sqlite: Backport Bugfixes.
Bug: 1033461, 1037786, 1038213, 1038863
Change-Id: I22b98c909e9af632818bed4e49f96b028f1dcf28
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1990216
Reviewed-by: Chris Mumford <cmumford@google.com>
Commit-Queue: Darwin Huang <huangdarwin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#729415}
This commit is contained in:
third_party/sqlite
amalgamation
patched
ext
src
test
patches
0001-Don-t-allow-shadow-tables-to-be-dropped-in-defensive.patch0002-Improve-shadow-table-corruption-detection-in-fts3.patch0003-Shadow-Table-Corruption-Detection-improvements-in-ft.patch0004-Remove-reachable-NEVER-in-fts3.patch0005-Better-corruption-detection-in-fts3.patch0006-Detect-Prevent-infinite-recursion.patch0007-Improve-corruption-detection-in-fts4.patch0008-Further-improve-corruption-detection-in-fts3.patch0009-Make-sure-WITH-stack-is-disabled-after-error.patch0010-Avoid-zero-offset.patch0011-Avoid-zero-offset-of-nullptr.patch0012-Fix-buffer-overread.patch0013-Fix-UB-warning.patch0014-Avoid-temp-trigger-crash.patch0015-Fix-fts3-integer-overflows.patch0016-Avoid-infinite-recursion-in-ALTER-TABLE-code.patch0017-Add-restrictions-on-shadow-table-changes-in-defensiv.patch0018-Avoid-ambiguous-true-and-false-return.patch0019-Fix-fts3-UB-uint64.patch0020-Avoid-large-memory-alloc-for-corrupt-record.patch0021-Avoid-invalid-pointer-dereference-in-ORDER-BY.patch0022-Fix-zipfile-extension-INSERT-with-NULL-pathname.patch
@ -5827,6 +5827,7 @@ static int zipfileUpdate(
|
||||
|
||||
if( rc==SQLITE_OK ){
|
||||
zPath = (const char*)sqlite3_value_text(apVal[2]);
|
||||
if( zPath==0 ) zPath = "";
|
||||
nPath = (int)strlen(zPath);
|
||||
mTime = zipfileGetTime(apVal[4]);
|
||||
}
|
||||
|
42
third_party/sqlite/amalgamation/sqlite3.c
vendored
42
third_party/sqlite/amalgamation/sqlite3.c
vendored
@ -19114,6 +19114,7 @@ SQLITE_PRIVATE void sqlite3EndTransaction(Parse*,int);
|
||||
SQLITE_PRIVATE void sqlite3Savepoint(Parse*, int, Token*);
|
||||
SQLITE_PRIVATE void sqlite3CloseSavepoints(sqlite3 *);
|
||||
SQLITE_PRIVATE void sqlite3LeaveMutexAndCloseZombie(sqlite3*);
|
||||
SQLITE_PRIVATE u32 sqlite3IsTrueOrFalse(const char*);
|
||||
SQLITE_PRIVATE int sqlite3ExprIdToTrueFalse(Expr*);
|
||||
SQLITE_PRIVATE int sqlite3ExprTruthValue(const Expr*);
|
||||
SQLITE_PRIVATE int sqlite3ExprIsConstant(Expr*);
|
||||
@ -99330,19 +99331,34 @@ SQLITE_PRIVATE int sqlite3SelectWalkFail(Walker *pWalker, Select *NotUsed){
|
||||
return WRC_Abort;
|
||||
}
|
||||
|
||||
/*
|
||||
** Check the input string to see if it is "true" or "false" (in any case).
|
||||
**
|
||||
** If the string is.... Return
|
||||
** "true" EP_IsTrue
|
||||
** "false" EP_IsFalse
|
||||
** anything else 0
|
||||
*/
|
||||
SQLITE_PRIVATE u32 sqlite3IsTrueOrFalse(const char *zIn){
|
||||
if( sqlite3StrICmp(zIn, "true")==0 ) return EP_IsTrue;
|
||||
if( sqlite3StrICmp(zIn, "false")==0 ) return EP_IsFalse;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
