Fix a buffer overrun that could occur in fts5 when running a prefix query against a corrupt db.

FossilOrigin-Name: 4da40620ac8557aba6e1e06e720418b55e9950f406288b03749ef1b117041cd9

ext/fts5/fts5_index.c

@@ -4822,6 +4822,9 @@ static void fts5DoclistIterNext(Fts5DoclistIter *pIter){
     }
 
     pIter->aPoslist = p;
+    if( &pIter->aPoslist[pIter->nPoslist]>pIter->aEof ){
+      pIter->aPoslist = 0;
+    }
   }
 }
 

manifest

@@ -1,5 +1,5 @@
-C Remove\sthe\s--timeout\soption\sfrom\sthe\svalgrindfuzz\sMakefile\starget.
-D 2021-03-03T16:46:03.440
+C Fix\sa\sbuffer\soverrun\sthat\scould\soccur\sin\sfts5\swhen\srunning\sa\sprefix\squery\sagainst\sa\scorrupt\sdb.
+D 2021-03-03T19:36:40.931
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -119,7 +119,7 @@ F ext/fts5/fts5_buffer.c 5a5fe0159752c0fb0a5a93c722e9db2662822709490769d482b76a6
 F ext/fts5/fts5_config.c be54f44fca491e96c6923a4b9a736f2da2b13811600eb6e38d1bcc91c4ea2e61
 F ext/fts5/fts5_expr.c 016bd06030679bd31b0f07ef87d62c42031e5da25cb3174a84e5b0f6ef4b47b0
 F ext/fts5/fts5_hash.c 1aa93c9b5f461afba66701ee226297dc78402b3bdde81e90a10de5fe3df14959
-F ext/fts5/fts5_index.c acbe3ccd36f5a7373009dfff02a11c4a817af73bc3ef8c340f2105d7d073f8b4
+F ext/fts5/fts5_index.c 4a8ec31cf07e07e0da1c1a4c97af86ccee26d10cd808357290cf2886a35b078a
 F ext/fts5/fts5_main.c b4e4931c7fcc9acfa0c3b8b5e5e80b5b424b8d9207aae3a22b674bd35ccf149d
 F ext/fts5/fts5_storage.c 58ba71e6cd3d43a5735815e7956ee167babb4d2cbfe206905174792af4d09d75
 F ext/fts5/fts5_tcl.c 39bcbae507f594aad778172fa914cad0f585bf92fd3b078c686e249282db0d95
@@ -160,7 +160,7 @@ F ext/fts5/test/fts5connect.test 08030168fc96fc278fa81f28654fb7e90566f33aff269c0
 F ext/fts5/test/fts5content.test 213506436fb2c87567b8e31f6d43ab30aab99354cec74ed679f22aad0cdbf283
 F ext/fts5/test/fts5corrupt.test 77ae6f41a7eba10620efb921cf7dbe218b0ef232b04519deb43581cb17a57ebe
 F ext/fts5/test/fts5corrupt2.test 7453752ba12ce91690c469a6449d412561cc604b1dec994e16ab132952e7805f
-F ext/fts5/test/fts5corrupt3.test 5df97f353102f0078d0bb418d620652d03460ee1cceb2992a3b5ee6fb619b24e
+F ext/fts5/test/fts5corrupt3.test 1cad09897fc69084a904c921dee7f777e1c866964ee2ec2cc7a8a69cc3f1ab68
 F ext/fts5/test/fts5corrupt4.test f4c08e2182a48d8b70975fd869ee5391855c06d8a0ff87b6a2529e7c5a88a1d3
 F ext/fts5/test/fts5delete.test 619295b20dbc1d840b403ee07c878f52378849c3c02e44f2ee143b3e978a0aa7
 F ext/fts5/test/fts5detail.test 31b240dbf6d44ac3507e2f8b65f29fdc12465ffd531212378c7ce1066766f54e
@@ -552,7 +552,7 @@ F src/sqliteLimit.h d7323ffea5208c6af2734574bae933ca8ed2ab728083caa117c9738581a3
 F src/status.c 4b8bc2a6905163a38b739854a35b826c737333fab5b1f8e03fa7eb9a4799c4c1
 F src/table.c 0f141b58a16de7e2fbe81c308379e7279f4c6b50eb08efeec5892794a0ba30d1
 F src/tclsqlite.c 986b6391f02cd9b53c1d688be55899f6ffddeb8e8014cd83c1b73ff912579a71
-F src/test1.c 2197966d2f7211ef9eefaa6c3c7dd2c7d786d1f33f2aadef2f08c8c79eceec26
+F src/test1.c 07f60dfe9574720268abf97757b1d62894e959e3db4a530e4988367be06c5f14
 F src/test2.c 3efb99ab7f1fc8d154933e02ae1378bac9637da5
 F src/test3.c 61798bb0d38b915067a8c8e03f5a534b431181f802659a6616f9b4ff7d872644
 F src/test4.c 7c4420e01c577b5c4add2cb03119743b1a357543d347773b9e717195ea967159
@@ -1908,7 +1908,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P e6c7683c7503ac743d1d476c60c31f887b7ad829e26e812c25acdd4366044db8
-R e77cda0b369ceea50b416b8516f743d1
+P 3f520b8bdef7dcdad30e052ed8a07b0493bff4497603521e701fab7324df2995
+R bf9673d09bb6129e5121f0cfe63374d9
 U dan
-Z 0efa4696a72192981e7924beabc49254
+Z 428ef74b7b93c2a0a1d5bc43a56052a4

manifest.uuid

@@ -1 +1 @@
-3f520b8bdef7dcdad30e052ed8a07b0493bff4497603521e701fab7324df2995
+4da40620ac8557aba6e1e06e720418b55e9950f406288b03749ef1b117041cd9

src/test1.c

@@ -6648,7 +6648,7 @@ static int SQLITE_TCLAPI prng_seed(
     Tcl_WrongNumArgs(interp, 1, objv, "SEED ?DB?");
     return TCL_ERROR;
   }
-  if( Tcl_GetIntFromObj(interp,objv[0],&i) ) return TCL_ERROR;
+  if( Tcl_GetIntFromObj(interp,objv[1],&i) ) return TCL_ERROR;
   if( objc==3 && getDbPointer(interp, Tcl_GetString(objv[2]), &db) ){
     return TCL_ERROR;
   }