Prevent integer overflow due to database corruption in.

fts3auxNextMethod().
[bugs:/forumpost/bce19272cf|Bug report bce19272cf].

FossilOrigin-Name: d903795e3bdf91607f23dace5a15a070139b32e34aed8540a6c2e19c39e997be

diff --git a/ext/fts3/fts3_aux.c b/ext/fts3/fts3_aux.c
index 042fe53946acafc0e0945af630a366b606437d12..0d88d014d5b6afc597b85a5ef4b2d5a2f2647370 100644 (file)
--- a/ext/fts3/fts3_aux.c
+++ b/ext/fts3/fts3_aux.c
@@ -341,7 +341,7 @@ static int fts3auxNextMethod(sqlite3_vtab_cursor *pCursor){
         /* State 3. The integer just read is a column number. */
         default: assert( eState==3 );
           iCol = (int)v;
-          if( iCol<1 ){
+          if( iCol<1 || iCol>0x3fffffff ){
             rc = SQLITE_CORRUPT_VTAB;
             break;
           }

diff --git a/manifest b/manifest
index a353861aa659ce501b6f6756f408e03686a0da91..b8224c63f112603babd9b61f70c75c1dfc24c244 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C When\sa\ssubquery\sis\san\sargument\sto\san\sSQLITE_SUBTYPE\sfunction,\sthen\sset\nthe\sEP_SubtArg\sflag\son\sthe\sresult-set\sexpressions\sof\sthat\ssubquery.\n[bugs:/forumpost/8de44412fd|Bug\sreport\s8de44412fd].
-D 2026-05-18T19:44:04.696
+C Prevent\sinteger\soverflow\sdue\sto\sdatabase\scorruption\sin.\nfts3auxNextMethod().\n[bugs:/forumpost/bce19272cf|Bug\sreport\sbce19272cf].
+D 2026-05-18T20:27:57.529
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -82,7 +82,7 @@ F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d
 F ext/fts3/fts3.c 6cc7bbc307f27e7b6ee2e1d5ff63ffff4df3b42529dfe00eb34ddded417961b3
 F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe
 F ext/fts3/fts3Int.h 277f32f304e82f4397fc2a74793c0a95318b7abb9670b519e4805a00946cbd9b
-F ext/fts3/fts3_aux.c 37ba1b10bbd163ddc6b05dbc3a306a0d5d68aee3d30f33b4dc5794955cc50887
+F ext/fts3/fts3_aux.c c105f6502df588f49a383eb22aed953844fb0e31265361a0cc8dd73037b37e39
 F ext/fts3/fts3_expr.c 5c13796638d8192c388777166075cdc8bc4b6712024cd5b72c31acdbefce5984
 F ext/fts3/fts3_hash.c d9dba473741445789330c7513d4f65737c92df23c3212784312931641814672a
 F ext/fts3/fts3_hash.h 39cf6874dc239d6b4e30479b1975fe5b22a3caaf
@@ -2205,8 +2205,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P ac3a958b0ab7766544bb406aa990668d2235ab26fb68c75ded3f71273d97b18c
-R 8b7676a9b8c1591082998d4ad9fe24e1
+P d75c08c8416bde3f510a135ea07cc217ba6183eacda6ba895bccbf57efe9284f
+R fb9e5a8193aabda22b0c7f7541c1f904
 U drh
-Z 9295f25c50d1d41e258f97d8c0c2ca57
+Z 1c49ffc7129044d57402911aa96f7225
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index 1712a713d05524b78fb34f62461279d14f31305a..53a003afa469bd8d882cb88726df03d265e87952 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-d75c08c8416bde3f510a135ea07cc217ba6183eacda6ba895bccbf57efe9284f
+d903795e3bdf91607f23dace5a15a070139b32e34aed8540a6c2e19c39e997be