** If the input expression is an ID with the name "true" or "false"
|
||||
** then convert it into an TK_TRUEFALSE term. Return non-zero if
|
||||
** the conversion happened, and zero if the expression is unaltered.
|
||||
*/
|
||||
SQLITE_PRIVATE int sqlite3ExprIdToTrueFalse(Expr *pExpr){
|
||||
u32 v;
|
||||
assert( pExpr->op==TK_ID || pExpr->op==TK_STRING );
|
||||
if( !ExprHasProperty(pExpr, EP_Quoted)
|
||||
&& (sqlite3StrICmp(pExpr->u.zToken, "true")==0
|
||||
|| sqlite3StrICmp(pExpr->u.zToken, "false")==0)
|
||||
&& (v = sqlite3IsTrueOrFalse(pExpr->u.zToken))!=0
|
||||
){
|
||||
pExpr->op = TK_TRUEFALSE;
|
||||
ExprSetProperty(pExpr, pExpr->u.zToken[4]==0 ? EP_IsTrue : EP_IsFalse);
|
||||
ExprSetProperty(pExpr, v);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@ -127627,7 +127643,7 @@ SQLITE_PRIVATE int sqlite3ColumnsFromExprList(
|
||||
zName = pEList->a[i].zSpan;
|
||||
}
|
||||
}
|
||||
if( zName ){
|
||||
if( zName && !sqlite3IsTrueOrFalse(zName) ){
|
||||
zName = sqlite3DbStrDup(db, zName);
|
||||
}else{
|
||||
zName = sqlite3MPrintf(db,"column%d",i+1);
|
||||
@ -147617,9 +147633,11 @@ static ExprList *exprListAppendList(
|
||||
int nInit = pList ? pList->nExpr : 0;
|
||||
for(i=0; i<pAppend->nExpr; i++){
|
||||
Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
|
||||
assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
|
||||
if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
|
||||
pDup->op = TK_NULL;
|
||||
pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
|
||||
pDup->u.zToken = 0;
|
||||
}
|
||||
pList = sqlite3ExprListAppend(pParse, pList, pDup);
|
||||
if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
|
||||
@ -172008,7 +172026,7 @@ static int fts3SqlStmt(
|
||||
** returns zero rows. */
|
||||
/* 28 */ "SELECT level, count(*) AS cnt FROM %Q.'%q_segdir' "
|
||||
" GROUP BY level HAVING cnt>=?"
|
||||
" ORDER BY (level %% 1024) ASC LIMIT 1",
|
||||
" ORDER BY (level %% 1024) ASC, 2 DESC LIMIT 1",
|
||||
|
||||
/* Estimate the upper limit on the number of leaf nodes in a new segment
|
||||
** created by merging the oldest :2 segments from absolute level :1. See
|
||||
@ -176598,8 +176616,14 @@ SQLITE_PRIVATE int sqlite3Fts3Incrmerge(Fts3Table *p, int nMerge, int nMin){
|
||||
|
||||
rc = fts3IncrmergeHintPop(&hint, &iHintAbsLevel, &nHintSeg);
|
||||
if( nSeg<0 || (iAbsLevel % nMod) >= (iHintAbsLevel % nMod) ){
|
||||
/* Based on the scan in the block above, it is known that there
|
||||
** are no levels with a relative level smaller than that of
|
||||
** iAbsLevel with more than nSeg segments, or if nSeg is -1,
|
||||
** no levels with more than nMin segments. Use this to limit the
|
||||
** value of nHintSeg to avoid a large memory allocation in case the
|
||||
** merge-hint is corrupt*/
|
||||
iAbsLevel = iHintAbsLevel;
|
||||
nSeg = nHintSeg;
|
||||
nSeg = MIN(MAX(nMin,nSeg), nHintSeg);
|
||||
bUseHint = 1;
|
||||
bDirtyHint = 1;
|
||||
}else{
|
||||
@ -176612,7 +176636,7 @@ SQLITE_PRIVATE int sqlite3Fts3Incrmerge(Fts3Table *p, int nMerge, int nMin){
