Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: backport 774cfcb from sqlite (#30399)
- Loading branch information
Showing
2 changed files
with
158 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,3 @@ | ||
| fix_a_problem_handling_sub-queries_with_both_a_correlated_where.patch | ||
| utf-8_q_when_20constructing_20the_20synthensized_20select_20sta.patch | ||
| sqlite_fix_an_undefined-integer-overflow_problem_in_fts3_c.patch |
157 changes: 157 additions & 0 deletions
157
patches/sqlite/sqlite_fix_an_undefined-integer-overflow_problem_in_fts3_c.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,157 @@ | ||
| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 | ||
| From: Darwin Huang <huangdarwin@chromium.org> | ||
| Date: Wed, 19 May 2021 14:13:15 -0700 | ||
| Subject: sqlite: Fix an undefined-integer-overflow problem in fts3.c. | ||
|
|
||
| Original change: https://sqlite.org/src/info/a0bf931bd712037e | ||
|
|
||
| Bug: 1204066 | ||
| Change-Id: I34704f1cfe36672d10065f4103c91fb4f35d3895 | ||
|
|
||
| diff --git a/amalgamation/sqlite3.c b/amalgamation/sqlite3.c | ||
| index 9e3a46624d09f7abe645d1d9e4b2c430c8acc99e..8dff8dcb9be5fd5d1010a44d30d27461659f89c0 100644 | ||
| --- a/amalgamation/sqlite3.c | ||
| +++ b/amalgamation/sqlite3.c | ||
| @@ -168279,7 +168279,7 @@ static int fts3ScanInteriorNode( | ||
| char *zBuffer = 0; /* Buffer to load terms into */ | ||
| i64 nAlloc = 0; /* Size of allocated buffer */ | ||
| int isFirstTerm = 1; /* True when processing first term on page */ | ||
| - sqlite3_int64 iChild; /* Block id of child node to descend to */ | ||
| + u64 iChild; /* Block id of child node to descend to */ | ||
| int nBuffer = 0; /* Total term size */ | ||
|
|
||
| /* Skip over the 'height' varint that occurs at the start of every | ||
| @@ -168295,8 +168295,8 @@ static int fts3ScanInteriorNode( | ||
| ** table, then there are always 20 bytes of zeroed padding following the | ||
| ** nNode bytes of content (see sqlite3Fts3ReadBlock() for details). | ||
| */ | ||
| - zCsr += sqlite3Fts3GetVarint(zCsr, &iChild); | ||
| - zCsr += sqlite3Fts3GetVarint(zCsr, &iChild); | ||
| + zCsr += sqlite3Fts3GetVarintU(zCsr, &iChild); | ||
| + zCsr += sqlite3Fts3GetVarintU(zCsr, &iChild); | ||
| if( zCsr>zEnd ){ | ||
| return FTS_CORRUPT_VTAB; | ||
| } | ||
| @@ -168349,20 +168349,20 @@ static int fts3ScanInteriorNode( | ||
| */ | ||
| cmp = memcmp(zTerm, zBuffer, (nBuffer>nTerm ? nTerm : nBuffer)); | ||
| if( piFirst && (cmp<0 || (cmp==0 && nBuffer>nTerm)) ){ | ||
| - *piFirst = iChild; | ||
| + *piFirst = (i64)iChild; | ||
| piFirst = 0; | ||
| } | ||
|
|
||
| if( piLast && cmp<0 ){ | ||
| - *piLast = iChild; | ||
| + *piLast = (i64)iChild; | ||
| piLast = 0; | ||
| } | ||
|
|
||
| iChild++; | ||
| }; | ||
|
|
||
| - if( piFirst ) *piFirst = iChild; | ||
| - if( piLast ) *piLast = iChild; | ||
| + if( piFirst ) *piFirst = (i64)iChild; | ||
| + if( piLast ) *piLast = (i64)iChild; | ||
|
|
||
| finish_scan: | ||
| sqlite3_free(zBuffer); | ||
| diff --git a/amalgamation_dev/sqlite3.c b/amalgamation_dev/sqlite3.c | ||
| index 689d52d5f51e8f552d4191b6811f556a2b997303..5e56254000b0225d24b332cb4fa6b2b0507c68ea 100644 | ||
| --- a/amalgamation_dev/sqlite3.c | ||
| +++ b/amalgamation_dev/sqlite3.c | ||
| @@ -168779,7 +168779,7 @@ static int fts3ScanInteriorNode( | ||
| char *zBuffer = 0; /* Buffer to load terms into */ | ||
| i64 nAlloc = 0; /* Size of allocated buffer */ | ||
