From a864ac1c5a11fcc7cfb980dc565ec66c9b63445d Mon Sep 17 00:00:00 2001
From: dan <Dan Kennedy>
Date: Sat, 9 Nov 2024 17:54:51 +0000
Subject: [PATCH] Fix a case in fts3 where a corrupt database record was not
 being handled correctly.

FossilOrigin-Name: cbcb53759b9510379e2159d14b73c9746e611df550b0bd05887bd4a480b519a8
---
 ext/fts3/fts3.c        |  5 +++
 manifest               | 16 ++++-----
 manifest.uuid          |  2 +-
 test/fts3corrupt7.test | 75 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 89 insertions(+), 9 deletions(-)

diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index e2174e6e3d..e58f256a48 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -2344,10 +2344,15 @@ static int fts3PoslistPhraseMerge(
   if( *p1==POS_COLUMN ){ 
     p1++;
     p1 += fts3GetVarint32(p1, &iCol1);
+    /* iCol1==0 indicates corruption. Column 0 does not have a POS_COLUMN
+    ** entry, so this is actually end-of-doclist. */
+    if( iCol1==0 ) return 0;
   }
   if( *p2==POS_COLUMN ){ 
     p2++;
     p2 += fts3GetVarint32(p2, &iCol2);
+    /* As above, iCol2==0 indicates corruption. */
+    if( iCol2==0 ) return 0;
   }
 
   while( 1 ){
diff --git a/manifest b/manifest
index b458d79dd1..7523e7ff64 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sdeps\sproblem,\sintroduced\sin\s[1bd9de719],\swhich\sbreaks\sthe\sbuild\son\ssystems\swhere\sHAVE_TCL=0.
-D 2024-11-09T14:34:20.060
+C Fix\sa\scase\sin\sfts3\swhere\sa\scorrupt\sdatabase\srecord\swas\snot\sbeing\shandled\scorrectly.
+D 2024-11-09T17:54:51.146
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md e108e1e69ae8e8a59e93c455654b8ac9356a11720d3345df2a4743e9590fb20d
@@ -76,7 +76,7 @@ F ext/fts3/README.content b9078d0843a094d86af0d48dffbff13c906702b4c3558012e67b9c
 F ext/fts3/README.syntax a19711dc5458c20734b8e485e75fb1981ec2427a
 F ext/fts3/README.tokenizers b92bdeb8b46503f0dd301d364efc5ef59ef9fa8e2758b8e742f39fa93a2e422d
 F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d
-F ext/fts3/fts3.c 070d6fec098d49d9b9572c6cd07fd7b82b8b33bf301514638f72dac8ad5a71ce
+F ext/fts3/fts3.c 9f8ce82bbf4ec0636e6170e58f17b04817fa4c39b2d5126ac06f005d485f6d5e
 F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe
 F ext/fts3/fts3Int.h 968f7d7cae541a6926146e9fd3fb2b2ccbd3845b7890a8ed03de0c06ac776682
 F ext/fts3/fts3_aux.c 7eab82a9cf0830f6551ba3abfdbe73ed39e322a4d3940ee82fbf723674ecd9f3
@@ -1189,7 +1189,7 @@ F test/fts3corrupt3.test 0d5b69a0998b4adf868cc301fc78f3d0707745f1d984ce044c205cd
 F test/fts3corrupt4.test c7f414fe29b97a478d15c90382c4ae077a2bbd2283bf8c63bf66dadaaed3edb8
 F test/fts3corrupt5.test 0549f85ec4bd22e992f645f13c59b99d652f2f5e643dac75568bfd23a6db7ed5
 F test/fts3corrupt6.test f417c910254f32c0bc9ead7affa991a1d5aec35b3b32a183ffb05eea78289525
-F test/fts3corrupt7.test ad11123257c9ee70b704c4534095e7c3032dd25ad78d5324f54b0b05970cdbec
+F test/fts3corrupt7.test 1da31776e24bb91d3c028e663456b61280b121a74496ccf2fef3fe33790ad2b0
 F test/fts3cov.test 7eacdbefd756cfa4dc2241974e3db2834e9b372ca215880e00032222f32194cf
 F test/fts3d.test 2bd8c97bcb9975f2334147173b4872505b6a41359a4f9068960a36afe07a679f
 F test/fts3defer.test f4c20e4c7153d20a98ee49ee5f3faef624fefc9a067f8d8d629db380c4d9f1de
