mirror of
https://github.com/sqlite/sqlite.git
synced 2025-06-10 17:21:47 +03:00
Fix a use-after-free error that could occur if an fts5 table is written while scanning it using an fts5vocab cursor.
FossilOrigin-Name: e751c2ec786b5c1a1c9640fdc3fde036879a2c32db2bd67fe7c72604780f67b8
This commit is contained in:
parent
905b82d5f5
commit
fb8ca7de0c
@ -837,6 +837,40 @@ int sqlite3Fts5StructureTest(Fts5Index *p, void *pStruct){
|
|||||||
return SQLITE_OK;
|
return SQLITE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
** Ensure that structure object (*pp) is writable.
|
||||||
|
**
|
||||||
|
** This function is a no-op if (*pRc) is not SQLITE_OK when it is called. If
|
||||||
|
** an error occurs, (*pRc) is set to an SQLite error code before returning.
|
||||||
|
*/
|
||||||
|
static void fts5StructureMakeWritable(int *pRc, Fts5Structure **pp){
|
||||||
|
Fts5Structure *p = *pp;
|
||||||
|
if( *pRc==SQLITE_OK && p->nRef>1 ){
|
||||||
|
int nByte = sizeof(Fts5Structure)+(p->nLevel-1)*sizeof(Fts5StructureLevel);
|
||||||
|
Fts5Structure *pNew;
|
||||||
|
pNew = (Fts5Structure*)sqlite3Fts5MallocZero(pRc, nByte);
|
||||||
|
if( pNew ){
|
||||||
|
int i;
|
||||||
|
memcpy(pNew, p, nByte);
|
||||||
|
for(i=0; i<p->nLevel; i++) pNew->aLevel[i].aSeg = 0;
|
||||||
|
for(i=0; i<p->nLevel; i++){
|
||||||
|
Fts5StructureLevel *pLvl = &pNew->aLevel[i];
|
||||||
|
int nByte = sizeof(Fts5StructureSegment) * pNew->aLevel[i].nSeg;
|
||||||
|
pLvl->aSeg = (Fts5StructureSegment*)sqlite3Fts5MallocZero(pRc, nByte);
|
||||||
|
if( pLvl->aSeg==0 ){
|
||||||
|
for(i=0; i<p->nLevel; i++){
|
||||||
|
sqlite3_free(pNew->aLevel[i].aSeg);
|
||||||
|
}
|
||||||
|
sqlite3_free(pNew);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
memcpy(pLvl->aSeg, p->aLevel[i].aSeg, nByte);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*pp = pNew;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
** Deserialize and return the structure record currently stored in serialized
|
** Deserialize and return the structure record currently stored in serialized
|
||||||
** form within buffer pData/nData.
|
** form within buffer pData/nData.
|
||||||
@ -938,9 +972,11 @@ static int fts5StructureDecode(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
**
|
** Add a level to the Fts5Structure.aLevel[] array of structure object
|
||||||
|
** (*ppStruct).
|
||||||
*/
|
*/
|
||||||
static void fts5StructureAddLevel(int *pRc, Fts5Structure **ppStruct){
|
static void fts5StructureAddLevel(int *pRc, Fts5Structure **ppStruct){
|
||||||
|
fts5StructureMakeWritable(pRc, ppStruct);
|
||||||
if( *pRc==SQLITE_OK ){
|
if( *pRc==SQLITE_OK ){
|
||||||
Fts5Structure *pStruct = *ppStruct;
|
Fts5Structure *pStruct = *ppStruct;
|
||||||
int nLevel = pStruct->nLevel;
|
int nLevel = pStruct->nLevel;
|
||||||
|
@ -255,6 +255,27 @@ do_test 5.1 {
|
|||||||
do_execsql_test 5.2 {
|
do_execsql_test 5.2 {
|
||||||
SELECT * FROM t1
|
SELECT * FROM t1
|
||||||
} {one two three four five}
|
} {one two three four five}
|
||||||
|
|
||||||
|
#-------------------------------------------------------------------------
|
||||||
|
# Check that the fts5 table cannot be written while there are vocab
|
||||||
|
# cursors open.
|
||||||
|
reset_db
|
||||||
|
do_execsql_test 5.0 {
|
||||||
|
CREATE VIRTUAL TABLE t1 USING fts5(a);
|
||||||
|
CREATE VIRTUAL TABLE v1 USING fts5vocab(t1, instance);
|
||||||
|
WITH s(i) AS (
|
||||||
|
VALUES(1) UNION ALL SELECT i+1 FROM s WHERE i<10000
|
||||||
|
)
|
||||||
|
INSERT INTO t1 SELECT
|
||||||
|
'State Emergency Service (SES), Rural Fire Service (RFS) and Volunteers'
|
||||||
|
FROM s;
|
||||||
|
}
|
||||||
|
|
||||||
|
do_catchsql_test 5.1 {
|
||||||
|
INSERT INTO t1 SELECT rowid FROM v1
|
||||||
|
} {1 {query aborted}}
|
||||||
|
|
||||||
|
|
||||||
finish_test
|
finish_test
|
||||||
|
|
||||||
|
|
||||||
|
16
manifest
16
manifest
@ -1,5 +1,5 @@
|
|||||||
C Fix\san\sissue\sin\sthe\s"shrink.test"\stest\sscript\sreported\sby\n[forum:/forumpost/90a74bd61861f58f|forum\spost\s90a74bd618].
|
C Fix\sa\suse-after-free\serror\sthat\scould\soccur\sif\san\sfts5\stable\sis\swritten\swhile\sscanning\sit\susing\san\sfts5vocab\scursor.
