From: dan Date: Mon, 3 Feb 2025 17:54:55 +0000 (+0000) Subject: Fix a use-after-free case in fts5 provoked by fuzzdata8.db. Tcl test case pending. X-Git-Tag: version-3.49.0~10^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Ffuzz-data;p=thirdparty%2Fsqlite.git Fix a use-after-free case in fts5 provoked by fuzzdata8.db. Tcl test case pending. FossilOrigin-Name: a4962df665084e423e020be9a2834b6886a8e3feb461cff5358b61398a2a20d2 --- diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c index a8ac98b699..0b2d399f82 100644 --- a/ext/fts5/fts5_index.c +++ b/ext/fts5/fts5_index.c @@ -5466,8 +5466,11 @@ static void fts5DoSecureDelete( ** This is called as part of flushing a delete to disk in 'secure-delete' ** mode. It edits the segments within the database described by argument ** pStruct to remove the entries for term zTerm, rowid iRowid. +** +** Return SQLITE_OK if successful, or an SQLite error code if an error +** has occurred. Any error code is also stored in the Fts5Index handle. */ -static void fts5FlushSecureDelete( +static int fts5FlushSecureDelete( Fts5Index *p, Fts5Structure *pStruct, const char *zTerm, @@ -5512,6 +5515,7 @@ static void fts5FlushSecureDelete( } fts5MultiIterFree(pIter); + return p->rc; } @@ -5595,8 +5599,9 @@ static void fts5FlushOneHash(Fts5Index *p){ ** using fts5FlushSecureDelete(). */ if( bSecureDelete ){ if( eDetail==FTS5_DETAIL_NONE ){ - if( iOffrc!=SQLITE_OK || pDoclist[iOff]==0x01 ){ iOff++; continue; diff --git a/manifest b/manifest index 4d31836afa..427775cda2 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C New\stest\scase\sfor\stest/fuzzdata8.db -D 2025-02-03T17:45:41.279 +C Fix\sa\suse-after-free\scase\sin\sfts5\sprovoked\sby\sfuzzdata8.db.\sTcl\stest\scase\spending. +D 2025-02-03T17:54:55.366 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md e108e1e69ae8e8a59e93c455654b8ac9356a11720d3345df2a4743e9590fb20d @@ -112,7 +112,7 @@ F ext/fts5/fts5_buffer.c 0eec58bff585f1a44ea9147eae5da2447292080ea435957f7488c70 F ext/fts5/fts5_config.c e7d8dd062b44a66cd77e5a0f74f23a2354cd1f3f8575afb967b2773c3384f7f8 F ext/fts5/fts5_expr.c 69b8d976058512c07dfe86e229521b7a871768157bd1607cedf1a5038dfd72c9 F ext/fts5/fts5_hash.c adda4272be401566a6e0ba1acbe70ee5cb97fce944bc2e04dc707152a0ec91b1 -F ext/fts5/fts5_index.c f1f6da5938af616e0a5e54f0423a3134df95b9f17ac1c6ebf2e2e8132bbc75b9 +F ext/fts5/fts5_index.c 3f04b9bbcb211ad52c466396eb8de4a76506d08db31eb017df1eb69c02b6c5b3 F ext/fts5/fts5_main.c 9a1daef7247f9b8a50b4159323e340efa6b0e4bea4fcd83580480f94d4f2c888 F ext/fts5/fts5_storage.c 1ad05dab4830a4e2eaf2900bb143477f93bc17437093582f36f4b818809e88d8 F ext/fts5/fts5_tcl.c 7fb5a3d3404099075aaa2457307cb459bbc257c0de3dbd52b1e80a5b503e0329 @@ -2205,11 +2205,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7 F tool/warnings.sh 49a486c5069de041aedcbde4de178293e0463ae9918ecad7539eedf0ec77a139 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P d2fe6b05f38d9d7cd78c5d252e99ac59f1aea071d669830c1ffe4e8966e84010 -R 02fce09966e6e21a0a59cdeb994f84e8 -T *branch * fuzz-data -T *sym-fuzz-data * -T -sym-trunk * -U drh -Z b5d75fe3951f12b9fb4038728f5d0116 +P 8a882f976e22100b91c7ca4119123f16ad5f03311f0a6dc17449bcdcff29618c +R 31351815235c0913d39613cb0514c8c6 +U dan +Z cc507b6dc0a3473a2a3bc1fa7ec940f9 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 8024622a5d..a6434c556d 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -8a882f976e22100b91c7ca4119123f16ad5f03311f0a6dc17449bcdcff29618c +a4962df665084e423e020be9a2834b6886a8e3feb461cff5358b61398a2a20d2