Fix a crash in fts3 that could occur when running a NEAR query on a corrupt database.

FossilOrigin-Name: 609d94996324f3d3c12bb8cc04a2527d1d86c35cdb2267b5b34053c961158986

ext/fts3/fts3.c

@@ -5212,9 +5212,9 @@ static int fts3EvalNearTrim(
   );
   if( res ){
     nNew = (int)(pOut - pPhrase->doclist.pList) - 1;
-    if( nNew>=0 ){
+    assert_fts3_nc( nNew<=pPhrase->doclist.nList && nNew>0 );
+    if( nNew>=0 && nNew<=pPhrase->doclist.nList ){
       assert( pPhrase->doclist.pList[nNew]=='\0' );
-      assert( nNew<=pPhrase->doclist.nList && nNew>0 );
       memset(&pPhrase->doclist.pList[nNew], 0, pPhrase->doclist.nList - nNew);
       pPhrase->doclist.nList = nNew;
     }

manifest

@@ -1,5 +1,5 @@
-C Fix\sa\spossible\sNULL\spointer\sdereference\swhen\sapplying\sa\sDROP\sCOLUMN\sto\sa\ncorrupt\sdatabase\sschema.\s\sdbsqlfuzz\s419aa525df93db6e463772c686ac6da27b46da9e
-D 2021-03-06T13:02:12.531
+C Fix\sa\scrash\sin\sfts3\sthat\scould\soccur\swhen\srunning\sa\sNEAR\squery\son\sa\scorrupt\sdatabase.
+D 2021-03-06T13:28:07.450
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -84,7 +84,7 @@ F ext/fts3/README.content b9078d0843a094d86af0d48dffbff13c906702b4c3558012e67b9c
 F ext/fts3/README.syntax a19711dc5458c20734b8e485e75fb1981ec2427a
 F ext/fts3/README.tokenizers b92bdeb8b46503f0dd301d364efc5ef59ef9fa8e2758b8e742f39fa93a2e422d
 F ext/fts3/README.txt 8c18f41574404623b76917b9da66fcb0ab38328d
-F ext/fts3/fts3.c 4809e0b05af4519ad8bfa13d684f7ad635d1390a758299d2302f7e85c48ec160
+F ext/fts3/fts3.c 7b449348226a91cc851fe969f5c1932d4f00c359a32fd17f2afea92bf875147b
 F ext/fts3/fts3.h 3a10a0af180d502cecc50df77b1b22df142817fe
 F ext/fts3/fts3Int.h 045179f538c478ced266ca14327269cde8ad8d573c5be902230a5ebaa5636c59
 F ext/fts3/fts3_aux.c 96708c8b3a7d9b8ca1b68ea2b7e503e283f20e95f145becadedfad096dbd0f34
@@ -970,7 +970,7 @@ F test/fts3corrupt2.test e318f0676e5e78d5a4b702637e2bb25265954c08a1b1e4aaf93c788
 F test/fts3corrupt3.test 0d5b69a0998b4adf868cc301fc78f3d0707745f1d984ce044c205cdb764b491f
 F test/fts3corrupt4.test b71512ec391d39da96d60d01959e4e9f20d4237a964a94abcf5f5a2ad28378c1
 F test/fts3corrupt5.test 0549f85ec4bd22e992f645f13c59b99d652f2f5e643dac75568bfd23a6db7ed5
-F test/fts3corrupt6.test b6c55218b704b0cef224b284c756f9c55d0afd0b3c3837618bffeaa8c31e0d8e
+F test/fts3corrupt6.test d5896a8d389bd824457772dc1e2d2023cd5c5cf8e42733607b5d632103018d8b
 F test/fts3cov.test 7eacdbefd756cfa4dc2241974e3db2834e9b372ca215880e00032222f32194cf
 F test/fts3d.test 2bd8c97bcb9975f2334147173b4872505b6a41359a4f9068960a36afe07a679f
 F test/fts3defer.test f4c20e4c7153d20a98ee49ee5f3faef624fefc9a067f8d8d629db380c4d9f1de
@@ -1909,7 +1909,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 83dab8b358b6832a221a58e74dd5e99b9cdea4eee65124bb6799881e867d989c
-R 2ab2b4158df160ad1d5d72fc4ecf15ba
-U drh
-Z 305267156f6c2c6b812a01b9b3e78e2e
+P 349ccf58ae4bb770805066102fc8e9e478d4da1f7a6a728223bd74eabf7b7843
+R 99ad288e4e2d388ef99aaf6ec992bb26
+U dan
+Z f50a5e194b36647a536837a623a15642

manifest.uuid

@@ -1 +1 @@
-349ccf58ae4bb770805066102fc8e9e478d4da1f7a6a728223bd74eabf7b7843
+609d94996324f3d3c12bb8cc04a2527d1d86c35cdb2267b5b34053c961158986

test/fts3corrupt6.test

@@ -11,8 +11,6 @@
 # This file implements regression tests for SQLite library.  The
 # focus of this script is testing the FTS3 module.
 #
-# $Id: fts3aa.test,v 1.1 2007/08/20 17:38:42 shess Exp $
-#
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
@@ -54,6 +52,16 @@ do_execsql_test 1.3 {
   SELECT 42+matchinfo(t1,'yxyyxy')  FROM t1 WHERE t1 MATCH  x'2b0a312b0a312a312a2a0b5d0a0b0b0a312a0a0b0b0a312a0b310a392a0b0a27312a2a0b5d0a312a0b310a31315d0b310a312a316d2a0b313b15bceaa50a312a0b0a27312a2a0b5d0a312a0b310a312b0b2a310a312a0b2a0b2a0b2e5d0a0bff313336e34a2a312a0b0a3c310b0a0b4b4b0b4b2a4bec40322b2a0b310a0a312a0a0a0a0a0a0a0a0a0b310a312a2a2a0b5d0a0b0b0a312a0b310a312a0b0a4e4541530b310a5df5ced70a0a0a0a0a4f520a0a0a0a0a0a0a312a0b0a4e4541520b310a5d616161610a0a0a0a4f520a0a0a0a0a0a312b0a312a312a0a0a0a0a0a0a004a0b0a310b220a0b0a310a4a22310a0b0a7e6fe0e0e030e0e0e0e0e01176e02000e0e0e0e0e01131320226310a0b0a310a4a22310a0b0a310a766f8b8b4ee0e0300ae0090909090909090909090909090909090909090909090909090909090909090947aaaa540b09090909090909090909090909090909090909090909090909090909090909fae0e0f2f22164e0e0f273e07fefefef7d6dfafafafa6d6d6d6d';
 } {42}
 
+#-------------------------------------------------------------------------
+reset_db
+do_execsql_test 2.0 {
+  CREATE VIRTUAL TABLE t0 USING fts3(a);
+  INSERT INTO t0_segdir VALUES(0,0,0,0,'0 42',X'000131030782000103323334050100fff200010461616161050101020200000462626262050101030200');
+}
+do_execsql_test 2.1 {
+  SELECT count(*) FROM t0 WHERE t0 MATCH '(1 NEAR 1) AND (aaaa OR 1)';
+} 1
+
 set sqlite_fts3_enable_parentheses $saved_sqlite_fts3_enable_parentheses
 finish_test