|
 |
11c328 |
Subject: [PATCH] Fix a use-after-free bug in the fts3 snippet() function.
|
|
|
11c328 |
|
|
|
11c328 |
---
|
|
|
11c328 |
ext/fts3/fts3.c | 1 +
|
|
|
11c328 |
test/fts3snippet2.test | 59 ++++++++++++++++++++++++++++++++++++++++++
|
|
|
11c328 |
2 files changed, 60 insertions(+)
|
|
|
11c328 |
create mode 100644 test/fts3snippet2.test
|
|
|
11c328 |
|
|
|
11c328 |
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
|
|
|
11c328 |
index 84fc8a5..9ddd201 100644
|
|
|
11c328 |
--- a/ext/fts3/fts3.c
|
|
|
11c328 |
+++ b/ext/fts3/fts3.c
|
|
|
11c328 |
@@ -5213,6 +5213,7 @@ static void fts3EvalNextRow(
|
|
|
11c328 |
fts3EvalNextRow(pCsr, pLeft, pRc);
|
|
|
11c328 |
}
|
|
|
11c328 |
}
|
|
|
11c328 |
+ pRight->bEof = pLeft->bEof = 1;
|
|
|
11c328 |
}
|
|
|
11c328 |
}
|
|
|
11c328 |
break;
|
|
|
11c328 |
diff --git a/test/fts3snippet2.test b/test/fts3snippet2.test
|
|
|
11c328 |
new file mode 100644
|
|
|
11c328 |
index 0000000..607b01e
|
|
|
11c328 |
--- /dev/null
|
|
|
11c328 |
+++ b/test/fts3snippet2.test
|
|
|
11c328 |
@@ -0,0 +1,59 @@
|
|
|
11c328 |
+# 2020-05-14
|
|
|
11c328 |
+#
|
|
|
11c328 |
+# The author disclaims copyright to this source code. In place of
|
|
|
11c328 |
+# a legal notice, here is a blessing:
|
|
|
11c328 |
+#
|
|
|
11c328 |
+# May you do good and not evil.
|
|
|
11c328 |
+# May you find forgiveness for yourself and forgive others.
|
|
|
11c328 |
+# May you share freely, never taking more than you give.
|
|
|
11c328 |
+#
|
|
|
11c328 |
+#*************************************************************************
|
|
|
11c328 |
+#
|
|
|
11c328 |
+# The tests in this file test the FTS3 auxillary functions offsets(),
|
|
|
11c328 |
+# snippet() and matchinfo() work. At time of writing, running this file
|
|
|
11c328 |
+# provides full coverage of fts3_snippet.c.
|
|
|
11c328 |
+#
|
|
|
11c328 |
+
|
|
|
11c328 |
+set testdir [file dirname $argv0]
|
|
|
11c328 |
+source $testdir/tester.tcl
|
|
|
11c328 |
+set testprefix fts3snippet
|
|
|
11c328 |
+
|
|
|
11c328 |
+# If SQLITE_ENABLE_FTS3 is not defined, omit this file.
|
|
|
11c328 |
+ifcapable !fts3 { finish_test ; return }
|
|
|
11c328 |
+source $testdir/fts3_common.tcl
|
|
|
11c328 |
+
|
|
|
11c328 |
+set sqlite_fts3_enable_parentheses 1
|
|
|
11c328 |
+#-------------------------------------------------------------------------
|
|
|
11c328 |
+# Request a snippet from a query with more than 64 phrases.
|
|
|
11c328 |
+#
|
|
|
11c328 |
+reset_db
|
|
|
11c328 |
+do_execsql_test 1.0 {
|
|
|
11c328 |
+ CREATE VIRTUAL TABLE f USING fts3(b);
|
|
|
11c328 |
+ INSERT INTO f VALUES ( x'746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218');
|
|
|
11c328 |
+}
|
|
|
11c328 |
+
|
|
|
11c328 |
+do_execsql_test 1.1 {
|
|
|
11c328 |
+ SELECT length(snippet(f))>0 FROM f WHERE b MATCH x'1065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a010f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c2a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e0f42';
|
|
|
11c328 |
+} {1}
|
|
|
11c328 |
+
|
|
|
11c328 |
+reset_db
|
|
|
11c328 |
+do_execsql_test 2.0 {
|
|
|
11c328 |
+ CREATE VIRTUAL TABLE t0 USING fts3(col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY);
|
|
|
11c328 |
+ INSERT INTO t0 VALUES (1, '1234','aaaa','bbbb');
|
|
|
11c328 |
+ SELECT snippet(t0) FROM t0 WHERE t0 MATCH x'0a4d4d4d4d320a4f52d70a310a310a4e4541520a0a31f6ce0a4f520a0a310a310a310a4f520a75fc2a242424' ;
|
|
|
11c328 |
+} {1}
|
|
|
11c328 |
+
|
|
|
11c328 |
+reset_db
|
|
|
11c328 |
+do_execsql_test 2.1 {
|
|
|
11c328 |
+ CREATE VIRTUAL TABLE t0 USING fts3(
|
|
|
11c328 |
+ col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY
|
|
|
11c328 |
+ );
|
|
|
11c328 |
+ INSERT INTO t0 VALUES ('one', '1234','aaaa','bbbb');
|
|
|
11c328 |
+}
|
|
|
11c328 |
+do_execsql_test 2.2 {
|
|
|
11c328 |
+ SELECT snippet(t0) FROM t0 WHERE t0 MATCH
|
|
|
11c328 |
+ '(def AND (one NEAR abc)) OR one'
|
|
|
11c328 |
+} {one}
|
|
|
11c328 |
+
|
|
|
11c328 |
+set sqlite_fts3_enable_parentheses 0
|
|
|
11c328 |
+finish_test
|
|
|
11c328 |
--
|
|
|
11c328 |
2.24.1
|
|
|
11c328 |
|