From: dan Date: Thu, 13 Jan 2011 11:20:04 +0000 (+0000) Subject: Fix a couple of crashes in fts3 that can occur if the database contents are inconsistent. X-Git-Tag: version-3.7.5~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a8ab60c6488b775adf2d5ea7d12ed35cac7e257e;p=thirdparty%2Fsqlite.git Fix a couple of crashes in fts3 that can occur if the database contents are inconsistent. FossilOrigin-Name: 811e12cddfb3246c6cf3d5085bd9b72b12e05550 --- diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c index 106f7b37bb..61def9993a 100644 --- a/ext/fts3/fts3_write.c +++ b/ext/fts3/fts3_write.c @@ -1102,25 +1102,28 @@ int sqlite3Fts3SegReaderCost( ** to right. */ sqlite3_stmt *pStmt; - rc = fts3SqlStmt(p, SQL_SELECT_DOCTOTAL, &pStmt, 0); + sqlite3_int64 nDoc = 0; + sqlite3_int64 nByte = 0; + const char *a; + rc = sqlite3Fts3SelectDoctotal(p, &pStmt); if( rc ) return rc; - if( sqlite3_data_count(pStmt) || sqlite3_step(pStmt)==SQLITE_ROW ){ - sqlite3_int64 nDoc = 0; - sqlite3_int64 nByte = 0; - const char *a = sqlite3_column_blob(pStmt, 0); - if( a ){ - const char *pEnd = &a[sqlite3_column_bytes(pStmt, 0)]; - a += sqlite3Fts3GetVarint(a, &nDoc); - while( anRowAvg = (int)(((nByte / nDoc) + pgsz) / pgsz); - assert( pCsr->nRowAvg>0 ); } + if( nDoc==0 || nByte==0 ){ + sqlite3_reset(pStmt); + return SQLITE_CORRUPT; + } + + pCsr->nRowAvg = (int)(((nByte / nDoc) + pgsz) / pgsz); + assert( pCsr->nRowAvg>0 ); rc = sqlite3_reset(pStmt); - if( rc!=SQLITE_OK || pCsr->nRowAvg==0 ) return rc; + if( rc!=SQLITE_OK ) return rc; } /* Assume that a blob flows over onto overflow pages if it is larger diff --git a/manifest b/manifest index f6a6ce4aa7..4753dfeee5 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\ssegfault\sthat\scan\soccur\sin\smatchinfo\sif\san\sfts4\stable\scontains\smostly\szero-length\sdocuments.\sSpecifically,\sif\sthe\stable\scontains\smore\srows\sthan\sit\sdoes\sbytes\sof\stext. -D 2011-01-13T10:58:27 +C Fix\sa\scouple\sof\scrashes\sin\sfts3\sthat\scan\soccur\sif\sthe\sdatabase\scontents\sare\sinconsistent. +D 2011-01-13T11:20:04 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in de6498556d536ae60bb8bb10e8c1ba011448658c F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -73,7 +73,7 @@ F ext/fts3/fts3_snippet.c 196c5e6cde57bfc1907c2d60e9c29590e4f93fb6 F ext/fts3/fts3_tokenizer.c 055f3dc7369585350b28db1ee0f3b214dca6724d F ext/fts3/fts3_tokenizer.h 13ffd9fcb397fec32a05ef5cd9e0fa659bf3dbd3 F ext/fts3/fts3_tokenizer1.c 6e5cbaa588924ac578263a598e4fb9f5c9bb179d -F ext/fts3/fts3_write.c 9f3545ae27c13553a6f433fa0ec260fe8bf0cf2f +F ext/fts3/fts3_write.c 3eea26b9ca4219e1711b0db74fd5a9d448a6afbb F ext/fts3/fts3speed.tcl b54caf6a18d38174f1a6e84219950d85e98bb1e9 F ext/fts3/mkfts3amal.tcl 252ecb7fe6467854f2aa237bf2c390b74e71f100 F ext/icu/README.txt bf8461d8cdc6b8f514c080e4e10dc3b2bbdfefa9 @@ -450,7 +450,7 @@ F test/fts3expr.test 5e745b2b6348499d9ef8d59015de3182072c564c F test/fts3expr2.test 18da930352e5693eaa163a3eacf96233b7290d1a F test/fts3fault.test f83e556465bb69dc8bc676339eca408dce4ca246 F test/fts3malloc.test 9c8cc3f885bb4dfc66d0460c52f68f45e4710d1b -F test/fts3matchinfo.test 32e31467963698cc7fa311e9a61f99d7d06cf72b +F test/fts3matchinfo.test cc0b009edbbf575283d5fdb53271179e0d8019ba F test/fts3near.test 2e318ee434d32babd27c167142e2b94ddbab4844 F test/fts3query.test ef79d31fdb355d094baec1c1b24b60439a1fb8a2 F test/fts3rnd.test 2b1a579be557ab8ac54a51b39caa4aa8043cc4ad @@ -895,7 +895,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f -P 114640d920e16c85de90b19d53c485135875de5b -R f5eb10b21437fad711a6b9be4e7a8db9 +P fe9047668eaaf76e7aa1ef1f32dec7c7c4226e45 +R 92da6ba399b108dc3885073a225af042 U dan -Z a737930e0e8a10b4bde0b31ffbd88e53 +Z 1a6f8ebc8ef3ebfc6cb5f32bb01c2e00 diff --git a/manifest.uuid b/manifest.uuid index 2d44df5bca..6f0b1a326a 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -fe9047668eaaf76e7aa1ef1f32dec7c7c4226e45 \ No newline at end of file +811e12cddfb3246c6cf3d5085bd9b72b12e05550 \ No newline at end of file diff --git a/test/fts3matchinfo.test b/test/fts3matchinfo.test index bfa704080f..8f194e72cb 100644 --- a/test/fts3matchinfo.test +++ b/test/fts3matchinfo.test @@ -364,5 +364,21 @@ do_execsql_test 8.3 { SELECT mit(matchinfo(t11, 'nxa')) FROM t11 WHERE t11 MATCH 'a*' } {{204 1 3 3 0} {204 1 3 3 0} {204 1 3 3 0}} +# Corruption related tests. +do_execsql_test 8.4.1.1 { UPDATE t11_stat SET value = X'0000'; } +do_catchsql_test 8.5.1.2 { + SELECT mit(matchinfo(t11, 'nxa')) FROM t11 WHERE t11 MATCH 'a*' +} {1 {database disk image is malformed}} + +do_execsql_test 8.4.2.1 { UPDATE t11_stat SET value = X'00'; } +do_catchsql_test 8.5.2.2 { + SELECT mit(matchinfo(t11, 'nxa')) FROM t11 WHERE t11 MATCH 'a*' +} {1 {database disk image is malformed}} + +do_execsql_test 8.4.3.1 { UPDATE t11_stat SET value = NULL; } +do_catchsql_test 8.5.3.2 { + SELECT mit(matchinfo(t11, 'nxa')) FROM t11 WHERE t11 MATCH 'a*' +} {1 {database disk image is malformed}} + finish_test