From fb11bf8c910e85ec7a4bfb518b78c47409e5b890 Mon Sep 17 00:00:00 2001 From: dan Date: Sat, 22 Dec 2018 09:39:06 +0000 Subject: [PATCH] Avoid a left-shift of a negative value (undefined behaviour) when dealing with a corrupt database in fts3. FossilOrigin-Name: b851d12474035328df8354c7da8d81bc78833c8c704153f9f573c19b47a8487e --- ext/fts3/fts3.c | 15 ++++++++------- manifest | 12 ++++++------ manifest.uuid | 2 +- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c index f6fb931dff..fd1c9a5334 100644 --- a/ext/fts3/fts3.c +++ b/ext/fts3/fts3.c @@ -338,7 +338,7 @@ int sqlite3Fts3PutVarint(char *p, sqlite_int64 v){ } #define GETVARINT_STEP(v, ptr, shift, mask1, mask2, var, ret) \ - v = (v & mask1) | ( (*ptr++) << shift ); \ + v = (v & mask1) | ( (*(ptr++)) << shift ); \ if( (v & mask2)==0 ){ var = v; return ret; } #define GETVARINT_INIT(v, ptr, shift, mask1, mask2, var, ret) \ v = (*ptr++); \ @@ -376,20 +376,21 @@ int sqlite3Fts3GetVarint(const char *pBuf, sqlite_int64 *v){ ** a non-negative 32-bit integer before it is returned. */ int sqlite3Fts3GetVarint32(const char *p, int *pi){ + const unsigned char *ptr = (const unsigned char*)p; u32 a; #ifndef fts3GetVarint32 - GETVARINT_INIT(a, p, 0, 0x00, 0x80, *pi, 1); + GETVARINT_INIT(a, ptr, 0, 0x00, 0x80, *pi, 1); #else - a = (*p++); + a = (*ptr++); assert( a & 0x80 ); #endif - GETVARINT_STEP(a, p, 7, 0x7F, 0x4000, *pi, 2); - GETVARINT_STEP(a, p, 14, 0x3FFF, 0x200000, *pi, 3); - GETVARINT_STEP(a, p, 21, 0x1FFFFF, 0x10000000, *pi, 4); + GETVARINT_STEP(a, ptr, 7, 0x7F, 0x4000, *pi, 2); + GETVARINT_STEP(a, ptr, 14, 0x3FFF, 0x200000, *pi, 3); + GETVARINT_STEP(a, ptr, 21, 0x1FFFFF, 0x10000000, *pi, 4); a = (a & 0x0FFFFFFF ); - *pi = (int)(a | ((u32)(*p & 0x07) << 28)); + *pi = (int)(a | ((u32)(*ptr & 0x07) << 28)); assert( 0==(a & 0x80000000) ); assert( *pi>=0 ); return 5; diff --git a/manifest b/manifest index 95d133ffaf..c36d3c9aec 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\scut-and-paste\serror\sin\stest\sfile\sfts4umlaut.test. -D 2018-12-22T07:16:42.310 +C Avoid\sa\sleft-shift\sof\sa\snegative\svalue\s(undefined\sbehaviour)\swhen\sdealing\swith\sa\scorrupt\sdatabase\sin\nfts3. +D 2018-12-22T09:39:06.609 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in d8b254f8bb81bab43c340d70d17dc3babab40fcc8a348c8255881f780a45fee6 @@ -80,7 +80,7 @@ F ext/fts3/README.content fdc666a70d5257a64fee209f97cf89e0e6e32b51 F ext/fts3/README.syntax a19711dc5458c20734b8e485e75fb1981ec2427a F ext/fts3/README.tokenizers e0a8b81383ea60d0334d274fadf305ea14a8c314 F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d -F ext/fts3/fts3.c 65b8489e35da23b127992c6dd6cfd382a486f8c87bf26dfa72876efe46e551bb +F ext/fts3/fts3.c 6cf87a0f51e67a0479d293a5f5b9d06568ae00da39fe8c4dcf9e8a061e353ff4 F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe F ext/fts3/fts3Int.h 3378157f383540857a466420b8279626204434c3eb0dc948ad9bcd3991fc41f5 F ext/fts3/fts3_aux.c e9b465f8469acc2cd700a90c0242912a3202e4e4e15df72d7db7f1e3a2222c85 @@ -1791,7 +1791,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P db8d1d12f5c1673404b2afb5426d5ea3afe3b69d01f8f2bc47ffdf70684fdf24 -R 6083c8e473bc24e00f67abe203289608 +P cad5da1bf5f65ad87d97b72e9a84081fde455ba4085e79943fdf6c0144b1ef83 +R fa4974486053346e3cdcc2dd08fb0e48 U dan -Z 2da30c5381c54cb5a2481b9acb3505fa +Z 02835e6986a76e8d2acf0ae4cd717ca5 diff --git a/manifest.uuid b/manifest.uuid index ea4a76856c..d074e75450 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -cad5da1bf5f65ad87d97b72e9a84081fde455ba4085e79943fdf6c0144b1ef83 \ No newline at end of file +b851d12474035328df8354c7da8d81bc78833c8c704153f9f573c19b47a8487e \ No newline at end of file -- 2.47.2