sqlite3_int64 iVal /* Write this value to the list */
){
assert_fts3_nc( iVal-*piPrev > 0 || (*piPrev==0 && iVal==0) );
- *pp += sqlite3Fts3PutVarint(*pp, iVal-*piPrev);
- *piPrev = iVal;
+ if( iVal-(*piPrev)>=0 ){
+ /* Refuse to write a negative delta integer. This only happens with a
+ ** corrupt db (see the assert above) and can cause buffer overwrites
+ ** in some cases. */
+ *pp += sqlite3Fts3PutVarint(*pp, iVal-*piPrev);
+ *piPrev = iVal;
+ }
}
/*
-C When\susing\sa\sread-only\sWAL/SHM,\shandle\sa\scorrupt\spage\ssize\sin\sthe\sWAL\nfile\scorrectly.\n[bugs:/info/2026-06-11T22:20:03Z|Bug\s2026-06-11T22:20:03Z].
-D 2026-06-12T12:15:42.420
+C Fix\sa\sbuffer\soverwrite\sin\sfts3\sthat\scould\soccur\swhile\sprocessing\sNEAR\squeries\sagainst\scorrupt\srecords.\sBug\s[bugs:/info/2026-06-11T23:11:26Z\s|\s2026-06-11T23:11:26Z].
+D 2026-06-12T15:36:26.954
F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F ext/fts3/README.syntax b72477722e9b4fe43f8403227d790a1c94221bfad15c27863a4b36d1052e892b
F ext/fts3/README.tokenizers b92bdeb8b46503f0dd301d364efc5ef59ef9fa8e2758b8e742f39fa93a2e422d
F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d
-F ext/fts3/fts3.c 1716994c40715223431d98e5132c40a3c1a00c011c5bde2270bad1bd06be3ccd
+F ext/fts3/fts3.c 4e62e96794ee8a5e73b1357e63d9b7749c30e0f712db3dfe27cd515e50afce9d
F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe
F ext/fts3/fts3Int.h 277f32f304e82f4397fc2a74793c0a95318b7abb9670b519e4805a00946cbd9b
F ext/fts3/fts3_aux.c bbb614abcc995bf748cba4717e9fd8de67898e33c80f60379f6feb2358189b4b
F test/fts3corrupt4.test c7f414fe29b97a478d15c90382c4ae077a2bbd2283bf8c63bf66dadaaed3edb8
F test/fts3corrupt5.test 0549f85ec4bd22e992f645f13c59b99d652f2f5e643dac75568bfd23a6db7ed5
F test/fts3corrupt6.test f417c910254f32c0bc9ead7affa991a1d5aec35b3b32a183ffb05eea78289525
-F test/fts3corrupt7.test 9d153bb71be245f54d8b659fd321cf3327a2b1ad2c3b0c6dc70373d7ef96e4e2
+F test/fts3corrupt7.test 8564d278801a7947d1c74d8819adee7dfed18b81574d0c42f8a1acc6759fc65a
F test/fts3cov.test 1e5ecea0e4c1394cea97adcfb9fd3d2d5998fd563dacf465f413e6c7fa5cffb3
F test/fts3d.test 2bd8c97bcb9975f2334147173b4872505b6a41359a4f9068960a36afe07a679f
F test/fts3defer.test f4c20e4c7153d20a98ee49ee5f3faef624fefc9a067f8d8d629db380c4d9f1de
F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P abfecc08209c9377b6762125b2372e4eb1ab56b4d0399467c8fbe5cfc11c806e
-R dd45faf5e8de9f6c13f7a1c4e8ee2568
-U drh
-Z e80837b9a459e4fc9090159477aa229b
+P 09ab0a1bac4eb7de651f78cfd3027b452308da7e04c4ccd7f46c402c82fd6ca5
+R 5967f3842d7d977e9300115cbcd6053f
+U dan
+Z 04945b84a384653d50d2edd356b79f0b
# Remove this line to create a well-formed Fossil manifest.
INSERT INTO t(x) VALUES('alpha');
}
+#-------------------------------------------------------------------------
+reset_db
+do_execsql_test 8.0 {
+ CREATE VIRTUAL TABLE t USING fts4(x);
+ INSERT INTO t_content(docid,c0x) VALUES(1,'a b');
+ DELETE FROM t_segments;
+ DELETE FROM t_segdir;
+ INSERT INTO t_segdir(level,idx,start_block,leaves_end_block,end_block,root)
+ VALUES(0,0,0,0,0,x'000161110150028001500a818080800103038101000001622c010281008101ffffffffffffffffff010204ffffffffffffffffff01ffffffffffffffffff01c80109323200');
+}
+
+do_execsql_test 8.1 {
+ SELECT count(*) FROM t WHERE t MATCH 'a NEAR/100 b';
+} {1}
+
finish_test
projects / thirdparty / sqlite.git / commitdiff