|
||||||
D 2021-09-06T15:59:32.983
|
D 2021-09-06T16:15:23.416
|
||||||
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
||||||
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
||||||
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
|
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
|
||||||
@ -119,7 +119,7 @@ F ext/fts5/fts5_buffer.c 89a51b37c4aa1c02c1ec24c18c55196c0693b29a752fedfd036938d
|
|||||||
F ext/fts5/fts5_config.c 8336d0ff6db0933f63cfec8ae0ab76e68393259cbccc0b46e1f79f7fa1842ff3
|
F ext/fts5/fts5_config.c 8336d0ff6db0933f63cfec8ae0ab76e68393259cbccc0b46e1f79f7fa1842ff3
|
||||||
F ext/fts5/fts5_expr.c 6ea447b0cb1888110087a8c04133817b0ccf964fe22414371b0e32189a556533
|
F ext/fts5/fts5_expr.c 6ea447b0cb1888110087a8c04133817b0ccf964fe22414371b0e32189a556533
|
||||||
F ext/fts5/fts5_hash.c 1aa93c9b5f461afba66701ee226297dc78402b3bdde81e90a10de5fe3df14959
|
F ext/fts5/fts5_hash.c 1aa93c9b5f461afba66701ee226297dc78402b3bdde81e90a10de5fe3df14959
|
||||||
F ext/fts5/fts5_index.c 75249b8218dac9c9e7d62362e2be414c1399fdc380c838e5512e2042967b38c8
|
F ext/fts5/fts5_index.c 99d3242d8416c2bb0c8e6e44e9259aac4386ea9e4f6fd0c740733583b72a4a60
|
||||||
F ext/fts5/fts5_main.c 35ebbcae681a4a40027c47bc2e94d7e7c81e331dc406bb9b23c546454ee8f98a
|
F ext/fts5/fts5_main.c 35ebbcae681a4a40027c47bc2e94d7e7c81e331dc406bb9b23c546454ee8f98a
|
||||||
F ext/fts5/fts5_storage.c 58ba71e6cd3d43a5735815e7956ee167babb4d2cbfe206905174792af4d09d75
|
F ext/fts5/fts5_storage.c 58ba71e6cd3d43a5735815e7956ee167babb4d2cbfe206905174792af4d09d75
|
||||||
F ext/fts5/fts5_tcl.c b1445cbe69908c411df8084a10b2485500ac70a9c747cdc8cda175a3da59d8ae
|
F ext/fts5/fts5_tcl.c b1445cbe69908c411df8084a10b2485500ac70a9c747cdc8cda175a3da59d8ae
|
||||||
@ -229,7 +229,7 @@ F ext/fts5/test/fts5unindexed.test 9021af86a0fb9fc616f7a69a996db0116e7936d0db638
|
|||||||
F ext/fts5/test/fts5update.test b8affd796e45c94a4d19ad5c26606ea06065a0f162a9562d9f005b5a80ccf0bc
|
F ext/fts5/test/fts5update.test b8affd796e45c94a4d19ad5c26606ea06065a0f162a9562d9f005b5a80ccf0bc
|
||||||
F ext/fts5/test/fts5version.test c8f2cc105f0abf0224965f93e584633dee3e06c91478bc67e468f7cfdf97fd6a
|
F ext/fts5/test/fts5version.test c8f2cc105f0abf0224965f93e584633dee3e06c91478bc67e468f7cfdf97fd6a
|
||||||
F ext/fts5/test/fts5vocab.test 7ed80d9af1ddaaa1637da05e406327b5aac250848bc604c1c1cc667908b87760
|
F ext/fts5/test/fts5vocab.test 7ed80d9af1ddaaa1637da05e406327b5aac250848bc604c1c1cc667908b87760
|
||||||
F ext/fts5/test/fts5vocab2.test c0a8397523561eb780b4f439e75d4969fade0ac40bc73e0c8fd2f3e065111161
|
F ext/fts5/test/fts5vocab2.test c9674cf0ffc0384162cdc78828189bb4ed4d54e2798063b5d737e50704a2db5c
|
||||||
F ext/fts5/tool/fts5speed.tcl b0056f91a55b2d1a3684ec05729de92b042e2f85
|
F ext/fts5/tool/fts5speed.tcl b0056f91a55b2d1a3684ec05729de92b042e2f85
|
||||||
F ext/fts5/tool/fts5txt2db.tcl c0d43c8590656f8240e622b00957b3a0facc49482411a9fdc2870b45c0c82f9f
|
F ext/fts5/tool/fts5txt2db.tcl c0d43c8590656f8240e622b00957b3a0facc49482411a9fdc2870b45c0c82f9f
|
||||||
F ext/fts5/tool/loadfts5.tcl 95b03429ee6b138645703c6ca192c3ac96eaf093
|
F ext/fts5/tool/loadfts5.tcl 95b03429ee6b138645703c6ca192c3ac96eaf093
|
||||||
@ -1922,7 +1922,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
|||||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||||
P b3cfe23bec0b95ca673802526704200e2396df715fdded72aa71addd7f47e0e1
|
P 6c3734edb2ecabd85a715c853ef58da39381af26d3dd32e53c068b4fcf6fb98f
|
||||||
R d804c1fe9dfdd55c91d9dd7be30deb33
|
R b61370b93af0502187f5ca4ecbb0c1a4
|
||||||
U drh
|
U dan
|
||||||
Z c12e0d7a856c0cabe2857d56a3d90a01
|
Z 47ef5fcc5dc27245bda95f4b4ccf3ea9
|
||||||
|
@ -1 +1 @@
|
|||||||
6c3734edb2ecabd85a715c853ef58da39381af26d3dd32e53c068b4fcf6fb98f
|
e751c2ec786b5c1a1c9640fdc3fde036879a2c32db2bd67fe7c72604780f67b8
|
Loading…
x
Reference in New Issue
Block a user