| int isFirstTerm = 1; /* True when processing first term on page */ | ||
| - sqlite3_int64 iChild; /* Block id of child node to descend to */ | ||
| + u64 iChild; /* Block id of child node to descend to */ | ||
| int nBuffer = 0; /* Total term size */ | ||
|
|
||
| /* Skip over the 'height' varint that occurs at the start of every | ||
| @@ -168795,8 +168795,8 @@ static int fts3ScanInteriorNode( | ||
| ** table, then there are always 20 bytes of zeroed padding following the | ||
| ** nNode bytes of content (see sqlite3Fts3ReadBlock() for details). | ||
| */ | ||
| - zCsr += sqlite3Fts3GetVarint(zCsr, &iChild); | ||
| - zCsr += sqlite3Fts3GetVarint(zCsr, &iChild); | ||
| + zCsr += sqlite3Fts3GetVarintU(zCsr, &iChild); | ||
| + zCsr += sqlite3Fts3GetVarintU(zCsr, &iChild); | ||
| if( zCsr>zEnd ){ | ||
| return FTS_CORRUPT_VTAB; | ||
| } | ||
| @@ -168849,20 +168849,20 @@ static int fts3ScanInteriorNode( | ||
| */ | ||
| cmp = memcmp(zTerm, zBuffer, (nBuffer>nTerm ? nTerm : nBuffer)); | ||
| if( piFirst && (cmp<0 || (cmp==0 && nBuffer>nTerm)) ){ | ||
| - *piFirst = iChild; | ||
| + *piFirst = (i64)iChild; | ||
| piFirst = 0; | ||
| } | ||
|
|
||
| if( piLast && cmp<0 ){ | ||
| - *piLast = iChild; | ||
| + *piLast = (i64)iChild; | ||
| piLast = 0; | ||
| } | ||
|
|
||
| iChild++; | ||
| }; | ||
|
|
||
| - if( piFirst ) *piFirst = iChild; | ||
| - if( piLast ) *piLast = iChild; | ||
| + if( piFirst ) *piFirst = (i64)iChild; | ||
| + if( piLast ) *piLast = (i64)iChild; | ||
|
|
||
| finish_scan: | ||
| sqlite3_free(zBuffer); | ||
| diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c | ||
| index 79dc5c88ceacb823d16889bd36250597361d6186..62b31373c3c3e9b61b3e1daae8d87d9393779b61 100644 | ||
| --- a/ext/fts3/fts3.c | ||
| +++ b/ext/fts3/fts3.c | ||
| @@ -1897,7 +1897,7 @@ static int fts3ScanInteriorNode( | ||
| char *zBuffer = 0; /* Buffer to load terms into */ | ||
| i64 nAlloc = 0; /* Size of allocated buffer */ | ||
| int isFirstTerm = 1; /* True when processing first term on page */ | ||
| - sqlite3_int64 iChild; /* Block id of child node to descend to */ | ||
| + u64 iChild; /* Block id of child node to descend to */ | ||
| int nBuffer = 0; /* Total term size */ | ||
|
|
||
| /* Skip over the 'height' varint that occurs at the start of every | ||
| @@ -1913,8 +1913,8 @@ static int fts3ScanInteriorNode( | ||
| ** table, then there are always 20 bytes of zeroed padding following the | ||
| ** nNode bytes of content (see sqlite3Fts3ReadBlock() for details). | ||
| */ | ||
| - zCsr += sqlite3Fts3GetVarint(zCsr, &iChild); | ||
| - zCsr += sqlite3Fts3GetVarint(zCsr, &iChild); | ||
| + zCsr += sqlite3Fts3GetVarintU(zCsr, &iChild); | ||
| + zCsr += sqlite3Fts3GetVarintU(zCsr, &iChild); | ||
| if( zCsr>zEnd ){ | ||
| return FTS_CORRUPT_VTAB; | ||
| } | ||
| @@ -1967,20 +1967,20 @@ static int fts3ScanInteriorNode( | ||
| */ | ||
| cmp = memcmp(zTerm, zBuffer, (nBuffer>nTerm ? nTerm : nBuffer)); | ||
| if( piFirst && (cmp<0 || (cmp==0 && nBuffer>nTerm)) ){ | ||
| - *piFirst = iChild; | ||
| + *piFirst = (i64)iChild; | ||
| piFirst = 0; | ||
| } | ||
|
|
||
| if( piLast && cmp<0 ){ | ||
| - *piLast = iChild; | ||
| + *piLast = (i64)iChild; | ||
| piLast = 0; | ||
| } | ||
|
|
||
| iChild++; | ||
| }; | ||
|
|
||
| - if( piFirst ) *piFirst = iChild; | ||
| - if( piLast ) *piLast = iChild; | ||
| + if( piFirst ) *piFirst = (i64)iChild; | ||
| + if( piLast ) *piLast = (i64)iChild; | ||
|
|
||
| finish_scan: | ||
| sqlite3_free(zBuffer); |