|
||||
/* If nSeg is less that zero, then there is no level with at least
|
||||
** nMin segments and no hint in the %_stat table. No work to do.
|
||||
** Exit early in this case. */
|
||||
if( nSeg<0 ) break;
|
||||
if( nSeg<=0 ) break;
|
||||
|
||||
/* Open a cursor to iterate through the contents of the oldest nSeg
|
||||
** indexes of absolute level iAbsLevel. If this cursor is opened using
|
||||
@ -177990,7 +178014,7 @@ static int fts3BestSnippet(
|
||||
/* Set the *pmSeen output variable. */
|
||||
for(i=0; i<nList; i++){
|
||||
if( sIter.aPhrase[i].pHead ){
|
||||
*pmSeen |= (u64)1 << i;
|
||||
*pmSeen |= (u64)1 << (i%64);
|
||||
}
|
||||
}
|
||||
|
||||
@ -224696,7 +224720,7 @@ SQLITE_API int sqlite3_stmt_init(
|
||||
#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_STMTVTAB) */
|
||||
|
||||
/************** End of stmt.c ************************************************/
|
||||
#if __LINE__!=224699
|
||||
#if __LINE__!=224723
|
||||
#undef SQLITE_SOURCE_ID
|
||||
#define SQLITE_SOURCE_ID "2019-10-10 20:19:45 18db032d058f1436ce3dea84081f4ee5a0f2259ad97301d43c426bc7f3dfalt2"
|
||||
#endif
|
||||
|
@ -560,7 +560,7 @@ static int fts3BestSnippet(
|
||||
/* Set the *pmSeen output variable. */
|
||||
for(i=0; i<nList; i++){
|
||||
if( sIter.aPhrase[i].pHead ){
|
||||
*pmSeen |= (u64)1 << i;
|
||||
*pmSeen |= (u64)1 << (i%64);
|
||||
}
|
||||
}
|
||||
|
||||
|
12
third_party/sqlite/patched/ext/fts3/fts3_write.c
vendored
12
third_party/sqlite/patched/ext/fts3/fts3_write.c
vendored
@ -335,7 +335,7 @@ static int fts3SqlStmt(
|
||||
** returns zero rows. */
|
||||
/* 28 */ "SELECT level, count(*) AS cnt FROM %Q.'%q_segdir' "
|
||||
" GROUP BY level HAVING cnt>=?"
|
||||
" ORDER BY (level %% 1024) ASC LIMIT 1",
|
||||
" ORDER BY (level %% 1024) ASC, 2 DESC LIMIT 1",
|
||||
|
||||
/* Estimate the upper limit on the number of leaf nodes in a new segment
|
||||
** created by merging the oldest :2 segments from absolute level :1. See
|
||||
@ -4925,8 +4925,14 @@ int sqlite3Fts3Incrmerge(Fts3Table *p, int nMerge, int nMin){
|
||||
|
||||
rc = fts3IncrmergeHintPop(&hint, &iHintAbsLevel, &nHintSeg);
|
||||
if( nSeg<0 || (iAbsLevel % nMod) >= (iHintAbsLevel % nMod) ){
|
||||
/* Based on the scan in the block above, it is known that there
|
||||
** are no levels with a relative level smaller than that of
|
||||
** iAbsLevel with more than nSeg segments, or if nSeg is -1,
|
||||
** no levels with more than nMin segments. Use this to limit the
|
||||
** value of nHintSeg to avoid a large memory allocation in case the
|
||||
** merge-hint is corrupt*/
|
||||
iAbsLevel = iHintAbsLevel;
|
||||
nSeg = nHintSeg;
|
||||
nSeg = MIN(MAX(nMin,nSeg), nHintSeg);
|
||||
bUseHint = 1;
|
||||
bDirtyHint = 1;
|
||||
}else{
|
||||
@ -4939,7 +4945,7 @@ int sqlite3Fts3Incrmerge(Fts3Table *p, int nMerge, int nMin){
