[sql] Import SQLite 3.17.0.

third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch

Index: third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch
diff --git a/third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch b/third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch
similarity index 74%
rename from third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch
rename to third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch
index 69a628211b94e82bdc6e320ad79214393ac254b4..e520fdbbe9da1c7d2bbc922389806275f4937c3d 100644
--- a/third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch
+++ b/third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch
@@ -1,7 +1,7 @@
-From 3141c2a626c531ba20ec54397a09fb6b88d07c4a Mon Sep 17 00:00:00 2001
+From 03fa0b12103886a82be1093fd147406133c33795 Mon Sep 17 00:00:00 2001
 From: Scott Hess <shess@chromium.org>
 Date: Thu, 26 May 2011 18:44:46 +0000
-Subject: [PATCH 08/10] [fts3] Interior node corruption detection.
+Subject: [PATCH 07/10] [fts3] Interior node corruption detection.
 
 In auditing as part of a previous import, I noticed this case which
 seemed to allow for buffer overrun.  The nPrefix check was commented out
@@ -17,19 +17,18 @@ Original review URLs:
 http://codereview.chromium.org/7075014
 http://codereview.chromium.org/6990047 (3.7.6.3 SQLite import)
 ---
- third_party/sqlite/src/ext/fts3/fts3.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
+ third_party/sqlite/src/ext/fts3/fts3.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
 
 diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext/fts3/fts3.c
-index 4f2ebb8..8f15099 100644
+index 9659815da93a..4b032271148e 100644
 --- a/third_party/sqlite/src/ext/fts3/fts3.c
 +++ b/third_party/sqlite/src/ext/fts3/fts3.c
-@@ -1822,8 +1822,14 @@ static int fts3ScanInteriorNode(
+@@ -1844,7 +1844,13 @@ static int fts3ScanInteriorNode(
      isFirstTerm = 0;
      zCsr += fts3GetVarint32(zCsr, &nSuffix);
      
 -    if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){
--      rc = FTS_CORRUPT_VTAB;
 +    /* NOTE(shess): Previous code checked for negative nPrefix and
 +    ** nSuffix and suffix overrunning zEnd.  Additionally corrupt if
 +    ** the prefix is longer than the previous term, or if the suffix
@@ -37,10 +36,9 @@ index 4f2ebb8..8f15099 100644
 +    */
 +    if( nPrefix<0 || nSuffix<0 /* || nPrefix>nBuffer */
 +     || &zCsr[nSuffix]<zCsr || &zCsr[nSuffix]>zEnd ){
-+      rc = SQLITE_CORRUPT;
+       rc = FTS_CORRUPT_VTAB;

[Scott Hess - ex-Googler, 2017/03/16 00:40:57]

This was wrong, before, changing FTS_CORRUPT_VTAB to SQLITE_CORRUPT (should have
been SQLITE_CORRUPT_VTAB).  I suspect that at one point the code this is in
switched from SQLITE_CORRUPT to SQLITE_CORRUPT_VTAB and I missed it.  So this
could be noticed by websql, given the right combination of corruption and error
handling, but I think this code has probably never fired and been handled well
anyhow.

[SQLITE_CORRUPT_VTAB is SQLITE_CORRUPT with some extra bits, so any handling
code _should_ be handling both in the same way.]

        goto finish_scan;
      }
-     if( nPrefix+nSuffix>nAlloc ){
 -- 
-2.7.0
+2.11.0