third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch - Issue 885473002: [sql] Rewrite sqlite patching "system".

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch

Issue 885473002: [sql] Rewrite sqlite patching "system". (Closed) Base URL: http://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« third_party/sqlite/patches/0008-Virtual-table-supporting-recovery-of-corrupted-datab.patch ('K') | « third_party/sqlite/patches/0014-fts3-backport-Fix-misaligned-address-in-icu-tokenize.patch ('k') | third_party/sqlite/patches/0016-fts2-test-Add-fts2-to-testfixture.patch » ('j') | third_party/sqlite/src/Makefile.linux-gcc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 From 791a4ecc9e9f325c9eab9d6e6b478fe7533b3edd Mon Sep 17 00:00:00 2001

	2 From: Scott Hess <shess@chromium.org>

	3 Date: Tue, 23 Dec 2014 13:23:08 -0800

	4 Subject: [PATCH 15/24] [fts3] Interior node corruption detection.

	5

	6 In auditing as part of a previous import, I noticed this case which

	7 seemed to allow for buffer overrun. The nPrefix check was commented out

	8 because nBuffer wasn't always initialized, and I never circled back to

	9 resolve that.

	10

	11 It may be appropriate to just drop this patch, for now leaving it for

	12 consistency.

	13

	14 BUG=84057, 83946

	15 ---

	16 third_party/sqlite/src/ext/fts3/fts3.c \| 8 +++++++-

	17 1 file changed, 7 insertions(+), 1 deletion(-)

	18

	19 diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext /fts3/fts3.c

	20 index da55f2a..d11572a 100644

	21 --- a/third_party/sqlite/src/ext/fts3/fts3.c

	22 +++ b/third_party/sqlite/src/ext/fts3/fts3.c

	23 @@ -1230,7 +1230,13 @@ static int fts3ScanInteriorNode(

	24 isFirstTerm = 0;

	25 zCsr += sqlite3Fts3GetVarint32(zCsr, &nSuffix);

	26

	27 - if( nPrefix<0 \|\| nSuffix<0 \|\| &zCsr[nSuffix]>zEnd ){

	28 + /* NOTE(shess): Previous code checked for negative nPrefix and

	29 + ** nSuffix and suffix overrunning zEnd. Additionally corrupt if

	30 + ** the prefix is longer than the previous term, or if the suffix

	31 + ** causes overflow.

	32 + */

	33 + if( nPrefix<0 \|\| nSuffix<0 /* \|\| nPrefix>nBuffer */

	34 + \|\| &zCsr[nSuffix]<zCsr \|\| &zCsr[nSuffix]>zEnd ){

	35 rc = SQLITE_CORRUPT;

	36 goto finish_scan;

	37 }

	38 --

	39 2.2.1

	40

OLD	NEW