From: dan Date: Thu, 20 Jul 2023 20:09:26 +0000 (+0000) Subject: Avoid an infinite loop that could be entered when dealing with corrupt fts5 tombstone... X-Git-Tag: version-3.43.0~105^2~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d6f5aa824ec77fe59ce9874dc5b26e595f2bfb4f;p=thirdparty%2Fsqlite.git Avoid an infinite loop that could be entered when dealing with corrupt fts5 tombstone hash pages. FossilOrigin-Name: 69ce2ce035279f2a00c2238187cf4d2a9092c3410f5900e4613fe4e46311169e --- diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c index c1acf4acd9..99ff4c3b5f 100644 --- a/ext/fts5/fts5_index.c +++ b/ext/fts5/fts5_index.c @@ -3109,9 +3109,10 @@ static int fts5IndexTombstoneQuery( int nHashTable, /* Number of pages attached to segment */ u64 iRowid /* Rowid to query hash for */ ){ - int szKey = TOMBSTONE_KEYSIZE(pHash); - int nSlot = (pHash->nn - 8) / szKey; + const int szKey = TOMBSTONE_KEYSIZE(pHash); + const int nSlot = (pHash->nn - 8) / szKey; int iSlot = (iRowid / nHashTable) % nSlot; + int nCollide = nSlot; if( iRowid==0 ){ return pHash->p[1]; @@ -3119,12 +3120,14 @@ static int fts5IndexTombstoneQuery( u32 *aSlot = (u32*)&pHash->p[8]; while( aSlot[iSlot] ){ if( fts5GetU32((u8*)&aSlot[iSlot])==iRowid ) return 1; + if( nCollide--==0 ) break; iSlot = (iSlot+1)%nSlot; } }else{ u64 *aSlot = (u64*)&pHash->p[8]; while( aSlot[iSlot] ){ if( fts5GetU64((u8*)&aSlot[iSlot])==iRowid ) return 1; + if( nCollide--==0 ) break; iSlot = (iSlot+1)%nSlot; } } @@ -6550,10 +6553,11 @@ static int fts5IndexTombstoneAddToPage( int nPg, u64 iRowid ){ - int szKey = TOMBSTONE_KEYSIZE(pPg); - int nSlot = (pPg->nn - 8) / szKey; + const int szKey = TOMBSTONE_KEYSIZE(pPg); + const int nSlot = (pPg->nn - 8) / szKey; + const int nElem = fts5GetU32(&pPg->p[4]); int iSlot = (iRowid / nPg) % nSlot; - int nElem = fts5GetU32(&pPg->p[4]); + int nCollide = nSlot; if( szKey==4 && iRowid>0xFFFFFFFF ) return 2; if( iRowid==0 ){ @@ -6568,11 +6572,17 @@ static int fts5IndexTombstoneAddToPage( fts5PutU32(&pPg->p[4], nElem+1); if( szKey==4 ){ u32 *aSlot = (u32*)&pPg->p[8]; - while( aSlot[iSlot] ) iSlot = (iSlot + 1) % nSlot; + while( aSlot[iSlot] ){ + iSlot = (iSlot + 1) % nSlot; + if( nCollide--==0 ) return 0; + } fts5PutU32((u8*)&aSlot[iSlot], (u32)iRowid); }else{ u64 *aSlot = (u64*)&pPg->p[8]; - while( aSlot[iSlot] ) iSlot = (iSlot + 1) % nSlot; + while( aSlot[iSlot] ){ + iSlot = (iSlot + 1) % nSlot; + if( nCollide--==0 ) return 0; + } fts5PutU64((u8*)&aSlot[iSlot], iRowid); } diff --git a/ext/fts5/test/fts5contentless3.test b/ext/fts5/test/fts5contentless3.test new file mode 100644 index 0000000000..34b7b23da4 --- /dev/null +++ b/ext/fts5/test/fts5contentless3.test @@ -0,0 +1,76 @@ +# 2023 July 21 +# +# The author disclaims copyright to this source code. In place of +# a legal notice, here is a blessing: +# +# May you do good and not evil. +# May you find forgiveness for yourself and forgive others. +# May you share freely, never taking more than you give. +# +#*********************************************************************** +# +# This file contains tests for the content= and content_rowid= options. +# + +source [file join [file dirname [info script]] fts5_common.tcl] +set testprefix fts5contentless3 + +# If SQLITE_ENABLE_FTS5 is defined, omit this file. +ifcapable !fts5 { + finish_test + return +} + +do_execsql_test 1.0 { + CREATE VIRTUAL TABLE ft USING fts5(x, content=, contentless_delete=1); + BEGIN; + INSERT INTO ft VALUES('one one one'); + INSERT INTO ft VALUES('two two two'); + INSERT INTO ft VALUES('three three three'); + INSERT INTO ft VALUES('four four