From 5d4589014a71960310af35a8a3412b2930eb84a2 Mon Sep 17 00:00:00 2001 From: drh Date: Sat, 12 Jan 2019 00:45:20 +0000 Subject: [PATCH] Improved detection of shadow table corruption in the fts5_decode() SQL function. FossilOrigin-Name: b74e5f3f3057ee7a98ebcb14ca0751048eacbec8fca3e11e241883029a57ecdf --- ext/fts5/fts5_index.c | 8 ++++++++ manifest | 12 ++++++------ manifest.uuid | 2 +- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c index 4cd5e5e23e..b16dd2befc 100644 --- a/ext/fts5/fts5_index.c +++ b/ext/fts5/fts5_index.c @@ -6398,6 +6398,10 @@ static void fts5DecodeFunction( }else{ iOff = szLeaf; } + if( iOff>n ){ + rc = FTS5_CORRUPT; + goto decode_out; + } fts5DecodePoslist(&rc, &s, &a[4], iOff-4); /* Decode any more doclist data that appears on the page before the @@ -6434,6 +6438,10 @@ static void fts5DecodeFunction( term.n = nByte; } iOff += fts5GetVarint32(&a[iOff], nByte); + if( iOff+nByte>n ){ + rc = FTS5_CORRUPT; + break; + } fts5BufferAppendBlob(&rc, &term, nByte, &a[iOff]); iOff += nByte; diff --git a/manifest b/manifest index 8bde999f80..b32d251a69 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Improved\sshadow\stable\scorruption\sdetection\sin\sthe\smatchinfo()\sfunction\sof\sFTS3. -D 2019-01-12T00:12:33.531 +C Improved\sdetection\sof\sshadow\stable\scorruption\sin\sthe\sfts5_decode()\sSQL\sfunction. +D 2019-01-12T00:45:20.077 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in 45a3fef4d325ac0220c2172aeec4e4321da351f073f3b8e8ddea655f49ef6f2b @@ -115,7 +115,7 @@ F ext/fts5/fts5_buffer.c 9d7bd654123832879c9f7e2d37f37aebcc3271e65a5e56d9410d81e F ext/fts5/fts5_config.c eeec97cb0237991e7fa3bbae07b5cc354e3f238b661200c11228fe167c18f882 F ext/fts5/fts5_expr.c 188d1dca5a262a0708efc5deb809f1aa6ecea4158986a439d2670cfe72d10b65 F ext/fts5/fts5_hash.c d415f5ad332b051f0ade564bcf1762c4467cc49b2ba8ea5873d8744c705d8d42 -F ext/fts5/fts5_index.c 7e617122cd695c57ded21fab4b43bf5acb5f65bd2e5566f233c61c46c510d356 +F ext/fts5/fts5_index.c d1d037dc235802a60af58b8fcffbbb42f4696a318b71d335902ace3d3c9aa27a F ext/fts5/fts5_main.c 90062ccfc54031ff97660e277d868ec080c5b46e42d784856385b12645e60ed6 F ext/fts5/fts5_storage.c 00db5029ee470172c1a79d7182808b678ee21b7ea1f63618bcb0591bf8cf7f8a F ext/fts5/fts5_tcl.c 39bcbae507f594aad778172fa914cad0f585bf92fd3b078c686e249282db0d95 @@ -1798,7 +1798,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 473626d5579dd19023abccaf7c1822ac0c883a0b98904837ea096fa16e4f41c4 -R 73d136a154272e99ebd73161aec00794 +P 567be3bb1e8b6477f3bf1c7b4cd6ec066fba69d0dcf8785632e244ce25db639f +R aca3cf5715dc297643eea292d3459238 U drh -Z 9657b145f08b5b72d177903d9527e803 +Z eefd0c074ad030760bd94a241383811e diff --git a/manifest.uuid b/manifest.uuid index 595be57670..d422dfc859 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -567be3bb1e8b6477f3bf1c7b4cd6ec066fba69d0dcf8785632e244ce25db639f \ No newline at end of file +b74e5f3f3057ee7a98ebcb14ca0751048eacbec8fca3e11e241883029a57ecdf \ No newline at end of file