| OLD | NEW |
|---|
| 1 From 106d71238a58d4dfbeb8cf1cba45a1c4e6f583e8 Mon Sep 17 00:00:00 2001 | 1 From 5938a2cdd5c19c9afe646425abe86d5cb75b6d1a Mon Sep 17 00:00:00 2001 |
| 2 From: Chris Evans <cevans@chromium.org> | 2 From: Chris Evans <cevans@chromium.org> |
| 3 Date: Wed, 30 Sep 2009 23:10:34 +0000 | 3 Date: Wed, 30 Sep 2009 23:10:34 +0000 |
| 4 Subject: [PATCH 23/23] [fts2] Fix numerous out-of-bounds bugs reading corrupt | 4 Subject: [PATCH 16/16] [fts2] Fix numerous out-of-bounds bugs reading corrupt |
| 5 database. | 5 database. |
| 6 | 6 |
| 7 Fix numerous bugs in fts2 where a corrupt fts2 database could cause | 7 Fix numerous bugs in fts2 where a corrupt fts2 database could cause |
| 8 out-of-bounds reads and writes. | 8 out-of-bounds reads and writes. |
| 9 | 9 |
| 10 Original review URL is more descriptive: | 10 Original review URL is more descriptive: |
| 11 http://codereview.chromium.org/216026 | 11 http://codereview.chromium.org/216026 |
| 12 --- | 12 --- |
| 13 third_party/sqlite/src/ext/fts2/fts2.c | 751 ++++++++++++++++++++++----------- | 13 third_party/sqlite/src/ext/fts2/fts2.c | 751 ++++++++++++++++++++++----------- |
| 14 1 file changed, 514 insertions(+), 237 deletions(-) | 14 1 file changed, 514 insertions(+), 237 deletions(-) |
| 15 | 15 |
| 16 diff --git a/third_party/sqlite/src/ext/fts2/fts2.c b/third_party/sqlite/src/ext
/fts2/fts2.c | 16 diff --git a/third_party/sqlite/src/ext/fts2/fts2.c b/third_party/sqlite/src/ext
/fts2/fts2.c |
| 17 index d5587b3..36d14ff 100644 | 17 index a78e3d3..e585a8b 100644 |
| 18 --- a/third_party/sqlite/src/ext/fts2/fts2.c | 18 --- a/third_party/sqlite/src/ext/fts2/fts2.c |
| 19 +++ b/third_party/sqlite/src/ext/fts2/fts2.c | 19 +++ b/third_party/sqlite/src/ext/fts2/fts2.c |
| 20 @@ -447,30 +447,41 @@ static int putVarint(char *p, sqlite_int64 v){ | 20 @@ -447,30 +447,41 @@ static int putVarint(char *p, sqlite_int64 v){ |
| 21 /* Read a 64-bit variable-length integer from memory starting at p[0]. | 21 /* Read a 64-bit variable-length integer from memory starting at p[0]. |
| 22 * Return the number of bytes read, or 0 on error. | 22 * Return the number of bytes read, or 0 on error. |
| 23 * The value is stored in *v. */ | 23 * The value is stored in *v. */ |
| 24 -static int getVarint(const char *p, sqlite_int64 *v){ | 24 -static int getVarint(const char *p, sqlite_int64 *v){ |
| 25 +static int getVarintSafe(const char *p, sqlite_int64 *v, int max){ | 25 +static int getVarintSafe(const char *p, sqlite_int64 *v, int max){ |
| 26 const unsigned char *q = (const unsigned char *) p; | 26 const unsigned char *q = (const unsigned char *) p; |
| 27 sqlite_uint64 x = 0, y = 1; | 27 sqlite_uint64 x = 0, y = 1; |
| (...skipping 1574 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1602 + if( rc!=SQLITE_OK ){ | 1602 + if( rc!=SQLITE_OK ){ |
| 1603 + dataBufferDestroy(&dump); | 1603 + dataBufferDestroy(&dump); |
| 1604 + return; | 1604 + return; |
| 1605 + } | 1605 + } |
| 1606 | 1606 |
| 1607 assert( dump.nData>0 ); | 1607 assert( dump.nData>0 ); |
| 1608 dump.nData--; /* Overwrite trailing space. */ | 1608 dump.nData--; /* Overwrite trailing space. */ |
| 1609 -- | 1609 -- |
| 1610 2.2.1 | 1610 2.2.1 |
| 1611 | 1611 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 901033002:
Import SQLite 3.8.7.4. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master