third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch - Issue 2751253002: [sql] Import SQLite 3.17.0.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch

Issue 2751253002: [sql] Import SQLite 3.17.0. (Closed)

Patch Set: also clang on Linux i386 Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/sqlite/patches/0008-fts3-Fix-uninit-variable-in-fts3EvalDeferredPhrase.patch ('k') | third_party/sqlite/patches/0009-build-Fix-_CRT_RAND_S-conflict-in-sqliteInt.h.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
	(Empty)
1 From 3141c2a626c531ba20ec54397a09fb6b88d07c4a Mon Sep 17 00:00:00 2001

2 From: Scott Hess <shess@chromium.org>

3 Date: Thu, 26 May 2011 18:44:46 +0000

4 Subject: [PATCH 08/10] [fts3] Interior node corruption detection.

5

6 In auditing as part of a previous import, I noticed this case which

7 seemed to allow for buffer overrun. The nPrefix check was commented out

8 because nBuffer wasn't always initialized, and I never circled back to

9 resolve that.

10

11 It may be appropriate to just drop this patch, for now leaving it for

12 consistency.

13

14 BUG=84057, 83946

15

16 Original review URLs:

17 http://codereview.chromium.org/7075014

18 http://codereview.chromium.org/6990047 (3.7.6.3 SQLite import)

19 ---

20 third_party/sqlite/src/ext/fts3/fts3.c \| 10 ++++++++--

21 1 file changed, 8 insertions(+), 2 deletions(-)

22

23 diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext /fts3/fts3.c

24 index 4f2ebb8..8f15099 100644

25 --- a/third_party/sqlite/src/ext/fts3/fts3.c

26 +++ b/third_party/sqlite/src/ext/fts3/fts3.c

27 @@ -1822,8 +1822,14 @@ static int fts3ScanInteriorNode(

28 isFirstTerm = 0;

29 zCsr += fts3GetVarint32(zCsr, &nSuffix);

30

31 - if( nPrefix<0 \|\| nSuffix<0 \|\| &zCsr[nSuffix]>zEnd ){

32 - rc = FTS_CORRUPT_VTAB;

33 + /* NOTE(shess): Previous code checked for negative nPrefix and

34 + ** nSuffix and suffix overrunning zEnd. Additionally corrupt if

35 + ** the prefix is longer than the previous term, or if the suffix

36 + ** causes overflow.

37 + */

38 + if( nPrefix<0 \|\| nSuffix<0 /* \|\| nPrefix>nBuffer */

39 + \|\| &zCsr[nSuffix]<zCsr \|\| &zCsr[nSuffix]>zEnd ){

40 + rc = SQLITE_CORRUPT;

41 goto finish_scan;

42 }

43 if( nPrefix+nSuffix>nAlloc ){

44 --

45 2.7.0

46

OLD	NEW