Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(595)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch

Issue 885473002: [sql] Rewrite sqlite patching "system". (Closed) Base URL: http://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed typo in readme. Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/sqlite/patches/0014-fts3-backport-Fix-misaligned-address-in-icu-tokenize.patch ('k') | third_party/sqlite/patches/0016-fts2-test-Add-fts2-to-testfixture.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch
diff --git a/third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch b/third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5eb1f6dde2570ec16648256ed1e4a5272cb21bbe
--- /dev/null
+++ b/third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch
@@ -0,0 +1,44 @@
+From 88d98dd2627e3dad4685443441fcd99a6ba61642 Mon Sep 17 00:00:00 2001
+From: Scott Hess <shess@chromium.org>
+Date: Thu, 26 May 2011 18:44:46 +0000
+Subject: [PATCH 15/23] [fts3] Interior node corruption detection.
+
+In auditing as part of a previous import, I noticed this case which
+seemed to allow for buffer overrun. The nPrefix check was commented out
+because nBuffer wasn't always initialized, and I never circled back to
+resolve that.
+
+It may be appropriate to just drop this patch, for now leaving it for
+consistency.
+
+BUG=84057, 83946
+
+Original review URLs:
+http://codereview.chromium.org/7075014
+http://codereview.chromium.org/6990047 (3.7.6.3 SQLite import)
+---
+ third_party/sqlite/src/ext/fts3/fts3.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext/fts3/fts3.c
+index da55f2a..d11572a 100644
+--- a/third_party/sqlite/src/ext/fts3/fts3.c
++++ b/third_party/sqlite/src/ext/fts3/fts3.c
+@@ -1230,7 +1230,13 @@ static int fts3ScanInteriorNode(
+ isFirstTerm = 0;
+ zCsr += sqlite3Fts3GetVarint32(zCsr, &nSuffix);
+
+- if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){
++ /* NOTE(shess): Previous code checked for negative nPrefix and
++ ** nSuffix and suffix overrunning zEnd. Additionally corrupt if
++ ** the prefix is longer than the previous term, or if the suffix
++ ** causes overflow.
++ */
++ if( nPrefix<0 || nSuffix<0 /* || nPrefix>nBuffer */
++ || &zCsr[nSuffix]<zCsr || &zCsr[nSuffix]>zEnd ){
+ rc = SQLITE_CORRUPT;
+ goto finish_scan;
+ }
+--
+2.2.1
+
« no previous file with comments | « third_party/sqlite/patches/0014-fts3-backport-Fix-misaligned-address-in-icu-tokenize.patch ('k') | third_party/sqlite/patches/0016-fts2-test-Add-fts2-to-testfixture.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698