From fb18e82331b62c2a338d5b8f13ec446b04fad78d Mon Sep 17 00:00:00 2001 From: drh Date: Tue, 3 Sep 2019 18:43:33 +0000 Subject: [PATCH] Fix a buffer overread that could occur when running fts5 prefix queries inside a transaction. FossilOrigin-Name: 0770363b30382af76e87009192f3b59b8b089e2e2ad3dfac3392f52e78633a3b --- ext/fts5/fts5_hash.c | 4 +++- ext/fts5/test/fts5aa.test | 13 +++++++++++-- manifest | 16 ++++++++-------- manifest.uuid | 2 +- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c index 1327597ce7..69e67fa468 100644 --- a/ext/fts5/fts5_hash.c +++ b/ext/fts5/fts5_hash.c @@ -444,7 +444,9 @@ static int fts5HashEntrySort( for(iSlot=0; iSlotnSlot; iSlot++){ Fts5HashEntry *pIter; for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){ - if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){ + if( pTerm==0 + || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm)) + ){ Fts5HashEntry *pEntry = pIter; pEntry->pScanNext = 0; for(i=0; ap[i]; i++){ diff --git a/ext/fts5/test/fts5aa.test b/ext/fts5/test/fts5aa.test index 64c5331c64..43942ca598 100644 --- a/ext/fts5/test/fts5aa.test +++ b/ext/fts5/test/fts5aa.test @@ -591,9 +591,18 @@ do_execsql_test 22.1 { SELECT rowid FROM t9('a*') } {1} -} +do_execsql_test 25.0 { + CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%); +} +do_execsql_test 25.1 { + BEGIN; + INSERT INTO t13 VALUES('AAAA'); +SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*'); -finish_test + END; +} +} +finish_test diff --git a/manifest b/manifest index 2a16c720d1..a92f8aa900 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Disable\sthe\sundocumented\srtreenode()\sSQL\sfunction\sthat\sis\sonly\sused\sfor\stesting,\nexcept\swhen\sdoing\sa\sbuild\sthat\sis\sspecifically\sintended\sfor\stesting. -D 2019-09-03T17:55:55.993 +C Fix\sa\sbuffer\soverread\sthat\scould\soccur\swhen\srunning\sfts5\sprefix\squeries\sinside\sa\stransaction. +D 2019-09-03T18:43:33.704 F Makefile.in 1cc758ce3374a32425e4d130c2fe7b026b20de5b8843243de75f087c0a2661fb F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 8eeb80162074004e906b53d7340a12a14c471a83743aab975947e95ce061efcc @@ -104,7 +104,7 @@ F ext/fts5/fts5_aux.c 67acf8d51723cf28ffc3828210ba662df4b8d267 F ext/fts5/fts5_buffer.c 1dd1ec0446b3acfc2d7d407eb894762a461613e2695273f48e449bfd13e973ff F ext/fts5/fts5_config.c 5af9c360e99669d29f06492c370892394aba0857 F ext/fts5/fts5_expr.c f2825f714d91bbe62ab5820aee9ad12e0c94205b2a01725eaa9072415ae9ff1c -F ext/fts5/fts5_hash.c 534d5591f479c0999543689122ad6952823bc7c85273a0ff4f7f91d9f914a54b +F ext/fts5/fts5_hash.c d1e75e7645b3d661a2d5645c3c3d618249611d721354097d8e6b5c66ca754e2b F ext/fts5/fts5_index.c cdceac47287c66500214ee946ca871ac48027a82a0ca82177c1c6af19f181ca0 F ext/fts5/fts5_main.c 1ba0e7806886c1bc16e20d0dde1c2b535d1aeb98cbbb937c4c3e064af5ac6f03 F ext/fts5/fts5_storage.c 7750986004f3f0c94619a85ecb5dd6cbef53e5e3853488e8a906c269d4d11db6 @@ -118,7 +118,7 @@ F ext/fts5/fts5_vocab.c e44fefa7f0c1db252998af071daf06a7147e17e7 F ext/fts5/fts5parse.y a070b538e08ae9e2177d15c337ed2a3464408f0f886e746307098f746efd94ca F ext/fts5/mkportersteps.tcl 5acf962d2e0074f701620bb5308155fa1e4a63ba F ext/fts5/test/fts5_common.tcl b01c584144b5064f30e6c648145a2dd6bc440841 -F ext/fts5/test/fts5aa.test 6dd1bfa4426a8d77e8c8d447aad02515c85118b082f24053ac89802300077ff1 +F ext/fts5/test/fts5aa.test e23fcbde0fc453a3c268aac90ea28f8a80489ed49c733ba8dd6b5148ae1a5893 F ext/fts5/test/fts5ab.test 30325a89453280160106be411bba3acf138e6d1b F ext/fts5/test/fts5ac.test 55cad4275a1f5acabfe14d8442a8046b47e49e5f F ext/fts5/test/fts5ad.test 36995f0586f30f5602074e012b9224c71ec5171c @@ -1583,8 +1583,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 553a923c82e968104296253d07dc6e1219747d85ebb7b02640d33d7056418df4 -Q +7b4583f932ff0933280aa73ee69294b488f96d4f2bdc8422cd0136d944d9fb60 -R 160479229dfaf50c9c28f49f4cd87a8e +P 34cd2d929e21e41373368da846ae4ddd6385c7ba0c45410903717a07aab862a3 +Q +b3fa58dd7403dbd4d2e9f3ae23d7d1337830d6fef2aa2f137ac5174de0d5828e +R f471046159000a987d436b75b5cec47d U drh -Z ac3d589fe78ec5d9641a884a62646a8f +Z 9e3f267447b1acdc339d2688519c1ae7 diff --git a/manifest.uuid b/manifest.uuid index 06e3a0c425..80bbe50666 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -34cd2d929e21e41373368da846ae4ddd6385c7ba0c45410903717a07aab862a3 \ No newline at end of file +0770363b30382af76e87009192f3b59b8b089e2e2ad3dfac3392f52e78633a3b \ No newline at end of file -- 2.39.5