From: drh <> Date: Sun, 19 Mar 2023 10:30:02 +0000 (+0000) Subject: Avoid a buffer overread in fts3 that could occur when processing a corrupt record. X-Git-Tag: version-3.41.2~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f990bd3f88bce4d70161340de139ae116378be0;p=thirdparty%2Fsqlite.git Avoid a buffer overread in fts3 that could occur when processing a corrupt record. FossilOrigin-Name: 1f91fe4bfc81bf66f9c8f0aebe0acdbac89e2c20d90a5eb4ea0a3c560b82a9cd --- diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c index 6a727eaf5f..393f8a8717 100644 --- a/ext/fts3/fts3_write.c +++ b/ext/fts3/fts3_write.c @@ -2667,16 +2667,18 @@ static int fts3MsrBufferData( char *pList, i64 nList ){ - if( nList>pMsr->nBuffer ){ + if( (nList+FTS3_NODE_PADDING)>pMsr->nBuffer ){ char *pNew; - pMsr->nBuffer = nList*2; - pNew = (char *)sqlite3_realloc64(pMsr->aBuffer, pMsr->nBuffer); + int nNew = nList*2 + FTS3_NODE_PADDING; + pNew = (char *)sqlite3_realloc64(pMsr->aBuffer, nNew); if( !pNew ) return SQLITE_NOMEM; pMsr->aBuffer = pNew; + pMsr->nBuffer = nNew; } assert( nList>0 ); memcpy(pMsr->aBuffer, pList, nList); + memset(&pMsr->aBuffer[nList], 0, FTS3_NODE_PADDING); return SQLITE_OK; } diff --git a/manifest b/manifest index 9feaa29db8..9d4324fe66 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\spotential\sbuffer\soverread\sin\sthe\srecovery\sextension. -D 2023-03-17T14:22:45.322 +C Avoid\sa\sbuffer\soverread\sin\sfts3\sthat\scould\soccur\swhen\sprocessing\sa\scorrupt\srecord. +D 2023-03-19T10:30:02.960 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -76,7 +76,7 @@ F ext/fts3/fts3_tokenizer.h 64c6ef6c5272c51ebe60fc607a896e84288fcbc3 F ext/fts3/fts3_tokenizer1.c c1de4ae28356ad98ccb8b2e3388a7fdcce7607b5523738c9afb6275dab765154 F ext/fts3/fts3_unicode.c de426ff05c1c2e7bce161cf6b706638419c3a1d9c2667de9cb9dc0458c18e226 F ext/fts3/fts3_unicode2.c 416eb7e1e81142703520d284b768ca2751d40e31fa912cae24ba74860532bf0f -F ext/fts3/fts3_write.c 4fb644df0ff840267e47a724286c7a1fa5540273a7ce15756dd5913a101ec302 +F ext/fts3/fts3_write.c 33d2d0db4dd4e7a7a7e9a7f790414293277f9e7682a2fd9d61c713bfc37cd8b6 F ext/fts3/fts3speed.tcl b54caf6a18d38174f1a6e84219950d85e98bb1e9 F ext/fts3/tool/fts3cov.sh c331d006359456cf6f8f953e37f2b9c7d568f3863f00bb5f7eb87fea4ac01b73 F ext/fts3/tool/fts3view.c 413c346399159df81f86c4928b7c4a455caab73bfbc8cd68f950f632e5751674 @@ -2045,9 +2045,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P c5bd0ea3b5b2f3ed8e971c5fd6e85e8f06d8055d74df65612c3794138306e6ba -Q +0b3b5bf9597615589a1d045aaa697c13550553ee4fe4b9008a8e51415b6fe96a -R 02be6c39e06df877a266747f4a17bfe1 -U dan -Z 81691bf1b00f2e41170fc3675011bfa2 +P 78836713c965066cb9c1cc732a9cecb1d74a25f37775a01c088393881e4fd8d6 +Q +02ac2297abee6af64c8df230b42b07f21cff4565d7e315860b2396a7c0c556ca +R 51d66f282cfe6d040bc294a4f796ba07 +U drh +Z f9cdc83baba5df0bf81faea6836bdc84 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 59fbf7f78e..e0b8ad2c94 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -78836713c965066cb9c1cc732a9cecb1d74a25f37775a01c088393881e4fd8d6 \ No newline at end of file +1f91fe4bfc81bf66f9c8f0aebe0acdbac89e2c20d90a5eb4ea0a3c560b82a9cd \ No newline at end of file