From: drh Date: Tue, 22 Jan 2019 02:34:35 +0000 (+0000) Subject: Ensure that a key comparison does not read a collating sequence past the X-Git-Tag: version-3.27.0~108 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9b13365bbadb5e16da3579fcb8941799760817c1;p=thirdparty%2Fsqlite.git Ensure that a key comparison does not read a collating sequence past the end of the KeyInfo, even if the key field of an index is corrupted by having a string in the last column instead of the ROWID. FossilOrigin-Name: 058a8006dceda78a894ea9446f057aa60b6d38e96506d4d91bda0ee2f9314ba3 --- diff --git a/manifest b/manifest index ce5d58bd97..b5b6515872 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Enhance\sthe\sbtree\ssearch\sroutine\sso\sthat\sit\sdoes\searly\sdetection\sof\s\nimpossibly\slarge\skeys\sand\sthereby\savoids\sa\slarge\smalloc()\scall. -D 2019-01-21T23:18:22.833 +C Ensure\sthat\sa\skey\scomparison\sdoes\snot\sread\sa\scollating\ssequence\spast\sthe\nend\sof\sthe\sKeyInfo,\seven\sif\sthe\skey\sfield\sof\san\sindex\sis\scorrupted\sby\shaving\na\sstring\sin\sthe\slast\scolumn\sinstead\sof\sthe\sROWID. +D 2019-01-22T02:34:35.566 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in 0e7c107ebcaff26681bc5bcf017557db85aa828d6f7fd652d748b7a78072c298 @@ -589,7 +589,7 @@ F src/vdbe.c 090d40c688b56b4602fb196a78e9d17213f381984258131c1e8f665636ca35ac F src/vdbe.h 712bca562eaed1c25506b9faf9680bdc75fc42e2f4a1cd518d883fa79c7a4237 F src/vdbeInt.h a76d5eed62c76bcd8de7afd3147fac1bc40c5a870582664bcd7d071ef437c37f F src/vdbeapi.c 57a2d794a8833f269b878dbc24e955369bdb379af6c4e93ebc5ce1a20fa3daf4 -F src/vdbeaux.c c0c3c0820cd4f85f449876a068258f0691c5dbaa5b3f9e3dfa652f56ec101578 +F src/vdbeaux.c f6cd3f538697aff71f1ef92a769feb18173eb9df80372f570d741a237ea30628 F src/vdbeblob.c f5c70f973ea3a9e915d1693278a5f890dc78594300cf4d54e64f2b0917c94191 F src/vdbemem.c 7b3305bc4a5139f4536ac9b5f61da0f915e49d2e3fdfa87dfdfa9d7aba8bc1e9 F src/vdbesort.c 90aad5a92608f2dd771c96749beabdb562c9d881131a860a7a5bccf66dc3be7f @@ -1801,7 +1801,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 505ed9a47825240979338a24044559613fbbd2a7850bdff70c7164da054ec63d -R e2e2c083d84dd4ed74c396601ff8b668 +P 3ecaaee69f49e43d38047b7d53b82689eba7f7d33541fcac3c32b6dc8a568458 +R f385ece7541b622a43ba00abbbceac4f U drh -Z e752d990073956697e5a14d1f923521d +Z 76c735b46ba59f636dafee5ffda43520 diff --git a/manifest.uuid b/manifest.uuid index eaf6920801..cea1bb0d78 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -3ecaaee69f49e43d38047b7d53b82689eba7f7d33541fcac3c32b6dc8a568458 \ No newline at end of file +058a8006dceda78a894ea9446f057aa60b6d38e96506d4d91bda0ee2f9314ba3 \ No newline at end of file diff --git a/src/vdbeaux.c b/src/vdbeaux.c index 57b3db8c1a..a8e337ae3c 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -3902,7 +3902,8 @@ static int vdbeRecordCompareDebug( /* Do the comparison */ - rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i], pKeyInfo->aColl[i]); + rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i], + pKeyInfo->nAllField>i ? pKeyInfo->aColl[i] : 0); if( rc!=0 ){ assert( mem1.szMalloc==0 ); /* See comment below */ if( pKeyInfo->aSortOrder[i] ){ @@ -4333,10 +4334,12 @@ int sqlite3VdbeRecordCompareWithSkip( mem1.n = (serial_type - 12) / 2; testcase( (d1+mem1.n)==(unsigned)nKey1 ); testcase( (d1+mem1.n+1)==(unsigned)nKey1 ); - if( (d1+mem1.n) > (unsigned)nKey1 ){ + if( (d1+mem1.n) > (unsigned)nKey1 + || (pKeyInfo = pPKey2->pKeyInfo)->nAllField<=i + ){ pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT; return 0; /* Corruption */ - }else if( (pKeyInfo = pPKey2->pKeyInfo)->aColl[i] ){ + }else if( pKeyInfo->aColl[i] ){ mem1.enc = pKeyInfo->enc; mem1.db = pKeyInfo->db; mem1.flags = MEM_Str;