Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch

Issue 2751253002: [sql] Import SQLite 3.17.0. (Closed)
Patch Set: also clang on Linux i386 Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/sqlite/patches/0007-fts3-Disable-fts3_tokenizer-and-fts4.patch ('k') | third_party/sqlite/patches/0008-fts3-Fix-uninit-variable-in-fts3EvalDeferredPhrase.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch
diff --git a/third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch b/third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch
similarity index 74%
rename from third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch
rename to third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch
index 69a628211b94e82bdc6e320ad79214393ac254b4..e520fdbbe9da1c7d2bbc922389806275f4937c3d 100644
--- a/third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch
+++ b/third_party/sqlite/patches/0007-fts3-Interior-node-corruption-detection.patch
@@ -1,7 +1,7 @@
-From 3141c2a626c531ba20ec54397a09fb6b88d07c4a Mon Sep 17 00:00:00 2001
+From 03fa0b12103886a82be1093fd147406133c33795 Mon Sep 17 00:00:00 2001
From: Scott Hess <shess@chromium.org>
Date: Thu, 26 May 2011 18:44:46 +0000
-Subject: [PATCH 08/10] [fts3] Interior node corruption detection.
+Subject: [PATCH 07/10] [fts3] Interior node corruption detection.
In auditing as part of a previous import, I noticed this case which
seemed to allow for buffer overrun. The nPrefix check was commented out
@@ -17,19 +17,18 @@ Original review URLs:
http://codereview.chromium.org/7075014
http://codereview.chromium.org/6990047 (3.7.6.3 SQLite import)
---
- third_party/sqlite/src/ext/fts3/fts3.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
+ third_party/sqlite/src/ext/fts3/fts3.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext/fts3/fts3.c
-index 4f2ebb8..8f15099 100644
+index 9659815da93a..4b032271148e 100644
--- a/third_party/sqlite/src/ext/fts3/fts3.c
+++ b/third_party/sqlite/src/ext/fts3/fts3.c
-@@ -1822,8 +1822,14 @@ static int fts3ScanInteriorNode(
+@@ -1844,7 +1844,13 @@ static int fts3ScanInteriorNode(
isFirstTerm = 0;
zCsr += fts3GetVarint32(zCsr, &nSuffix);
- if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){
-- rc = FTS_CORRUPT_VTAB;
+ /* NOTE(shess): Previous code checked for negative nPrefix and
+ ** nSuffix and suffix overrunning zEnd. Additionally corrupt if
+ ** the prefix is longer than the previous term, or if the suffix
@@ -37,10 +36,9 @@ index 4f2ebb8..8f15099 100644
+ */
+ if( nPrefix<0 || nSuffix<0 /* || nPrefix>nBuffer */
+ || &zCsr[nSuffix]<zCsr || &zCsr[nSuffix]>zEnd ){
-+ rc = SQLITE_CORRUPT;
+ rc = FTS_CORRUPT_VTAB;
goto finish_scan;
}
- if( nPrefix+nSuffix>nAlloc ){
--
-2.7.0
+2.11.0
« no previous file with comments | « third_party/sqlite/patches/0007-fts3-Disable-fts3_tokenizer-and-fts4.patch ('k') | third_party/sqlite/patches/0008-fts3-Fix-uninit-variable-in-fts3EvalDeferredPhrase.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698