database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-09-11 08:30:57 +03:00
Code Activity

Fix for a potential UAF in FTS5.

Browse Source 
FossilOrigin-Name: e33f2fedda17b4f3678fc23c438093c256b0c125da5f1ac42ecaf3d604d54b6a
This commit is contained in:
drh
2025-02-03 18:05:54 +00:00
parent 6e5802fc74 9e639d2490
commit c2b446f16a
4 changed files with 21 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ext/fts5/fts5_index.c
View File

@@ -5476,8 +5476,11 @@ static void fts5DoSecureDelete(
** This is called as part of flushing a delete to disk in 'secure-delete'
** mode. It edits the segments within the database described by argument
** pStruct to remove the entries for term zTerm, rowid iRowid.
**
** Return SQLITE_OK if successful, or an SQLite error code if an error
** has occurred. Any error code is also stored in the Fts5Index handle.
*/
static void fts5FlushSecureDelete(
static int fts5FlushSecureDelete(
Fts5Index *p,
Fts5Structure *pStruct,
const char *zTerm,
@@ -5522,6 +5525,7 @@ static void fts5FlushSecureDelete(
}
fts5MultiIterFree(pIter);
return p->rc;
}
@@ -5605,8 +5609,9 @@ static void fts5FlushOneHash(Fts5Index *p){
** using fts5FlushSecureDelete(). */
if( bSecureDelete ){
if( eDetail==FTS5_DETAIL_NONE ){
if( iOff<nDoclist && pDoclist[iOff]==0x00 ){
fts5FlushSecureDelete(p, pStruct, zTerm, nTerm, iRowid);
if( iOff<nDoclist && pDoclist[iOff]==0x00
&& !fts5FlushSecureDelete(p, pStruct, zTerm, nTerm, iRowid)
){
iOff++;
if( iOff<nDoclist && pDoclist[iOff]==0x00 ){
iOff++;
@@ -5615,8 +5620,9 @@ static void fts5FlushOneHash(Fts5Index *p){
continue;
}
}
}else if( (pDoclist[iOff] & 0x01) ){
fts5FlushSecureDelete(p, pStruct, zTerm, nTerm, iRowid);
}else if( (pDoclist[iOff] & 0x01)
&& !fts5FlushSecureDelete(p, pStruct, zTerm, nTerm, iRowid)
){
if( p->rc!=SQLITE_OK || pDoclist[iOff]==0x01 ){
iOff++;
continue;