database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-01 06:27:03 +03:00
Code Activity

Fix a problem in fts5 where a corrupt db could lead to a (huge) buffer overread.

Browse Source 
FossilOrigin-Name: c9a30e117f2c6c9ef0cc0c6ca5227d2961715b8f
This commit is contained in:
dan
2016-02-29 17:34:16 +00:00
parent 437a54eaba
commit 4e9d0d5418
3 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ext/fts5/fts5_index.c
View File

@ -698,6 +698,7 @@ static Fts5Data *fts5DataRead(Fts5Index *p, i64 iRowid){
return pRet;
}
/*
** Release a reference to data record returned by an earlier call to
** fts5DataRead().
@ -2154,6 +2155,10 @@ static void fts5LeafSeek(
iPgidx = szLeaf;
iPgidx += fts5GetVarint32(&a[iPgidx], iTermOff);
iOff = iTermOff;
if( iOff>n ){
p->rc = FTS5_CORRUPT;
return;
}
while( 1 ){