|
||||
/* If nSeg is less that zero, then there is no level with at least
|
||||
** nMin segments and no hint in the %_stat table. No work to do.
|
||||
** Exit early in this case. */
|
||||
if( nSeg<0 ) break;
|
||||
if( nSeg<=0 ) break;
|
||||
|
||||
/* Open a cursor to iterate through the contents of the oldest nSeg
|
||||
** indexes of absolute level iAbsLevel. If this cursor is opened using
|
||||
|
@ -1618,6 +1618,7 @@ static int zipfileUpdate(
|
||||
|
||||
if( rc==SQLITE_OK ){
|
||||
zPath = (const char*)sqlite3_value_text(apVal[2]);
|
||||
if( zPath==0 ) zPath = "";
|
||||
nPath = (int)strlen(zPath);
|
||||
mTime = zipfileGetTime(apVal[4]);
|
||||
}
|
||||
|
21
third_party/sqlite/patched/src/expr.c
vendored
21
third_party/sqlite/patched/src/expr.c
vendored
@ -1814,19 +1814,34 @@ int sqlite3SelectWalkFail(Walker *pWalker, Select *NotUsed){
|
||||
return WRC_Abort;
|
||||
}
|
||||
|
||||
/*
|
||||
** Check the input string to see if it is "true" or "false" (in any case).
|
||||
**
|
||||
** If the string is.... Return
|
||||
** "true" EP_IsTrue
|
||||
** "false" EP_IsFalse
|
||||
** anything else 0
|
||||
*/
|
||||
u32 sqlite3IsTrueOrFalse(const char *zIn){
|
||||
if( sqlite3StrICmp(zIn, "true")==0 ) return EP_IsTrue;
|
||||
if( sqlite3StrICmp(zIn, "false")==0 ) return EP_IsFalse;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
** If the input expression is an ID with the name "true" or "false"
|
||||
** then convert it into an TK_TRUEFALSE term. Return non-zero if
|
||||
** the conversion happened, and zero if the expression is unaltered.
|
||||
*/
|
||||
int sqlite3ExprIdToTrueFalse(Expr *pExpr){
|
||||
u32 v;
|
||||
assert( pExpr->op==TK_ID || pExpr->op==TK_STRING );
|
||||
if( !ExprHasProperty(pExpr, EP_Quoted)
|
||||
&& (sqlite3StrICmp(pExpr->u.zToken, "true")==0
|
||||
|| sqlite3StrICmp(pExpr->u.zToken, "false")==0)
|
||||
&& (v = sqlite3IsTrueOrFalse(pExpr->u.zToken))!=0
|
||||
){
|
||||
pExpr->op = TK_TRUEFALSE;
|
||||
ExprSetProperty(pExpr, pExpr->u.zToken[4]==0 ? EP_IsTrue : EP_IsFalse);
|
||||
ExprSetProperty(pExpr, v);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
|
2
third_party/sqlite/patched/src/select.c
vendored
2
third_party/sqlite/patched/src/select.c
vendored
@ -1980,7 +1980,7 @@ int sqlite3ColumnsFromExprList(
|
||||
zName = pEList->a[i].zSpan;
|
||||
}
|
||||
}
|
||||
if( zName ){
|
||||
if( zName && !sqlite3IsTrueOrFalse(zName) ){
|
||||
zName = sqlite3DbStrDup(db, zName);
|
||||
}else{
|
||||
zName = sqlite3MPrintf(db,"column%d",i+1);
|
||||
|
1
third_party/sqlite/patched/src/sqliteInt.h
vendored
1
third_party/sqlite/patched/src/sqliteInt.h
vendored
@ -4093,6 +4093,7 @@ void sqlite3EndTransaction(Parse*,int);
|
||||
void sqlite3Savepoint(Parse*, int, Token*);
|
||||
