From fa9011ec70ca6f2be38942c996d78d936cca644e Mon Sep 17 00:00:00 2001 From: dan Date: Sat, 6 Mar 2021 13:28:07 +0000 Subject: [PATCH] Fix a crash in fts3 that could occur when running a NEAR query on a corrupt database. FossilOrigin-Name: 609d94996324f3d3c12bb8cc04a2527d1d86c35cdb2267b5b34053c961158986 --- ext/fts3/fts3.c | 4 ++-- manifest | 16 ++++++++-------- manifest.uuid | 2 +- test/fts3corrupt6.test | 12 ++++++++++-- 4 files changed, 21 insertions(+), 13 deletions(-) diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c index 79dc5c88ce..50fa88db8a 100644 --- a/ext/fts3/fts3.c +++ b/ext/fts3/fts3.c @@ -5212,9 +5212,9 @@ static int fts3EvalNearTrim( ); if( res ){ nNew = (int)(pOut - pPhrase->doclist.pList) - 1; - if( nNew>=0 ){ + assert_fts3_nc( nNew<=pPhrase->doclist.nList && nNew>0 ); + if( nNew>=0 && nNew<=pPhrase->doclist.nList ){ assert( pPhrase->doclist.pList[nNew]=='\0' ); - assert( nNew<=pPhrase->doclist.nList && nNew>0 ); memset(&pPhrase->doclist.pList[nNew], 0, pPhrase->doclist.nList - nNew); pPhrase->doclist.nList = nNew; } diff --git a/manifest b/manifest index 8699339410..63af06588f 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\spossible\sNULL\spointer\sdereference\swhen\sapplying\sa\sDROP\sCOLUMN\sto\sa\ncorrupt\sdatabase\sschema.\s\sdbsqlfuzz\s419aa525df93db6e463772c686ac6da27b46da9e -D 2021-03-06T13:02:12.531 +C Fix\sa\scrash\sin\sfts3\sthat\scould\soccur\swhen\srunning\sa\sNEAR\squery\son\sa\scorrupt\sdatabase. +D 2021-03-06T13:28:07.450 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -84,7 +84,7 @@ F ext/fts3/README.content b9078d0843a094d86af0d48dffbff13c906702b4c3558012e67b9c F ext/fts3/README.syntax a19711dc5458c20734b8e485e75fb1981ec2427a F ext/fts3/README.tokenizers b92bdeb8b46503f0dd301d364efc5ef59ef9fa8e2758b8e742f39fa93a2e422d F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d -F ext/fts3/fts3.c 4809e0b05af4519ad8bfa13d684f7ad635d1390a758299d2302f7e85c48ec160 +F ext/fts3/fts3.c 7b449348226a91cc851fe969f5c1932d4f00c359a32fd17f2afea92bf875147b F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe F ext/fts3/fts3Int.h 045179f538c478ced266ca14327269cde8ad8d573c5be902230a5ebaa5636c59 F ext/fts3/fts3_aux.c 96708c8b3a7d9b8ca1b68ea2b7e503e283f20e95f145becadedfad096dbd0f34 @@ -970,7 +970,7 @@ F test/fts3corrupt2.test e318f0676e5e78d5a4b702637e2bb25265954c08a1b1e4aaf93c788 F test/fts3corrupt3.test 0d5b69a0998b4adf868cc301fc78f3d0707745f1d984ce044c205cdb764b491f F test/fts3corrupt4.test b71512ec391d39da96d60d01959e4e9f20d4237a964a94abcf5f5a2ad28378c1 F test/fts3corrupt5.test 0549f85ec4bd22e992f645f13c59b99d652f2f5e643dac75568bfd23a6db7ed5 -F test/fts3corrupt6.test b6c55218b704b0cef224b284c756f9c55d0afd0b3c3837618bffeaa8c31e0d8e +F test/fts3corrupt6.test