Fix a buffer overrun in fts3 that could occur when handling corrupt records and '^' queries.

FossilOrigin-Name: 9d0b6b0f42a47a3892ebc765250756fb8b844e8399d992a8b65f55af3800ea06
2025-07-29 08:01:23 +03:00 · 2021-06-07 15:28:33 +00:00
parent 09c69fc1b3
commit ec73546103
4 changed files with 229 additions and 10 deletions
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@ -3003,7 +3003,7 @@ int sqlite3Fts3SegReaderStep(

          nByte = sqlite3Fts3VarintLen(iDelta) + (isRequirePos?nList+1:0);

-          rc = fts3GrowSegReaderBuffer(pCsr, nByte+nDoclist);
+          rc = fts3GrowSegReaderBuffer(pCsr, nByte+nDoclist+FTS3_NODE_PADDING);
          if( rc ) return rc;

          if( isFirst ){