void sqlite3CloseSavepoints(sqlite3 *);
|
||||
void sqlite3LeaveMutexAndCloseZombie(sqlite3*);
|
||||
u32 sqlite3IsTrueOrFalse(const char*);
|
||||
int sqlite3ExprIdToTrueFalse(Expr*);
|
||||
int sqlite3ExprTruthValue(const Expr*);
|
||||
int sqlite3ExprIsConstant(Expr*);
|
||||
|
2
third_party/sqlite/patched/src/window.c
vendored
2
third_party/sqlite/patched/src/window.c
vendored
@ -883,9 +883,11 @@ static ExprList *exprListAppendList(
|
||||
int nInit = pList ? pList->nExpr : 0;
|
||||
for(i=0; i<pAppend->nExpr; i++){
|
||||
Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
|
||||
assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
|
||||
if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
|
||||
pDup->op = TK_NULL;
|
||||
pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
|
||||
pDup->u.zToken = 0;
|
||||
}
|
||||
pList = sqlite3ExprListAppend(pParse, pList, pDup);
|
||||
if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
|
||||
|
@ -5589,4 +5589,13 @@ do_catchsql_test 35.1 {
|
||||
INSERT INTO f(f) VALUES ('integrity-check');
|
||||
} {1 {database disk image is malformed}}
|
||||
|
||||
reset_db
|
||||
do_catchsql_test 36.0 {
|
||||
CREATE VIRTUAL TABLE f USING fts3(a,tokenize=porter);
|
||||
CREATE TABLE 'f_stat'(id INTEGER PRIMARY KEY, value BLOB);
|
||||
INSERT INTO f VALUES (1);
|
||||
INSERT INTO f_stat VALUES (1,x'00000000000101010119013d00ffff0400fa83717b71a69297979701f63d010101010101010101010101190000000000000000fa83717b71a601f63d01010101010101010101010119013d00ffffff0400fa83717b71a69297979701f63d010101010101010101010101190000000000000000fa83717b71a69201f63d010101f63d01010101010101010101010119013d00ffffff0400fa83717b71a6929797010101010101010101010119013d00ffff01f63d01010101010101010101010119013d00ffffff0400fa83717b71a69297979701f63d00fa03ffffffa69297979701f63d010101000000000101010101197e9797976567656565ffa63535354e');
|
||||
INSERT INTO f(f) VALUES ('merge=53,216');
|
||||
} {0 {}}
|
||||
|
||||
finish_test
|
||||
|
13
third_party/sqlite/patched/test/fts3snippet.test
vendored
13
third_party/sqlite/patched/test/fts3snippet.test
vendored
@ -587,5 +587,18 @@ do_execsql_test 5.1 {
|
||||
{[a70] [a71] [a72]}
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------------
|
||||
# Request a snippet from a query with more than 64 phrases.
|
||||
#
|
||||
reset_db
|
||||
do_execsql_test 6.0 {
|
||||
CREATE VIRTUAL TABLE f USING fts3(b);
|
||||
INSERT INTO f VALUES ( x'746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218');
|
||||
}
|
||||
|
||||
do_execsql_test 6.1 {
|
||||
SELECT length(snippet(f))>0 FROM f WHERE b MATCH x'1065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a010f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c2a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e0f42';
