From 13a8f203d9a03e0f1dfe03225acecd93c8de3022 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Mon, 18 Nov 2019 12:04:17 +0000
Subject: [PATCH] Further improvements to shadow table corruption detection in
 FTS3.

FossilOrigin-Name: e35d8c76aae59f57cc5193f79b21b4298029bea78e1aab7af67432162ce63e00
---
 ext/fts3/fts3_write.c |  4 ++++
 manifest              | 14 +++++++-------
 manifest.uuid         |  2 +-
 test/fts3corrupt.test | 15 +++++++++++++++
 4 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index e004c0816d..621e0c22f5 100644
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -4245,6 +4245,10 @@ static int fts3IncrmergeLoad(
       pWriter->bNoLeafData = (pWriter->nLeafData==0);
       nRoot = sqlite3_column_bytes(pSelect, 4);
       aRoot = sqlite3_column_blob(pSelect, 4);
+      if( aRoot==0 ){
+        sqlite3_reset(pSelect);
+        return nRoot ? SQLITE_NOMEM : FTS_CORRUPT_VTAB;
+      }
     }else{
       return sqlite3_reset(pSelect);
     }
diff --git a/manifest b/manifest
index 18af2638dd..c34986e575 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Detect\sand\sprevent\sinfinite\srecursion\sin\sfts3SelectLeaf()\sdue\sto\sa\nmalformed\sFTS3\sbtree.
-D 2019-11-18T11:14:59.376
+C Further\simprovements\sto\sshadow\stable\scorruption\sdetection\sin\sFTS3.
+D 2019-11-18T12:04:17.276
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -99,7 +99,7 @@ F ext/fts3/fts3_tokenizer.h 64c6ef6c5272c51ebe60fc607a896e84288fcbc3
 F ext/fts3/fts3_tokenizer1.c 5c98225a53705e5ee34824087478cf477bdb7004
 F ext/fts3/fts3_unicode.c 4b9af6151c29b35ed09574937083cece7c31e911f69615e168a39677569b684d
 F ext/fts3/fts3_unicode2.c 416eb7e1e81142703520d284b768ca2751d40e31fa912cae24ba74860532bf0f
-F ext/fts3/fts3_write.c a96fd13026e5109c54f2912d755aa14988140dd0673c92a606363f3c85c5cb64
+F ext/fts3/fts3_write.c 4adce92958a8d6ab6a7f741e85cff9f939dbf8c63cc2182f9cebfcd8e61d69c8
 F ext/fts3/fts3speed.tcl b54caf6a18d38174f1a6e84219950d85e98bb1e9
 F ext/fts3/mkfts3amal.tcl 252ecb7fe6467854f2aa237bf2c390b74e71f100
 F ext/fts3/tool/fts3cov.sh c331d006359456cf6f8f953e37f2b9c7d568f3863f00bb5f7eb87fea4ac01b73
@@ -935,7 +935,7 @@ F test/fts3b.test c15c4a9d04e210d0be67e54ce6a87b927168fbf9c1e3faec8c1a732c366fd4
 F test/fts3c.test fc723a9cf10b397fdfc2b32e73c53c8b1ec02958
 F test/fts3comp1.test a0f5b16a2df44dd0b15751787130af2183167c0c
 F test/fts3conf.test c84bbaec81281c1788aa545ac6e78a6bd6cde2bdbbce2da261690e3659f5a76b
-F test/fts3corrupt.test 46b9ddda7f6588fd5a5b1f4bb4fc0618dc45010e7dddb8a3a188baf3197177ae
+F test/fts3corrupt.test ce7f7b5eaeee5f1804584d061b978d85e64abf2af9adaa7577589fac6f7eae01
 F test/fts3corrupt2.test bf55c3fa0b0dc8ea1c0fe5543623bd27714585da6a129038fd6999fe3b0d25f3
 F test/fts3corrupt3.test 0d5b69a0998b4adf868cc301fc78f3d0707745f1d984ce044c205cdb764b491f
 F test/fts3corrupt4.test 7194a07e30b2fb8a5bea1c30753cc08b4e15b774dd5c308ca5eb21a33a13c7e9
@@ -1849,7 +1849,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 10f8a3b718e0f47be528fba086c318e1dfe18ead383d01cfa24dedabad41e0a2
-R d6e38036e33b44f97183a8848e9b8c41
+P dfcf081d842629a0b177be7eb2eb8ce719324068991040a581e33ea1d5db3d27
+R 5347102bbc55d870ebcdef3818c8735d
 U drh
-Z ed73f7f3457f5dab92e5c18fdf14b9a9
+Z dc864c00d8c81c6e2eef6edc7431bbcf
diff --git a/manifest.uuid b/manifest.uuid
index 1dde6abb55..597f9c0a7c 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-dfcf081d842629a0b177be7eb2eb8ce719324068991040a581e33ea1d5db3d27
\ No newline at end of file
+e35d8c76aae59f57cc5193f79b21b4298029bea78e1aab7af67432162ce63e00
\ No newline at end of file
diff --git a/test/fts3corrupt.test b/test/fts3corrupt.test
index 664b1393b8..4019509a0e 100644
--- a/test/fts3corrupt.test
+++ b/test/fts3corrupt.test
@@ -165,5 +165,20 @@ do_catchsql_test 5.3 {
 } {1 {database disk image is malformed}}
 do_test 5.3.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
 
+# 2019-11-18 https://bugs.chromium.org/p/chromium/issues/detail?id=1025467
+# bug1
+db close
+sqlite3 db :memory:
+do_catchsql_test 6.10 {
+  CREATE VIRTUAL TABLE f using fts3(a,b);
+  CREATE TABLE f_stat(id INTEGER PRIMARY KEY, value BLOB);
+  INSERT INTO f_segdir VALUES (2000, 0,0,0, '16', '');
+  INSERT INTO f_segdir VALUES (1999, 0,0,0, '0 18',
+                               x'000131030102000103323334050101010200');
+  INSERT INTO f_segments (blockid) values (16);
+  INSERT INTO f_segments values (0, x'');
+  INSERT INTO f_stat VALUES (1,x'cf0f01');
+  INSERT INTO f(f) VALUES ("merge=1");
+} {1 {database disk image is malformed}}
 
 finish_test
-- 
2.47.2