From 959187c0035564df5b5a597a3b1ff6c59c49d8e1 Mon Sep 17 00:00:00 2001

From: Ondrej Dubaj <odubaj@redhat.com>

Date: Fri, 3 Jan 2020 13:13:18 +0100

Subject: [PATCH] More improvements to shadow table corruption detection in

 FTS3.

---

 ext/fts3/fts3.c       |  4 ++++

 ext/fts3/fts3Int.h    | 16 ++++++++++++++++

 ext/fts3/fts3_write.c | 12 ++++++++++--

 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c

index c00a13f..2a61d10 100644

--- a/ext/fts3/fts3.c

+++ b/ext/fts3/fts3.c

@@ -1355,6 +1355,10 @@ static int fts3InitVtab(

   fts3DatabasePageSize(&rc, p);

   p->nNodeSize = p->nPgsz-35;

+#if defined(SQLITE_DEBUG)||defined(SQLITE_TEST)

+  p->nMergeCount = FTS3_MERGE_COUNT;

+#endif

+

   /* Declare the table schema to SQLite. */

   fts3DeclareVtab(&rc, p);

diff --git a/ext/fts3/fts3Int.h b/ext/fts3/fts3Int.h

index b19064c..bd0edfe 100644

--- a/ext/fts3/fts3Int.h

+++ b/ext/fts3/fts3Int.h

@@ -254,8 +254,24 @@ struct Fts3Table {

   int inTransaction;     /* True after xBegin but before xCommit/xRollback */

   int mxSavepoint;       /* Largest valid xSavepoint integer */

 #endif

+

+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)

+  /* True to disable the incremental doclist optimization. This is controled

+  ** by special insert command 'test-no-incr-doclist'.  */

+  int bNoIncrDoclist;

+

+  /* Number of segments in a level */

+  int nMergeCount;

+#endif

 };

+/* Macro to find the number of segments to merge */

+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)

+# define MergeCount(P) ((P)->nMergeCount)

+#else

+# define MergeCount(P) FTS3_MERGE_COUNT

+#endif

+

 /*

 ** When the core wants to read from the virtual table, it creates a

 ** virtual table cursor (an instance of the following structure) using

diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c

index 269d1dd..a557aba 100644

--- a/ext/fts3/fts3_write.c

+++ b/ext/fts3/fts3_write.c

@@ -1130,7 +1130,7 @@ static int fts3AllocateSegdirIdx(

     ** segment and allocate (newly freed) index 0 at level iLevel. Otherwise,

     ** if iNext is less than FTS3_MERGE_COUNT, allocate index iNext.

     */

-    if( iNext>=FTS3_MERGE_COUNT ){

+    if( iNext>=MergeCount(p) ){

       fts3LogMerge(16, getAbsoluteLevel(p, iLangid, iIndex, iLevel));

       rc = fts3SegmentMerge(p, iLangid, iIndex, iLevel);

       *piIdx = 0;

@@ -4002,6 +4002,10 @@ static int fts3IncrmergeLoad(

       int i;

       int nHeight = (int)aRoot[0];

       NodeWriter *pNode;

+      if( nHeight<1 || nHeight>FTS_MAX_APPENDABLE_HEIGHT ){

+        sqlite3_reset(pSelect);

+        return FTS_CORRUPT_VTAB;

+      }

       pWriter->nLeafEst = (int)((iEnd - iStart) + 1)/FTS_MAX_APPENDABLE_HEIGHT;

       pWriter->iStart = iStart;

@@ -4728,7 +4732,7 @@ static int fts3DoIncrmerge(

   const char *zParam              /* Nul-terminated string containing "A,B" */

 ){

   int rc;

-  int nMin = (FTS3_MERGE_COUNT / 2);

+  int nMin = (MergeCount(p) / 2);

   int nMerge = 0;

   const char *z = zParam;

@@ -5049,6 +5053,10 @@ static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){

   }else if( nVal>11 && 0==sqlite3_strnicmp(zVal, "maxpending=", 9) ){

     p->nMaxPendingData = atoi(&zVal[11]);

     rc = SQLITE_OK;

+  }else if( nVal>11 && 0==sqlite3_strnicmp(zVal,"mergecount=",11) ){

+    int v = atoi(&zVal[11]);

+    if( v>=4 && v<=FTS3_MERGE_COUNT && (v&1)==0 ) p->nMergeCount = v;

+    rc = SQLITE_OK;

 #endif

   }else{

     rc = SQLITE_ERROR;

-- 

2.19.1