@@ -2198,8 +2198,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh 49a486c5069de041aedcbde4de178293e0463ae9918ecad7539eedf0ec77a139
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P ada7b36c37c59ea02e54462b0eb8b93ff6ab45863edfd67b19f1e1a7bb2f97de
-R bf8863b8add1d028b446d64a9e7551d4
-U stephan
-Z 22d08ab5c31638260d1b0957cd0fc1f8
+P 7953a8bdcba7242c98f786283270d7b3f8830058a29f2d810457eef697855325
+R dc6de33b7db28edd8329e8f40b308bbe
+U dan
+Z 426b1d51434e7f07ff383bb0a9b3ae87
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 13fe96534d..675d0be210 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-7953a8bdcba7242c98f786283270d7b3f8830058a29f2d810457eef697855325
+cbcb53759b9510379e2159d14b73c9746e611df550b0bd05887bd4a480b519a8
diff --git a/test/fts3corrupt7.test b/test/fts3corrupt7.test
index 2634047642..6cf9c9a9dc 100644
--- a/test/fts3corrupt7.test
+++ b/test/fts3corrupt7.test
@@ -202,4 +202,79 @@ do_catchsql_test 1.1 {
   SELECT offsets(t1) FROM t1 WHERE t1 MATCH 'rtree NEAR rtree NEAR "json1 enable"';
 } {0 {}}
 
+#-------------------------------------------------------------------------
+reset_db
+do_test 1.0 {
+  sqlite3 db {}
+  db deserialize [decode_hexdb {
+| size 24576 pagesize 4096 filename crash-10b0f1037e9c85.db
+| page 1 offset 0
+|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
+|     16: 10 00 00 00 00 40 20 20 00 00 00 01 00 00 00 07   .....@  ........
+|     32: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00   ................
+|     80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01   ................
+|     96: 00 2e 82 40 0d 00 00 00 06 00 00 00 0f 8d 0f 21   ...@...........!
+|    112: 0e b9 0d c8 0e 7e 0d a4 00 00 00 00 00 00 00 00   .....~..........
+|   3488: 00 00 00 00 21 ff 06 17 10 10 01 30 74 61 62 6c   ....!......0tabl
+|   3504: 65 74 32 74 32 00 43 52 45 41 54 45 20 54 41 42   et2t2.CREATE TAB
+|   3520: 4c 45 20 74 32 28 70 29 81 33 00 07 17 1f 1f 01   LE t2(p).3......
+|   3536: 82 35 74 61 62 6c 65 74 31 5f 73 65 67 64 69 72   .5tablet1_segdir
+|   3552: 74 31 5f 73 65 67 64 69 72 05 43 52 45 41 54 45   t1_segdir.CREATE
+|   3568: 20 54 41 42 4c 45 20 27 74 31 5f 73 65 67 64 69    TABLE 't1_segdi
+|   3584: 72 27 28 6c 65 76 65 6c 20 09 4e 50 45 47 45 50   r'(level .NPEGEP
+|   3600: 2c 69 64 78 20 09 4e 50 45 47 45 50 2c 73 74 61   ,idx .NPEGEP,sta
+|   3616: 72 74 5f 62 6c 6f 63 6b 20 09 4e 50 45 47 45 50   rt_block .NPEGEP
+|   3632: 2c 6c 65 61 76 65 73 5f 65 6e 64 5f 62 6c 6f 63   ,leaves_end_bloc
+|   3648: 6b 20 09 4e 50 45 47 45 50 2c 65 6e 64 5f 62 6c   k .NPEGEP,end_bl
+|   3664: 6f 63 6b 20 09 4e 50 45 47 45 50 2c 72 6f 6f 74   ock .NPEGEP,root
+|   3680: 20 42 0c 4f 42 2c 50 52 49 4d 41 52 59 20 4b 45    B.OB,PRIMARY KE
+|   3696: 59 28 6c 65 76 65 6c 2c 20 69 64 78 29 29 31 00   Y(level, idx))1.
+|   3712: 06 17 45 1f 01 00 00 00 00 00 00 73 71 6c 69 74   ..E........sqlit
+|   3728: 65 5f 61 75 74 6f 69 6e 64 65 78 5f 74 31 5f 73   e_autoindex_t1_s
+|   3744: 65 67 64 69 72 5f 31 00 00 00 00 00 00 00 00 00   egdir_1.........
+|   3760: 06 00 00 00 00 00 00 00 00 66 00 07 17 23 23 01   .........f...##.