four'); + INSERT INTO ft VALUES('five five five'); + COMMIT; + + DELETE FROM ft WHERE rowid=3; +} + +proc myhex {hex} { binary decode hex $hex } +db func myhex myhex + +do_execsql_test 1.1 { + UPDATE ft_data SET block = + myhex('04000000 00000001' || + '01020304 01020304 01020304 01020304' || + '01020304 01020304 01020304 01020304' + ) + WHERE id = (SELECT max(id) FROM ft_data); +} + +do_execsql_test 1.2 { + DELETE FROM ft WHERE rowid=1 +} + +do_execsql_test 1.3 { + SELECT rowid FROM ft('two'); +} {2} + +do_execsql_test 1.3 { + UPDATE ft_data SET block = + myhex('08000000 00000001' || + '0000000001020304 0000000001020304 0000000001020304 0000000001020304' || + '0000000001020304 0000000001020304 0000000001020304 0000000001020304' + ) + WHERE id = (SELECT max(id) FROM ft_data); +} + +do_execsql_test 1.4 { + SELECT rowid FROM ft('two'); +} {2} + +do_execsql_test 1.5 { + DELETE FROM ft WHERE rowid=4 +} + + +finish_test + diff --git a/manifest b/manifest index 658e5239df..08dc29ea64 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\stests\sand\sfixes\sfor\sthe\snew\scode\son\sthis\sbranch. -D 2023-07-20T16:07:04.821 +C Avoid\san\sinfinite\sloop\sthat\scould\sbe\sentered\swhen\sdealing\swith\scorrupt\sfts5\stombstone\shash\spages. +D 2023-07-20T20:09:26.394 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -92,7 +92,7 @@ F ext/fts5/fts5_buffer.c 3001fbabb585d6de52947b44b455235072b741038391f830d6b7292 F ext/fts5/fts5_config.c 010fabcc0aaa0dfa76b19146e8bddf7de368933eeac01e294af6607447500caa F ext/fts5/fts5_expr.c 2473c13542f463cae4b938c498d6193c90d38ea1a2a4f9849c0479736e50d24d F ext/fts5/fts5_hash.c d4fb70940359f2120ccd1de7ffe64cc3efe65de9e8995b822cd536ff64c96982 -F ext/fts5/fts5_index.c 69d44e0358de3db791165c1accbbabcb0e41b7942b12d644f3d515c9a5434386 +F ext/fts5/fts5_index.c 5b5b9944ef97bf9aa0726fdbd82552d488b6fcee32e086e6d32ea9934e1809e2 F ext/fts5/fts5_main.c ede405f0f11db562653b988d043a531daa66093b46c1b35b8fcddb54819cba84 F ext/fts5/fts5_storage.c 3c9b41fce41b6410f2e8f82eb035c6a29b2560483f773e6dc98cf3cb2e4ddbb5 F ext/fts5/fts5_tcl.c b1445cbe69908c411df8084a10b2485500ac70a9c747cdc8cda175a3da59d8ae @@ -134,6 +134,7 @@ F ext/fts5/test/fts5connect.test 08030168fc96fc278fa81f28654fb7e90566f33aff269c0 F ext/fts5/test/fts5content.test 213506436fb2c87567b8e31f6d43ab30aab99354cec74ed679f22aad0cdbf283 F ext/fts5/test/fts5contentless.test 9a42a86822670792ba632f5c57459addeb774d93b29d5e6ddae08faa64c2b6d9 F ext/fts5/test/fts5contentless2.test 12c778d134a121b8bad000fbf3ae900d53226fee840ce36fe941b92737f1fda7 +F ext/fts5/test/fts5contentless3.test db92625a2e3f9e5ba047ce8ded58c825affce45cc711ed6d7c96fe54b95894a1 F ext/fts5/test/fts5corrupt.test 77ae6f41a7eba10620efb921cf7dbe218b0ef232b04519deb43581cb17a57ebe F ext/fts5/test/fts5corrupt2.test 7453752ba12ce91690c469a6449d412561cc604b1dec994e16ab132952e7805f F ext/fts5/test/fts5corrupt3.test 7da9895dafa404efd20728f66ff4b94399788bdc042c36fe2689801bba2ccd78 @@ -2046,8 +2047,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 8d09011fa2c6ae9cc88e1766f9aad4578efbf9e0e311b8c6efdffe7a3f88f923 -R 8705dc9e0fc623331a29c540c6694db8 +P 5aac50e92e956b15367c75c20c17bc1c75e84e2752bfffe4ad0a266cb9bd3b8a +R a2bc7a639e489f4200810e70aeab413a U dan -Z 5d09d15bf916dffd1a9ed46964991145 +Z 36cb6c12a15fce5364a14d77012ed267 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 02e8325d20..87b279a730 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -5aac50e92e956b15367c75c20c17bc1c75e84e2752bfffe4ad0a266cb9bd3b8a \ No newline at end of file +69ce2ce035279f2a00c2238187cf4d2a9092c3410f5900e4613fe4e46311169e \ No newline at end of file