Fix another buffer overread in fts5 when processing corrupt records. Bug [bugs:/info...

FossilOrigin-Name: 8ba5acabf9a0273ffbc2ba0bacc7f0b000690db91081858e4e563d6cbeeb4e7a

diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 6bc11c44b12f2d5faa1e971d7525a1315c890df2..468bd2e10c8e07b6edb6e75e90670ffdad27dcad 100644 (file)
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -8571,7 +8571,7 @@ static void fts5IndexIntegrityCheckSegment(
         /* Check any rowid-less pages that occur before the current leaf. */
         for(iPg=iPrevLeaf+1; iPg<fts5DlidxIterPgno(pDlidx); iPg++){
           iKey = FTS5_SEGMENT_ROWID(iSegid, iPg);
-          pLeaf = fts5DataRead(p, iKey);
+          pLeaf = fts5LeafRead(p, iKey);
           if( pLeaf ){
             if( fts5LeafFirstRowidOff(pLeaf)!=0 ) FTS5_CORRUPT_ROWID(p, iKey);
             fts5DataRelease(pLeaf);
@@ -8582,7 +8582,7 @@ static void fts5IndexIntegrityCheckSegment(
         /* Check that the leaf page indicated by the iterator really does
         ** contain the rowid suggested by the same. */
         iKey = FTS5_SEGMENT_ROWID(iSegid, iPrevLeaf);
-        pLeaf = fts5DataRead(p, iKey);
+        pLeaf = fts5LeafRead(p, iKey);
         if( pLeaf ){
           i64 iRowid;
           int iRowidOff = fts5LeafFirstRowidOff(pLeaf);

diff --git a/ext/fts5/test/fts5corruptA.test b/ext/fts5/test/fts5corruptA.test
index 4334f520ac4e4e8a3a350aec5bf31eed77bd7f19..f44e9a94577c2c68cc74fc9ba6af2d8923742cb3 100644 (file)
--- a/ext/fts5/test/fts5corruptA.test
+++ b/ext/fts5/test/fts5corruptA.test
@@ -230,6 +230,13 @@ foreach leaf $lLeaf {
     }
     set {} {}
   } {}
+
+  do_test 5.1.$leaf.2 {
+    catchsql {
+      PRAGMA integrity_check;
+    }
+    set {} {}
+  } {}
 }
 
 sqlite3_fts5_may_be_corrupt 0

diff --git a/manifest b/manifest
index fea3cd72f1d13f9993e3c445d06b1358c6fabf5c..d5bdf6b7f1f78ebc6c748e915d33879f3f555bb4 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sbuffer\soverread\sthat\scould\soccur\sin\sfts5\swhen\sprocessing\scorrupt\srecords.\sBug\s[bugs:/info/2026-06-08T11:15:52Z\s|\s2026-06-08T11:15:52Z]
-D 2026-06-08T15:20:49.700
+C Fix\sanother\sbuffer\soverread\sin\sfts5\swhen\sprocessing\scorrupt\srecords.\sBug\s[bugs:/info/2026-06-08T16:03:39Z\s|\s2026-06-08T16:03:39Z\s].
+D 2026-06-08T17:48:00.893
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -114,7 +114,7 @@ F ext/fts5/fts5_buffer.c dcc3f0352339fe79c9d8abbc1c2009bc3469206467880bf43558447
 F ext/fts5/fts5_config.c bfba970fe1e4eed18ee57c8d51458e226db9a960ddf775c5e50e3d76603a667e
 F ext/fts5/fts5_expr.c 20e41452e4f83899a3a1bc66d018701186a0bbbc3a1a524f8cae447e0b150f05
 F ext/fts5/fts5_hash.c d5871df92ce3fa210a650cf419ee916b87c29977e86084d06612edf772bff6f5
-F ext/fts5/fts5_index.c c1de5d6f756681ec36943067ca00230423b3bcd094b06b6fe303e45e66fc3390
+F ext/fts5/fts5_index.c eabe4a6392cabb78bb0901b00b2eede6423a282823babe3d215366997bae5bc7
 F ext/fts5/fts5_main.c b0fed47b3b4420ba6810373480a75bc28a9c0b7d16478d19a396436fb3ff17d7
 F ext/fts5/fts5_storage.c 19bc7c4cbe1e6a2dd9849ef7d84b5ca1fcbf194cefc3e386b901e00e08bf05c2
 F ext/fts5/fts5_tcl.c 2be6cc14f9448f720fd4418339cd202961a0801ea9424cb3d9de946f8f5a051c
@@ -170,7 +170,7 @@ F ext/fts5/test/fts5corrupt6.test 2d72db743db7b5d9c9a6d0cfef24d799ed1aa5e8192b66
 F ext/fts5/test/fts5corrupt7.test 9664c15360e8b649ad76f457a0bbf5a7271b8eff1a8ee141ea039bc63240c934
 F ext/fts5/test/fts5corrupt8.test 0b10750caf8aa23fa1c379ca4caf6130d41454505e4d5315590f4061eedcbe44
 F ext/fts5/test/fts5corrupt9.test 4253b9b59f33effac8b67da72ec34309c738aca2d5e8e2656bfbbd6a489a1dfe
-F ext/fts5/test/fts5corruptA.test 2de1281f42e894ca98c982348fd6ea68fc345935aa7c9dfc0c52aa5e7c14ee75
+F ext/fts5/test/fts5corruptA.test 469571adb09d10c7a68d84b73ab7b4ea9e7f119d9b754a85b802e33976b62ea7
 F ext/fts5/test/fts5corruptbig.test 9f95b40fa36e292feceab02b2ef06e21878bfa1ac7afefa138aae05518b51774
 F ext/fts5/test/fts5delete.test 2a5008f8b1174ef41d1974e606928c20e4f9da77d9f8347aed818994d89cced4
 F ext/fts5/test/fts5detail.test 54015e9c43ec4ba542cfb93268abdf280e0300f350efd08ee411284b03595cc4
@@ -2208,8 +2208,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 9c018b02dbfb071c748d540ad679a4dbdc0fb88a62988e02cb51a3403509febe
-R c8d6f28c71925d449fb0b28905996c6a
+P b07441cfc06b8e6b47a4f4a6e0f5c261da580d5afe82444cc7f42a9f39ea7026
+R ae40b33df8767139bac4a0187d0a7023
 U dan
-Z f9cd6166bc69f79189e73ac981532cc3
+Z c79d2e80df95438b162b3ae9e2d68e50
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index b1da578fffd4e95f06391c075de205d004128dad..52ffd2ce6afbb2973c288fb8b027c7d87d2dce93 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-b07441cfc06b8e6b47a4f4a6e0f5c261da580d5afe82444cc7f42a9f39ea7026
+8ba5acabf9a0273ffbc2ba0bacc7f0b000690db91081858e4e563d6cbeeb4e7a