From: dan <dan@noemail.net>
Date: Mon, 12 Oct 2020 18:09:16 +0000 (+0000)
Subject: Fix some fts5 problems with signed integer overflow causing segfaults in -ftrapv... 
X-Git-Tag: version-3.34.0~60
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f6b0464e3662ba06a2dafc39df6826a9b804e9f7;p=thirdparty%2Fsqlite.git

Fix some fts5 problems with signed integer overflow causing segfaults in -ftrapv builds.

FossilOrigin-Name: 7e17c2f4b7dc9b563d0b4da949bb134dc7c4fc9c86ce03891432a884ca6409d5
---

diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c
index 02ae0495e1..0f4651a83f 100644
--- a/ext/fts5/fts5_hash.c
+++ b/ext/fts5/fts5_hash.c
@@ -338,8 +338,9 @@ int sqlite3Fts5HashWrite(
   /* If this is a new rowid, append the 4-byte size field for the previous
   ** entry, and the new rowid for this entry.  */
   if( iRowid!=p->iRowid ){
+    u64 iDiff = (u64)iRowid - (u64)p->iRowid;
     fts5HashAddPoslistSize(pHash, p, 0);
-    p->nData += sqlite3Fts5PutVarint(&pPtr[p->nData], iRowid - p->iRowid);
+    p->nData += sqlite3Fts5PutVarint(&pPtr[p->nData], iDiff);
     p->iRowid = iRowid;
     bNew = 1;
     p->iSzPoslist = p->nData;
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 7830dd52c3..d109a4c176 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -1754,7 +1754,7 @@ static void fts5SegIterReverseInitPage(Fts5Index *p, Fts5SegIter *pIter){
 
   ASSERT_SZLEAF_OK(pIter->pLeaf);
   while( 1 ){
-    i64 iDelta = 0;
+    u64 iDelta = 0;
 
     if( eDetail==FTS5_DETAIL_NONE ){
       /* todo */
@@ -1769,7 +1769,7 @@ static void fts5SegIterReverseInitPage(Fts5Index *p, Fts5SegIter *pIter){
       i += nPos;
     }
     if( i>=n ) break;
-    i += fts5GetVarint(&a[i], (u64*)&iDelta);
+    i += fts5GetVarint(&a[i], &iDelta);
     pIter->iRowid += iDelta;
 
     /* If necessary, grow the pIter->aRowidOffset[] array. */
@@ -1868,7 +1868,7 @@ static void fts5SegIterNext_Reverse(
   if( pIter->iRowidOffset>0 ){
     u8 *a = pIter->pLeaf->p;
     int iOff;
-    i64 iDelta;
+    u64 iDelta;
 
     pIter->iRowidOffset--;
     pIter->iLeafOffset = pIter->aRowidOffset[pIter->iRowidOffset];
@@ -1877,7 +1877,7 @@ static void fts5SegIterNext_Reverse(
     if( p->pConfig->eDetail!=FTS5_DETAIL_NONE ){
       iOff += pIter->nPos;
     }
-    fts5GetVarint(&a[iOff], (u64*)&iDelta);
+    fts5GetVarint(&a[iOff], &iDelta);
     pIter->iRowid -= iDelta;
   }else{
     fts5SegIterReverseNewPage(p, pIter);
diff --git a/manifest b/manifest
index b3d486b626..23e773aedf 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Improved\squoting\sof\sthe\stable\sname\sargument\sfor\sthe\s".import"\scommand\nof\sthe\sCLI.\s\sSee\s[forum:34591fefbe|forum\spost\s34591fefbe].
-D 2020-10-12T17:57:29.071
+C Fix\ssome\sfts5\sproblems\swith\ssigned\sinteger\soverflow\scausing\ssegfaults\sin\s-ftrapv\sbuilds.
+D 2020-10-12T18:09:16.954
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -117,8 +117,8 @@ F ext/fts5/fts5_aux.c dcc627d8b6e3fc773db528ff67b39955dab7b51628f9dba8e15849e5be
 F ext/fts5/fts5_buffer.c 5a5fe0159752c0fb0a5a93c722e9db2662822709490769d482b76a6dc8aaca70
 F ext/fts5/fts5_config.c be54f44fca491e96c6923a4b9a736f2da2b13811600eb6e38d1bcc91c4ea2e61
 F ext/fts5/fts5_expr.c e527e3a7410393075598cec544e3831798a8c88b3e8878e2cfb7cb147113e925
-F ext/fts5/fts5_hash.c 15bffa734fbdca013b2289c6f8827a3b935ef14bd4dde5837d31a75434c00627
-F ext/fts5/fts5_index.c 255d3ce3fec28be11c533451e5b23bd79e71a13a1b120f3658b34fff6b097816
+F ext/fts5/fts5_hash.c 1aa93c9b5f461afba66701ee226297dc78402b3bdde81e90a10de5fe3df14959
+F ext/fts5/fts5_index.c fb8ed13cb8f2ddeb80ea6ade6e35d59b0bc01b9bd741f7e60a1c58a92877d5d7
 F ext/fts5/fts5_main.c b4e4931c7fcc9acfa0c3b8b5e5e80b5b424b8d9207aae3a22b674bd35ccf149d
 F ext/fts5/fts5_storage.c 58ba71e6cd3d43a5735815e7956ee167babb4d2cbfe206905174792af4d09d75
 F ext/fts5/fts5_tcl.c 39bcbae507f594aad778172fa914cad0f585bf92fd3b078c686e249282db0d95
@@ -1882,7 +1882,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 57123b14a71027c21cb5eee089fcbc9330d07bf9091b01aecc4f9e3b9e4f7b09
-R 2333480afe2a6d7122f35f3cc8e2aca4
-U drh
-Z cf995dab585b2ea13b07668ba4170693
+P ce97b56d63d6e03b909e049a0a62251d98c7bf643448193a28b42a5871899387
+R 33ec89eec38aa79a3f5fd2c8483f5719
+U dan
+Z 12327d27313228882fdf8580d5e9a9ec
diff --git a/manifest.uuid b/manifest.uuid
index a35b64b9f2..c5eb8c9d47 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-ce97b56d63d6e03b909e049a0a62251d98c7bf643448193a28b42a5871899387
\ No newline at end of file
+7e17c2f4b7dc9b563d0b4da949bb134dc7c4fc9c86ce03891432a884ca6409d5
\ No newline at end of file