Avoid a buffer overread in fts3 that could occur when handling corrupt data structures.

FossilOrigin-Name: 45f459d2fa4be97d9bbb970efbc0b5d40efaf93f52ed111fd0fcdc572c24327b

ext/fts3/fts3_write.c

@@ -2003,8 +2003,8 @@ static int fts3PrefixCompress(
   int nNext                       /* Size of buffer zNext in bytes */
 ){
   int n;
-  UNUSED_PARAMETER(nNext);
-  for(n=0; n<nPrev && zPrev[n]==zNext[n]; n++);
+  for(n=0; n<nPrev && n<nNext && zPrev[n]==zNext[n]; n++);
+  assert_fts3_nc( n<nNext );
   return n;
 }
 

manifest

@@ -1,5 +1,5 @@
-C Fix\sa\sbuffer\soverread\sthat\scould\soccur\sin\sfts5\swhen\shandling\scorrupt\srecords.
-D 2021-06-07T17:36:57.686
+C Avoid\sa\sbuffer\soverread\sin\sfts3\sthat\scould\soccur\swhen\shandling\scorrupt\sdata\sstructures.
+D 2021-06-08T12:15:56.225
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -102,7 +102,7 @@ F ext/fts3/fts3_tokenizer.h 64c6ef6c5272c51ebe60fc607a896e84288fcbc3
 F ext/fts3/fts3_tokenizer1.c 5c98225a53705e5ee34824087478cf477bdb7004
 F ext/fts3/fts3_unicode.c de426ff05c1c2e7bce161cf6b706638419c3a1d9c2667de9cb9dc0458c18e226
 F ext/fts3/fts3_unicode2.c 416eb7e1e81142703520d284b768ca2751d40e31fa912cae24ba74860532bf0f
-F ext/fts3/fts3_write.c b0441839fd34bc23cce2e1bcdfb9489f716ff6ee0ef24308cea70ddfb5f14162
+F ext/fts3/fts3_write.c 98edfd77aeb53afcb26d8de3ed0a87f16468ee05f84f8c1752e6e378c354cd7a
 F ext/fts3/fts3speed.tcl b54caf6a18d38174f1a6e84219950d85e98bb1e9
 F ext/fts3/mkfts3amal.tcl 252ecb7fe6467854f2aa237bf2c390b74e71f100
 F ext/fts3/tool/fts3cov.sh c331d006359456cf6f8f953e37f2b9c7d568f3863f00bb5f7eb87fea4ac01b73
@@ -974,7 +974,7 @@ F test/fts3corrupt2.test e318f0676e5e78d5a4b702637e2bb25265954c08a1b1e4aaf93c788
 F test/fts3corrupt3.test 0d5b69a0998b4adf868cc301fc78f3d0707745f1d984ce044c205cdb764b491f
 F test/fts3corrupt4.test 1b3333822577b0888c95de8490a1a6152c47cb33a763fe62c54825202c31812f
 F test/fts3corrupt5.test 0549f85ec4bd22e992f645f13c59b99d652f2f5e643dac75568bfd23a6db7ed5
-F test/fts3corrupt6.test d274f139ec173392002c768631f404fefc007ae02ffa1b03d8cbd096c3fc00f9
+F test/fts3corrupt6.test 657b4b8e5791d8d4adc93c90588fb25f1c7346544dd877c6c298a0746749146d
 F test/fts3cov.test 7eacdbefd756cfa4dc2241974e3db2834e9b372ca215880e00032222f32194cf
 F test/fts3d.test 2bd8c97bcb9975f2334147173b4872505b6a41359a4f9068960a36afe07a679f
 F test/fts3defer.test f4c20e4c7153d20a98ee49ee5f3faef624fefc9a067f8d8d629db380c4d9f1de
@@ -1918,7 +1918,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 9d0b6b0f42a47a3892ebc765250756fb8b844e8399d992a8b65f55af3800ea06
-R 23d59505d159d31d2ffb5d1777058548
+P 078962a2164a784b135bacee51ef10973dc2e30de04353d48698d0e72edd63d8
+R 5a17f4e5ebbfe022e0c97e67ae492f79
 U dan
-Z 86b1a535909414fcc97ab5a0253c5f21
+Z 7b7192d0a99b7f6acb9424a14999a3f8

manifest.uuid

@@ -1 +1 @@
-078962a2164a784b135bacee51ef10973dc2e30de04353d48698d0e72edd63d8
+45f459d2fa4be97d9bbb970efbc0b5d40efaf93f52ed111fd0fcdc572c24327b

test/fts3corrupt6.test

@@ -62,5 +62,17 @@ do_execsql_test 2.1 {
   SELECT count(*) FROM t0 WHERE t0 MATCH '(1 NEAR 1) AND (aaaa OR 1)';
 } 1
 
+#-------------------------------------------------------------------------
+reset_db
+do_execsql_test 3.0 {
+  CREATE VIRTUAL TABLE main.Table0 USING fts3();
+  INSERT INTO Table0 VALUES (1), (printf('%8.1280000X') ), (1), (printf('%8.1280000X') ), (1)  ;
+  INSERT INTO Table0 VALUES (0), (printf('%8.1280000X%8.1280000X') ), (1), (printf('%1280000.1280000X%#1280000.1280000E%8.1280000X') ), (1)  ;
+  INSERT INTO Table0 VALUES (1)  ;
+  UPDATE Table0_segdir SET start_block = 1;
+  INSERT INTO Table0 VALUES (1)  ;
+  INSERT INTO Table0(Table0) VALUES('merge=6,8');
+}
+
 set sqlite_fts3_enable_parentheses $saved_sqlite_fts3_enable_parentheses
 finish_test