Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(448)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch

Issue 949043002: Add //third_party/sqlite to dirs_to_snapshot, remove net_sql.patch (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/sqlite/patches/0008-fts3-Disable-fts3_tokenizer-and-fts4.patch ('k') | third_party/sqlite/patches/0010-fts2-test-Add-fts2-to-testfixture.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch
diff --git a/third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch b/third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch
new file mode 100644
index 0000000000000000000000000000000000000000..99b17b855a588e16113f3acf67a02ddae0f131ef
--- /dev/null
+++ b/third_party/sqlite/patches/0009-fts3-Interior-node-corruption-detection.patch
@@ -0,0 +1,46 @@
+From ce5e0e867ac54738b813c800cf1a0545258189bc Mon Sep 17 00:00:00 2001
+From: Scott Hess <shess@chromium.org>
+Date: Thu, 26 May 2011 18:44:46 +0000
+Subject: [PATCH 09/16] [fts3] Interior node corruption detection.
+
+In auditing as part of a previous import, I noticed this case which
+seemed to allow for buffer overrun. The nPrefix check was commented out
+because nBuffer wasn't always initialized, and I never circled back to
+resolve that.
+
+It may be appropriate to just drop this patch, for now leaving it for
+consistency.
+
+BUG=84057, 83946
+
+Original review URLs:
+http://codereview.chromium.org/7075014
+http://codereview.chromium.org/6990047 (3.7.6.3 SQLite import)
+---
+ third_party/sqlite/src/ext/fts3/fts3.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext/fts3/fts3.c
+index dbd2835..3a1152d 100644
+--- a/third_party/sqlite/src/ext/fts3/fts3.c
++++ b/third_party/sqlite/src/ext/fts3/fts3.c
+@@ -1773,8 +1773,14 @@ static int fts3ScanInteriorNode(
+ isFirstTerm = 0;
+ zCsr += fts3GetVarint32(zCsr, &nSuffix);
+
+- if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){
+- rc = FTS_CORRUPT_VTAB;
++ /* NOTE(shess): Previous code checked for negative nPrefix and
++ ** nSuffix and suffix overrunning zEnd. Additionally corrupt if
++ ** the prefix is longer than the previous term, or if the suffix
++ ** causes overflow.
++ */
++ if( nPrefix<0 || nSuffix<0 /* || nPrefix>nBuffer */
++ || &zCsr[nSuffix]<zCsr || &zCsr[nSuffix]>zEnd ){
++ rc = SQLITE_CORRUPT;
+ goto finish_scan;
+ }
+ if( nPrefix+nSuffix>nAlloc ){
+--
+2.2.1
+
« no previous file with comments | « third_party/sqlite/patches/0008-fts3-Disable-fts3_tokenizer-and-fts4.patch ('k') | third_party/sqlite/patches/0010-fts2-test-Add-fts2-to-testfixture.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698