Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(202)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch

Issue 901033002: Import SQLite 3.8.7.4. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Chromium changes to support SQLite 3.8.7.4. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/sqlite/patches/0009-Custom-shell.c-helpers-to-load-Chromium-s-ICU-data.patch ('k') | third_party/sqlite/patches/0010-fts2-test-Add-fts2-to-testfixture.patch » ('j') | third_party/sqlite/src/src/os_unix.c » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch
diff --git a/third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch b/third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch
similarity index 72%
rename from third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch
rename to third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch
index 5eb1f6dde2570ec16648256ed1e4a5272cb21bbe..99b17b855a588e16113f3acf67a02ddae0f131ef 100644
--- a/third_party/sqlite/patches/0015-fts3-Interior-node-corruption-detection.patch
+++ b/third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch
@@ -1,7 +1,7 @@
-From 88d98dd2627e3dad4685443441fcd99a6ba61642 Mon Sep 17 00:00:00 2001
+From ce5e0e867ac54738b813c800cf1a0545258189bc Mon Sep 17 00:00:00 2001
From: Scott Hess <shess@chromium.org>
Date: Thu, 26 May 2011 18:44:46 +0000
-Subject: [PATCH 15/23] [fts3] Interior node corruption detection.
+Subject: [PATCH 09/16] [fts3] Interior node corruption detection.
In auditing as part of a previous import, I noticed this case which
seemed to allow for buffer overrun. The nPrefix check was commented out
@@ -17,18 +17,19 @@ Original review URLs:
http://codereview.chromium.org/7075014
http://codereview.chromium.org/6990047 (3.7.6.3 SQLite import)
---
- third_party/sqlite/src/ext/fts3/fts3.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
+ third_party/sqlite/src/ext/fts3/fts3.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext/fts3/fts3.c
-index da55f2a..d11572a 100644
+index dbd2835..3a1152d 100644
--- a/third_party/sqlite/src/ext/fts3/fts3.c
+++ b/third_party/sqlite/src/ext/fts3/fts3.c
-@@ -1230,7 +1230,13 @@ static int fts3ScanInteriorNode(
+@@ -1773,8 +1773,14 @@ static int fts3ScanInteriorNode(
isFirstTerm = 0;
- zCsr += sqlite3Fts3GetVarint32(zCsr, &nSuffix);
+ zCsr += fts3GetVarint32(zCsr, &nSuffix);
- if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){
+- rc = FTS_CORRUPT_VTAB;
+ /* NOTE(shess): Previous code checked for negative nPrefix and
+ ** nSuffix and suffix overrunning zEnd. Additionally corrupt if
+ ** the prefix is longer than the previous term, or if the suffix
@@ -36,9 +37,10 @@ index da55f2a..d11572a 100644
+ */
+ if( nPrefix<0 || nSuffix<0 /* || nPrefix>nBuffer */
+ || &zCsr[nSuffix]<zCsr || &zCsr[nSuffix]>zEnd ){
- rc = SQLITE_CORRUPT;
++ rc = SQLITE_CORRUPT;
goto finish_scan;
}
+ if( nPrefix+nSuffix>nAlloc ){
--
2.2.1
« no previous file with comments | « third_party/sqlite/patches/0009-Custom-shell.c-helpers-to-load-Chromium-s-ICU-data.patch ('k') | third_party/sqlite/patches/0010-fts2-test-Add-fts2-to-testfixture.patch » ('j') | third_party/sqlite/src/src/os_unix.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698