d5896a8d389bd824457772dc1e2d2023cd5c5cf8e42733607b5d632103018d8b F test/fts3cov.test 7eacdbefd756cfa4dc2241974e3db2834e9b372ca215880e00032222f32194cf F test/fts3d.test 2bd8c97bcb9975f2334147173b4872505b6a41359a4f9068960a36afe07a679f F test/fts3defer.test f4c20e4c7153d20a98ee49ee5f3faef624fefc9a067f8d8d629db380c4d9f1de @@ -1909,7 +1909,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 83dab8b358b6832a221a58e74dd5e99b9cdea4eee65124bb6799881e867d989c -R 2ab2b4158df160ad1d5d72fc4ecf15ba -U drh -Z 305267156f6c2c6b812a01b9b3e78e2e +P 349ccf58ae4bb770805066102fc8e9e478d4da1f7a6a728223bd74eabf7b7843 +R 99ad288e4e2d388ef99aaf6ec992bb26 +U dan +Z f50a5e194b36647a536837a623a15642 diff --git a/manifest.uuid b/manifest.uuid index 005ec9e754..f669f77291 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -349ccf58ae4bb770805066102fc8e9e478d4da1f7a6a728223bd74eabf7b7843 \ No newline at end of file +609d94996324f3d3c12bb8cc04a2527d1d86c35cdb2267b5b34053c961158986 \ No newline at end of file diff --git a/test/fts3corrupt6.test b/test/fts3corrupt6.test index 9e22bdf68a..5cb0a18691 100644 --- a/test/fts3corrupt6.test +++ b/test/fts3corrupt6.test @@ -11,8 +11,6 @@ # This file implements regression tests for SQLite library. The # focus of this script is testing the FTS3 module. # -# $Id: fts3aa.test,v 1.1 2007/08/20 17:38:42 shess Exp $ -# set testdir [file dirname $argv0] source $testdir/tester.tcl @@ -54,6 +52,16 @@ do_execsql_test 1.3 { SELECT 42+matchinfo(t1,'yxyyxy') FROM t1 WHERE t1 MATCH x'2b0a312b0a312a312a2a0b5d0a0b0b0a312a0a0b0b0a312a0b310a392a0b0a27312a2a0b5d0a312a0b310a31315d0b310a312a316d2a0b313b15bceaa50a312a0b0a27312a2a0b5d0a312a0b310a312b0b2a310a312a0b2a0b2a0b2e5d0a0bff313336e34a2a312a0b0a3c310b0a0b4b4b0b4b2a4bec40322b2a0b310a0a312a0a0a0a0a0a0a0a0a0b310a312a2a2a0b5d0a0b0b0a312a0b310a312a0b0a4e4541530b310a5df5ced70a0a0a0a0a4f520a0a0a0a0a0a0a312a0b0a4e4541520b310a5d616161610a0a0a0a4f520a0a0a0a0a0a312b0a312a312a0a0a0a0a0a0a004a0b0a310b220a0b0a310a4a22310a0b0a7e6fe0e0e030e0e0e0e0e01176e02000e0e0e0e0e01131320226310a0b0a310a4a22310a0b0a310a766f8b8b4ee0e0300ae0090909090909090909090909090909090909090909090909090909090909090947aaaa540b09090909090909090909090909090909090909090909090909090909090909fae0e0f2f22164e0e0f273e07fefefef7d6dfafafafa6d6d6d6d'; } {42} +#------------------------------------------------------------------------- +reset_db +do_execsql_test 2.0 { + CREATE VIRTUAL TABLE t0 USING fts3(a); + INSERT INTO t0_segdir VALUES(0,0,0,0,'0 42',X'000131030782000103323334050100fff200010461616161050101020200000462626262050101030200'); +} +do_execsql_test 2.1 { + SELECT count(*) FROM t0 WHERE t0 MATCH '(1 NEAR 1) AND (aaaa OR 1)'; +} 1 + set sqlite_fts3_enable_parentheses $saved_sqlite_fts3_enable_parentheses finish_test -- 2.47.2