Index: third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch |
diff --git a/third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch b/third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch |
deleted file mode 100644 |
index 69a628211b94e82bdc6e320ad79214393ac254b4..0000000000000000000000000000000000000000 |
--- a/third_party/sqlite/patches/0008-fts3-Interior-node-corruption-detection.patch |
+++ /dev/null |
@@ -1,46 +0,0 @@ |
-From 3141c2a626c531ba20ec54397a09fb6b88d07c4a Mon Sep 17 00:00:00 2001 |
-From: Scott Hess <shess@chromium.org> |
-Date: Thu, 26 May 2011 18:44:46 +0000 |
-Subject: [PATCH 08/10] [fts3] Interior node corruption detection. |
- |
-In auditing as part of a previous import, I noticed this case which |
-seemed to allow for buffer overrun. The nPrefix check was commented out |
-because nBuffer wasn't always initialized, and I never circled back to |
-resolve that. |
- |
-It may be appropriate to just drop this patch, for now leaving it for |
-consistency. |
- |
-BUG=84057, 83946 |
- |
-Original review URLs: |
-http://codereview.chromium.org/7075014 |
-http://codereview.chromium.org/6990047 (3.7.6.3 SQLite import) |
---- |
- third_party/sqlite/src/ext/fts3/fts3.c | 10 ++++++++-- |
- 1 file changed, 8 insertions(+), 2 deletions(-) |
- |
-diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext/fts3/fts3.c |
-index 4f2ebb8..8f15099 100644 |
---- a/third_party/sqlite/src/ext/fts3/fts3.c |
-+++ b/third_party/sqlite/src/ext/fts3/fts3.c |
-@@ -1822,8 +1822,14 @@ static int fts3ScanInteriorNode( |
- isFirstTerm = 0; |
- zCsr += fts3GetVarint32(zCsr, &nSuffix); |
- |
-- if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){ |
-- rc = FTS_CORRUPT_VTAB; |
-+ /* NOTE(shess): Previous code checked for negative nPrefix and |
-+ ** nSuffix and suffix overrunning zEnd. Additionally corrupt if |
-+ ** the prefix is longer than the previous term, or if the suffix |
-+ ** causes overflow. |
-+ */ |
-+ if( nPrefix<0 || nSuffix<0 /* || nPrefix>nBuffer */ |
-+ || &zCsr[nSuffix]<zCsr || &zCsr[nSuffix]>zEnd ){ |
-+ rc = SQLITE_CORRUPT; |
- goto finish_scan; |
- } |
- if( nPrefix+nSuffix>nAlloc ){ |
--- |
-2.7.0 |
- |