8975d15c279374e82e35
 F ext/fts5/test/fts5merge.test e92a8db28b45931e7a9c7b1bbd36101692759d00274df74d83fd29d25d53b3a6
 F ext/fts5/test/fts5merge2.test 3ebad1a59d6ad3fb66eff6523a09e95dc6367cbefb3cd73196801dea0425c8e2
 F ext/fts5/test/fts5multiclient.test 5ff811c028d6108045ffef737f1e9f05028af2458e456c0937c1d1b8dea56d45
@@ -1633,7 +1633,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P e1196567fcbc313657836262ed9f71668b1c47f26e4bc57c7880ff40079d66cc
-R 44ab723208e3fb1d41d5a4d6b1798a34
+P e4579e50a1ece4f65dfdae39d5c1670f0e3f7d4824e7d242f07ec9859d15155f
+R 84ee586521f1c75e6bd72053e825fa25
 U drh
-Z e0af31851383293468c221b16ac511da
+Z db36539b98f82465e246556331eb9f45
diff --git a/manifest.uuid b/manifest.uuid
index ad53d8b0ee..371031936f 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-e4579e50a1ece4f65dfdae39d5c1670f0e3f7d4824e7d242f07ec9859d15155f
\ No newline at end of file
+bc78235f547977f1a821342ca8f3e03103a0eb351f8b3115ac10b43dd9c7044d
\ No newline at end of file