Fix an fts5 problem with corrupt database handling found by address-sanitizer.

FossilOrigin-Name: e22252e1da4cd9e41b970970a1c4f466aa6cc133
2016-08-13 10:34:12 +00:00 · 2016-08-13 10:34:12 +00:00 · 460d38f15e
commit 460d38f15e
parent 3b96d1e2e4
4 changed files with 30 additions and 15 deletions
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@ -702,7 +702,6 @@ static Fts5Data *fts5DataRead(Fts5Index *p, i64 iRowid){
  return pRet;
 }

-
 /*
 ** Release a reference to data record returned by an earlier call to
 ** fts5DataRead().
@ -711,6 +710,18 @@ static void fts5DataRelease(Fts5Data *pData){
  sqlite3_free(pData);
 }

+static Fts5Data *fts5LeafRead(Fts5Index *p, i64 iRowid){
+  Fts5Data *pRet = fts5DataRead(p, iRowid);
+  if( pRet ){
+    if( pRet->szLeaf>pRet->nn ){
+      p->rc = FTS5_CORRUPT;
+      fts5DataRelease(pRet);
+      pRet = 0;
+    }
+  }
+  return pRet;
+}
+
 static int fts5IndexPrepareStmt(
  Fts5Index *p,
  sqlite3_stmt **ppStmt,
@ -1519,7 +1530,7 @@ static void fts5SegIterNextPage(
    pIter->pLeaf = pIter->pNextLeaf;
    pIter->pNextLeaf = 0;
  }else if( pIter->iLeafPgno<=pSeg->pgnoLast ){
-    pIter->pLeaf = fts5DataRead(p, 
+    pIter->pLeaf = fts5LeafRead(p, 
        FTS5_SEGMENT_ROWID(pSeg->iSegid, pIter->iLeafPgno)
    );
  }else{
@ -2022,9 +2033,8 @@ static void fts5SegIterNext(
        if( pLeaf->nn>pLeaf->szLeaf ){
          pIter->iPgidxOff = pLeaf->szLeaf + fts5GetVarint32(
              &pLeaf->p[pLeaf->szLeaf], pIter->iEndofDoclist
-              );
+          );
        }
-
      }
      else if( pLeaf->nn>pLeaf->szLeaf ){
        pIter->iPgidxOff = pLeaf->szLeaf + fts5GetVarint32(
@ -2269,6 +2279,11 @@ static void fts5LeafSeek(
    iTermOff += nKeep;
    iOff = iTermOff;

+    if( iOff>=n ){
+      p->rc = FTS5_CORRUPT;
+      return;
+    }
+
    /* Read the nKeep field of the next term. */
    fts5FastGetVarint32(a, iOff, nKeep);
  }
--- a/ext/fts5/test/fts5corrupt2.test
+++ b/ext/fts5/test/fts5corrupt2.test
@ -37,7 +37,7 @@ do_execsql_test 1.0 {
 }
 set mask [expr 31 << 31]

-if 1 {
+if 0 {

 # Test 1:
 #
@ -84,6 +84,8 @@ foreach {tno stmt} {
  }
 }

+}
+
 # Using the same database as the 1.* tests.
 #
 # Run N-1 tests, where N is the number of bytes in the rightmost leaf page
@ -212,8 +214,6 @@ foreach {tn nCut} {
  # do_test 4.$tn.x { expr $nCorrupt>0 } 1
 }

-}
-
 set doc [string repeat "A B C " 1000]
 do_execsql_test 5.0 {
  CREATE VIRTUAL TABLE x5 USING fts5(tt);
--- a/14
+++ b/14
@ -1,5 +1,5 @@
-C Fix\sa\sbuffer\soverread\sin\sfts5.
-D 2016-08-13T06:38:31.533
+C Fix\san\sfts5\sproblem\swith\scorrupt\sdatabase\shandling\sfound\sby\saddress-sanitizer.
+D 2016-08-13T10:34:12.755
 F Makefile.in cfd8fb987cd7a6af046daa87daa146d5aad0e088
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc d66d0395c38571aab3804f8db0fa20707ae4609a
@ -104,7 +104,7 @@ F ext/fts5/fts5_buffer.c 4c1502d4c956cd092c89ce4480867f9d8bf325cd
 F ext/fts5/fts5_config.c 5af9c360e99669d29f06492c370892394aba0857
 F ext/fts5/fts5_expr.c 1ee97156421919e497595bfa962bb88ad1665401
 F ext/fts5/fts5_hash.c 880998e596b60f078348d48732ca4ad9a90caad2
-F ext/fts5/fts5_index.c 05386732609221d066d204b22c4a5275a0225ed4
+F ext/fts5/fts5_index.c 2d146d5c547f60d22d6fc4014d5e2b64248cd7c4
 F ext/fts5/fts5_main.c f85281445dcf8be32d18841c93a6f90fe27dbfe2
 F ext/fts5/fts5_storage.c de0ed8a06738bde433afe11e92295ceaffbc4e58
 F ext/fts5/fts5_tcl.c 4a901f00c8553740dba63511603f5527d741c26a
@ -141,7 +141,7 @@ F ext/fts5/test/fts5config.test 7788b9c058074d640dfcdd81d97b6a9480000368
 F ext/fts5/test/fts5conflict.test 26f4e46c4d31e16221794832a990dc4e30e18de5
 F ext/fts5/test/fts5content.test 9a952c95518a14182dc3b59e3c8fa71cda82a4e1
 F ext/fts5/test/fts5corrupt.test c2ad090192708150d50d961278df10ae7a4b8b62
-F ext/fts5/test/fts5corrupt2.test 26c0a39dd9ff73207e6229f83b50b21d37c7658c
+F ext/fts5/test/fts5corrupt2.test 128eb6e2d26b09f4da339e581f424b3321e0fdaa
 F ext/fts5/test/fts5corrupt3.test f77f65e386231daf62902466b40ff998b2c8ce4f
 F ext/fts5/test/fts5detail.test ef5c690535a797413acaf5ad9b8ab5d49972df69
 F ext/fts5/test/fts5determin.test 10648edb75ef1e196b10978fd21a9be0c31e09c3
@ -1510,7 +1510,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P ed406d31ff54ee3de8db91690a966e5c561f8f94
-R c7f71e9982fe95b86462907f7307b757
+P fcfbee6c7d33a9ae7feb46044a0c2fe680460d39
+R ca2c772c8f9b99e461286a4305c18761
 U dan
-Z faa5a19931d7d3892f5c4860f7744222
+Z c72588ab1f18a0198f4aa8645b38264f
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-fcfbee6c7d33a9ae7feb46044a0c2fe680460d39
+e22252e1da4cd9e41b970970a1c4f466aa6cc133