From: drh <>
Date: Sat, 27 Jun 2026 20:18:46 +0000 (+0000)
Subject: Put reasonable input limits on the (non-deliverable and obsolete)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9aee8330962806f940fe19a1e85aae90960c3484;p=thirdparty%2Fsqlite.git

Put reasonable input limits on the (non-deliverable and obsolete)
amatch.c extension.
[bugs:/info/2026-06-27T19:15:11Z|Bug 2026-06-27T19:15:11Z]

FossilOrigin-Name: 2fe1366e649ddd964153059b3c33b380af1924afb59210ac3311fd7bc8af5922
---

diff --git a/ext/misc/amatch.c b/ext/misc/amatch.c
index cdc504a614..7c0919d492 100644
--- a/ext/misc/amatch.c
+++ b/ext/misc/amatch.c
@@ -189,16 +189,16 @@ struct amatch_avl {
   amatch_avl *pBefore;  /* Other elements less than zKey */
   amatch_avl *pAfter;   /* Other elements greater than zKey */
   amatch_avl *pUp;      /* Parent element */
-  short int height;     /* Height of this node.  Leaf==1 */
-  short int imbalance;  /* Height difference between pBefore and pAfter */
+  int height;           /* Height of this node.  Leaf==1 */
+  int imbalance;        /* Height difference between pBefore and pAfter */
 };
 
 /* Recompute the amatch_avl.height and amatch_avl.imbalance fields for p.
 ** Assume that the children of p have correct heights.
 */
 static void amatchAvlRecomputeHeight(amatch_avl *p){
-  short int hBefore = p->pBefore ? p->pBefore->height : 0;
-  short int hAfter = p->pAfter ? p->pAfter->height : 0;
+  int hBefore = p->pBefore ? p->pBefore->height : 0;
+  int hAfter = p->pAfter ? p->pAfter->height : 0;
   p->imbalance = hBefore - hAfter;  /* -: pAfter higher.  +: pBefore higher */
   p->height = (hBefore>hAfter ? hBefore : hAfter)+1;
 }
@@ -459,6 +459,8 @@ typedef int amatch_langid;
 #define AMATCH_MX_LENGTH          50  /* Maximum length of a rule string */
 #define AMATCH_MX_LANGID  2147483647  /* Maximum rule ID */
 #define AMATCH_MX_COST          1000  /* Maximum single-rule cost */
+#define AMATCH_MX_WORD          1000  /* Maximum length of a word */
+
 
 /*
 ** A match or partial match
@@ -469,8 +471,8 @@ struct amatch_word {
   amatch_avl sWord;     /* Linkage of this node into the word tree */
   amatch_cost rCost;    /* Cost of the match so far */
   int iSeq;             /* Sequence number */
+  int nMatch;           /* Input characters matched */
   char zCost[10];       /* Cost key (text rendering of rCost) */
-  short int nMatch;     /* Input characters matched */
   char zWord[4];        /* Text of the word.  Extra space appended as needed */
 };
 
@@ -1076,7 +1078,7 @@ static void amatchAddWord(
   pWord->rCost = rCost;
   pWord->iSeq = pCur->nWord++;
   amatchWriteCost(pWord);
-  pWord->nMatch = (short)nMatch;
+  pWord->nMatch = nMatch;
   pWord->pNext = pCur->pAllWords;
   pCur->pAllWords = pWord;
   pWord->sCost.zKey = pWord->zCost;
@@ -1256,6 +1258,7 @@ static int amatchFilter(
   amatch_cursor *pCur = (amatch_cursor *)pVtabCursor;
   const char *zWord = "*";
   int idx;
+  int rc = SQLITE_OK;
 
   amatchClearCursor(pCur);
   idx = 0;
@@ -1273,10 +1276,13 @@ static int amatchFilter(
   }
   pCur->zInput = sqlite3_mprintf("%s", zWord);
   if( pCur->zInput==0 ) return SQLITE_NOMEM;
+  if( strlen(pCur->zInput)>AMATCH_MX_WORD ){
+    pCur->zInput[AMATCH_MX_WORD] = 0;
+    rc = SQLITE_TOOBIG;
+  }
   amatchAddWord(pCur, 0, 0, "", "");
   amatchNext(pVtabCursor);
-
-  return SQLITE_OK;
+  return rc;
 }
 
 /*
diff --git a/manifest b/manifest
index 5e3271c724..89228ef52e 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Improved\sdetection\sof\sCTEs\sbeing\smisused\sas\stable-valued\sfunctions.\nRemove\san\sincorrect\sassert()\sfrom\scheck-in\s[716782abe939083b].
-D 2026-06-27T16:07:17.079
+C Put\sreasonable\sinput\slimits\son\sthe\s(non-deliverable\sand\sobsolete)\namatch.c\sextension.\n[bugs:/info/2026-06-27T19:15:11Z|Bug\s2026-06-27T19:15:11Z]
+D 2026-06-27T20:18:46.100
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -360,7 +360,7 @@ F ext/jni/src/tests/000-000-sanity.test c3427a0e0ac84d7cbe4c95fdc1cd4b61f9ddcf43
 F ext/jni/src/tests/000-001-ignored.test e17e874c6ab3c437f1293d88093cf06286083b65bf162317f91bbfd92f961b70
 F ext/jni/src/tests/900-001-fts.test bf0ce17a8d082773450e91f2388f5bbb2dfa316d0b676c313c637a91198090f0
 F ext/misc/README.md 6243cdc4d7eb791c41ef0716f3980b8b5f6aa8c61ff76a3958cbf0031c6ebfa7
-F ext/misc/amatch.c 972a250631d481f38736b46740bf7f5c9646a0f2bb53800543299a746ff1bac6
+F ext/misc/amatch.c 09a39f0bb7c53997752470a897a082c67090230796c9fca0d59fc51fb038ca6d
 F ext/misc/anycollseq.c 5ffdfde9829eeac52219136ad6aa7cd9a4edb3b15f4f2532de52f4a22525eddb
 F ext/misc/appendvfs.c 9642c7a194a2a25dca7ad3e36af24a0a46d7702168c4ad7e59c9f9b0e16a3824
 F ext/misc/base64.c 1445761667c16356e827fc6418294c869468be934429aaa8315035e76dd58acf
@@ -2209,8 +2209,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P a4472a17e878fce92d88c1db08e7e390df25f6699e801602cc725cbfdb836e9e
-R c34b67c3e743b26b86cd20a1050d5968
+P ca197caec7b2b4fd71a9853bb2452b7ce7dd2fbb1bbc871aa375558e53c216f7
+R a8704575bf984a3097e70dd77605a8b9
 U drh
-Z cb7880e5c587089698ad32525c391a4e
+Z e07002d4e89760641f81f1792b0e0d25
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 847973a4c4..4f93d51f6c 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-ca197caec7b2b4fd71a9853bb2452b7ce7dd2fbb1bbc871aa375558e53c216f7
+2fe1366e649ddd964153059b3c33b380af1924afb59210ac3311fd7bc8af5922