Fix a signed integer overflow that could occur in fts3 when processing corrupt databa...

FossilOrigin-Name: 978d04f051c06aff798f915b0774da19a0b4f89f9daee124f7e62b12afaaced8

diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index 1b8bca70f2f06c6372662572d1f937748f5c2ba3..7ae55b38bc9f94f03d7b3fc61fffe9f337ea8a9f 100644 (file)
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -3129,6 +3129,10 @@ static void fts3ReadEndBlockField(
     for(/* no-op */; zText[i]>='0' && zText[i]<='9'; i++){
       iVal = iVal*10 + (zText[i] - '0');
     }
+
+    /* This if() clause is just to avoid an integer overflow. The record is 
+    ** corrupt in this case.  */
+    if( (i64)iVal==SMALLEST_INT64 ) iMul = 1;
     *pnByte = ((i64)iVal * (i64)iMul);
   }
 }

diff --git a/manifest b/manifest
index 363873121e693183fd0e1b03b7697b13d6f29786..7ba0cb6a7202caac88413d08b0ab95c86d907c12 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Comment\simprovements\son\sthe\s".ar\s-x"\scommand\sof\sthe\sCLI.\s\sNo\schanges\sto\scode.
-D 2026-06-11T23:11:14.635
+C Fix\sa\ssigned\sinteger\soverflow\sthat\scould\soccur\sin\sfts3\swhen\sprocessing\scorrupt\sdatabase\srecords.\sBug\s[bugs:/info/2026-06-11T23:12:25Z\s|\s2026-06-11T23:12:25Z].
+D 2026-06-12T11:24:30.419
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -98,7 +98,7 @@ F ext/fts3/fts3_tokenizer.h 64c6ef6c5272c51ebe60fc607a896e84288fcbc3
 F ext/fts3/fts3_tokenizer1.c c1de4ae28356ad98ccb8b2e3388a7fdcce7607b5523738c9afb6275dab765154
 F ext/fts3/fts3_unicode.c de426ff05c1c2e7bce161cf6b706638419c3a1d9c2667de9cb9dc0458c18e226
 F ext/fts3/fts3_unicode2.c 416eb7e1e81142703520d284b768ca2751d40e31fa912cae24ba74860532bf0f
-F ext/fts3/fts3_write.c d218b687fb55bce8c9340c6dbb368a10d94647cbe39801d85492d576a4e7da75
+F ext/fts3/fts3_write.c b84f9808f6df7b19db34af2397d82a7c5db4d30486c428f4f296d286996cea02
 F ext/fts3/fts3speed.tcl b54caf6a18d38174f1a6e84219950d85e98bb1e9
 F ext/fts3/tool/fts3cov.sh c331d006359456cf6f8f953e37f2b9c7d568f3863f00bb5f7eb87fea4ac01b73
 F ext/fts3/tool/fts3view.c 413c346399159df81f86c4928b7c4a455caab73bfbc8cd68f950f632e5751674
@@ -1172,7 +1172,7 @@ F test/fts3corrupt3.test 0d5b69a0998b4adf868cc301fc78f3d0707745f1d984ce044c205cd
 F test/fts3corrupt4.test c7f414fe29b97a478d15c90382c4ae077a2bbd2283bf8c63bf66dadaaed3edb8
 F test/fts3corrupt5.test 0549f85ec4bd22e992f645f13c59b99d652f2f5e643dac75568bfd23a6db7ed5
 F test/fts3corrupt6.test f417c910254f32c0bc9ead7affa991a1d5aec35b3b32a183ffb05eea78289525
-F test/fts3corrupt7.test 93622a4336b161a733accbd66311d93749660243cdda268fd647c21e1e680770
+F test/fts3corrupt7.test 9d153bb71be245f54d8b659fd321cf3327a2b1ad2c3b0c6dc70373d7ef96e4e2
 F test/fts3cov.test 1e5ecea0e4c1394cea97adcfb9fd3d2d5998fd563dacf465f413e6c7fa5cffb3
 F test/fts3d.test 2bd8c97bcb9975f2334147173b4872505b6a41359a4f9068960a36afe07a679f
 F test/fts3defer.test f4c20e4c7153d20a98ee49ee5f3faef624fefc9a067f8d8d629db380c4d9f1de
@@ -2209,8 +2209,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P dd0c161fcd1619518cd4671d64afb6afeec44c140ec176ccb8616d381a88f42f
-R 0089f7a58023190900b7f739403086ea
-U drh
-Z 13f7465d66bf893ba8348c67ac5c7171
+P 5b939fb1a284088c4bd46adf517cf598816e2262cd77ee2d9caaab1cef2ce9a1
+R b052660c59032fb31708e82aa0979664
+U dan
+Z 7735d26eefa2a03d86b4df6aaeb15b4e
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index fa530187469937447289567815f0e37f99cc7ae3..7aff172a207bcdf5e8de4b2df07fc221f1b65363 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-5b939fb1a284088c4bd46adf517cf598816e2262cd77ee2d9caaab1cef2ce9a1
+978d04f051c06aff798f915b0774da19a0b4f89f9daee124f7e62b12afaaced8

diff --git a/test/fts3corrupt7.test b/test/fts3corrupt7.test
index ec5f1454b8a5d1faab1cd90682fd648a87758f42..3714d39e270918d67755d998ef9a193463f7e1cc 100644 (file)
--- a/test/fts3corrupt7.test
+++ b/test/fts3corrupt7.test
@@ -345,4 +345,17 @@ do_catchsql_test 4.4 {
   SELECT * FROM t1_terms;
 } {1 {database disk image is malformed}}
 
+#-------------------------------------------------------------------------
+reset_db
+
+do_execsql_test 7.0 {
+  CREATE VIRTUAL TABLE t USING fts3(x);
+  INSERT INTO t_segdir(level,idx,start_block,leaves_end_block,end_block,root)
+    VALUES(1,0,0,0,'0 -9223372036854775808',x'00');
+}
+
+do_execsql_test 7.1 {
+  INSERT INTO t(x) VALUES('alpha');
+}
+
 finish_test