Fix an undefined signed integer overflow in fts5.

FossilOrigin-Name: e6f0adb00da84561e686a8db83858c7fd6b008756dd1aef807ea68f878ca3db7
2025-07-29 08:01:23 +03:00 · 2021-04-13 17:45:36 +00:00
parent 3bb9d75aa6
commit 304cbc17c2
4 changed files with 32 additions and 11 deletions
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@ -4541,14 +4541,14 @@ static void fts5FlushOneHash(Fts5Index *p){
        fts5BufferSafeAppendBlob(pBuf, pDoclist, nDoclist);
      }else{
        i64 iRowid = 0;
-        i64 iDelta = 0;
+        u64 iDelta = 0;
        int iOff = 0;

        /* The entire doclist will not fit on this leaf. The following 
        ** loop iterates through the poslists that make up the current 
        ** doclist.  */
        while( p->rc==SQLITE_OK && iOff<nDoclist ){
-          iOff += fts5GetVarint(&pDoclist[iOff], (u64*)&iDelta);
+          iOff += fts5GetVarint(&pDoclist[iOff], &iDelta);
          iRowid += iDelta;
          
          if( writer.bFirstRowidInPage ){
--- a/ext/fts5/test/fts5doclist.test
+++ b/ext/fts5/test/fts5doclist.test
@ -42,5 +42,26 @@ do_execsql_test 1.2 {
  INSERT INTO ccc(ccc) VALUES('integrity-check');
 }

+#-------------------------------------------------------------------------
+#
+reset_db
+do_execsql_test 2.1 {
+  CREATE VIRTUAL TABLE tx USING fts5(x);
+}
+
+set doc [string repeat "abc " 5000]
+do_execsql_test 2.2 {
+  BEGIN;
+    INSERT INTO tx(rowid, x) VALUES(-9000000000000000000, $doc);
+    INSERT INTO tx(rowid, x) VALUES(9000000000000000000, $doc);
+  COMMIT;
+}
+
+do_execsql_test 2.3 {
+  SELECT rowid FROM tx('abc');
+} {
+  -9000000000000000000
+   9000000000000000000
+}

 finish_test