+|   3776: 81 13 74 61 62 6c 65 74 31 5f 73 65 67 6d 65 6e   ..tablet1_segmen
+|   3792: 74 73 74 31 5f 73 65 67 6d 65 6e 74 73 00 43 52   tst1_segments.CR
+|   3808: 45 41 54 45 20 54 41 42 4c 45 20 27 74 31 5f 73   EATE TABLE 't1_s
+|   3824: 65 67 6d 65 6e 74 73 27 28 0c 6f 63 6b 09 64 0a   egments'(.ock.d.
+|   3840: 20 09 4e 50 45 47 45 50 20 50 50 09 04 31 50 09    .NPEGEP PP..1P.
+|   3856: 20 0b 45 09 0c 20 62 0c 6f 63 6b 20 42 0c 4f 42    .E.. b.ock B.OB
+|   3872: 29 6a 00 07 17 20 20 01 81 1f 74 61 62 6c 65 74   )j...  ...tablet
+|   3888: 31 5f 63 6f 6e 74 65 6e 74 74 31 5f 63 6f 6e 74   1_contentt1_cont
+|   3904: 65 6e 74 00 43 52 45 41 54 45 20 54 41 42 4c 45   ent.CREATE TABLE
+|   3920: 20 27 74 31 5f 63 6f 6e 74 65 6e 74 27 28 64 6f    't1_content'(do
+|   3936: 09 64 20 09 4e 50 45 47 45 50 20 50 50 09 0d 0c   .d .NPEGEP PP...
+|   3952: 50 09 20 0b 45 09 0c 20 27 03 03 01 27 0c 20 0a   P. .E.. '...'. .
+|   3968: 27 03 01 02 27 0c 20 27 03 02 03 27 29 38 00 06   '...'. '...')8..
+|   3984: 17 10 10 08 5f 74 61 62 6c 65 74 31 74 31 43 52   ...._tablet1t1CR
+|   4000: 45 41 54 45 20 56 49 52 54 55 41 4c 20 54 41 42   EATE VIRTUAL TAB
+|   4016: 4c 45 20 74 31 20 55 53 49 4e 47 20 66 74 73 33   LE t1 USING fts3
+| page 5 offset 16384
+|      0: 0d 00 00 00 02 00 00 00 00 00 0b a0 00 00 00 00   ................
+|   2976: 82 0a 02 08 00 00 00 00 17 84 06 00 00 00 00 00   ................
+|   2992: 00 01 00 04 00 00 00 00 00 08 00 00 00 00 00 00   ................
+|   3008: 00 00 03 00 00 00 00 01 00 03 00 00 00 00 01 00   ................
+|   3024: 03 00 00 00 00 07 00 00 00 00 00 00 00 03 00 00   ................
+|   3040: 00 00 08 00 00 00 00 00 00 00 00 03 00 00 00 00   ................
+|   3056: 06 00 00 00 00 00 00 03 00 00 00 00 04 00 00 00   ................
+|   3072: 00 03 00 00 00 00 06 65 6e 61 62 6c 65 09 25 09   .......enable.%.
+|   3088: 05 04 04 04 04 00 00 00 08 00 00 00 00 00 00 00   ................
+|   3104: 00 03 00 00 00 00 04 00 00 00 00 03 00 00 00 00   ................
+|   3120: 01 00 03 00 00 00 00 03 00 00 00 03 00 00 00 00   ................
+|   3136: 06 00 00 00 00 00 00 03 00 00 00 00 05 6a 73 6f   .............jso
+|   3152: 6e 31 03 25 13 00 00 04 00 00 00 00 03 00 00 00   n1.%............
+|   3168: 00 03 00 00 00 03 00 00 00 00 05 00 00 00 00 00   ................
+|   3184: 03 00 00 00 00 04 00 00 00 00 03 00 00 00 00 04   ................
+|   3200: 00 00 00 00 03 00 00 00 00 05 72 74 72 65 65 03   ..........rtree.
+|   3216: 25 01 00 0d 0a 07 08 01 ff ff ff ff ff 01 00 00   %...............
+| page 6 offset 20480
+|      0: 0a 00 00 00 02 00 00 00 0f fb 0f f5 00 00 00 00   ................
+|   4080: 00 00 00 00 00 05 04 09 00 01 02 04 00 00 00 00   ................
+| end crash-10b0f1037e9c85.db
+}]} {}
+
+do_catchsql_test 2.1 {
+  SELECT 0 FROM t1 WHERE t1 MATCH 'rtree NEAR rtree"json1 enable"';
+} {1 {database disk image is malformed}}
+
 finish_test
-- 
2.47.2