|
||||
} {1}
|
||||
|
||||
set sqlite_fts3_enable_parentheses 0
|
||||
finish_test
|
||||
|
24
third_party/sqlite/patched/test/with1.test
vendored
24
third_party/sqlite/patched/test/with1.test
vendored
@ -1140,4 +1140,28 @@ do_execsql_test 24.2 {
|
||||
3 1 1 3
|
||||
}
|
||||
|
||||
# 2020-01-02 chromium ticket 1033461
|
||||
# Do not allow the generated name of a CTE be "true" or "false" as
|
||||
# such a label might be later confused for the boolean literals of
|
||||
# the same name, causing inconsistencies in the abstract syntax
|
||||
# tree. This problem first arose in version 3.23.0 when SQLite
|
||||
# began recognizing "true" and "false" as boolean literals, but also
|
||||
# had to continue to recognize "true" and "false" as identifiers for
|
||||
# backwards compatibility.
|
||||
#
|
||||
reset_db
|
||||
do_execsql_test 25.1 {
|
||||
CREATE TABLE dual(dummy);
|
||||
INSERT INTO dual(dummy) VALUES('X');
|
||||
WITH cte1 AS (
|
||||
SELECT TRUE, (
|
||||
WITH cte2 AS (SELECT avg(DISTINCT TRUE) FROM dual)
|
||||
SELECT 2571 FROM cte2
|
||||
) AS subquery1
|
||||
FROM dual
|
||||
GROUP BY 1
|
||||
)
|
||||
SELECT (SELECT 1324 FROM cte1) FROM cte1;
|
||||
} {1324}
|
||||
|
||||
finish_test
|
||||
|
13
third_party/sqlite/patched/test/zipfile.test
vendored
13
third_party/sqlite/patched/test/zipfile.test
vendored
@ -795,4 +795,17 @@ if {$tcl_platform(platform)!="windows"} {
|
||||
} {. ./x1.txt ./x2.txt}
|
||||
}
|
||||
|
||||
# 2019-12-18 Yongheng and Rui fuzzer
|
||||
#
|
||||
do_execsql_test 13.10 {
|
||||
DROP TABLE IF EXISTS t0;
|
||||
DROP TABLE IF EXISTS t1;
|
||||
CREATE TABLE t0(a,b,c,d,e,f,g);
|
||||
REPLACE INTO t0(c,b,f) VALUES(10,10,10);
|
||||
CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
|
||||
REPLACE INTO t1 SELECT * FROM t0;
|
||||
SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
|
||||
quote(data),quote(method) FROM t1;
|
||||
} {'' 10 10 2 X'3130' X'3130' 0}
|
||||
|
||||
finish_test
|
||||
|
2
third_party/sqlite/patches/0001-Don-t-allow-shadow-tables-to-be-dropped-in-defensive.patch
vendored
2
third_party/sqlite/patches/0001-Don-t-allow-shadow-tables-to-be-dropped-in-defensive.patch
vendored
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 19 Nov 2019 14:09:07 -0800
|
||||
Subject: [PATCH 01/17] Don't allow shadow tables to be dropped in defensive
|
||||
Subject: [PATCH 01/22] Don't allow shadow tables to be dropped in defensive
|
||||
mode.
|
||||
|
||||
Backports https://www.sqlite.org/src/info/70390bbca49e7066
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 19 Nov 2019 14:32:48 -0800
|
||||
Subject: [PATCH 02/17] Improve shadow table corruption detection in fts3
|
||||
Subject: [PATCH 02/22] Improve shadow table corruption detection in fts3
|
||||
|
||||
Backports https://www.sqlite.org/src/info/04b2873be5aedeb1
|
||||
|
||||
|
2
third_party/sqlite/patches/0003-Shadow-Table-Corruption-Detection-improvements-in-ft.patch
vendored
2
third_party/sqlite/patches/0003-Shadow-Table-Corruption-Detection-improvements-in-ft.patch
vendored
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 19 Nov 2019 15:04:03 -0800
|
||||
Subject: [PATCH 03/17] Shadow Table Corruption Detection improvements in fts3
|
||||
Subject: [PATCH 03/22] Shadow Table Corruption Detection improvements in fts3
|
||||
|
||||
Backports https://www.sqlite.org/src/info/51525f9c3235967b
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 19 Nov 2019 15:05:43 -0800
|
||||
Subject: [PATCH 04/17] Remove reachable NEVER in fts3
|
||||
Subject: [PATCH 04/22] Remove reachable NEVER in fts3
|
||||
|
||||
Backports https://www.sqlite.org/src/info/8bd75bf636f72f32
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 19 Nov 2019 15:17:18 -0800
|
||||
Subject: [PATCH 05/17] Better % corruption detection in fts3.
|
||||
Subject: [PATCH 05/22] Better % corruption detection in fts3.
|
||||
|
||||
Backports https://www.sqlite.org/src/info/1e449687881f4d38
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 19 Nov 2019 15:19:40 -0800
|
||||
Subject: [PATCH 06/17] Detect/Prevent infinite recursion
|
||||
Subject: [PATCH 06/22] Detect/Prevent infinite recursion
|
||||
|
||||
Backports https://www.sqlite.org/src/info/dfcf081d842629a0
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 19 Nov 2019 15:34:00 -0800
|
||||
Subject: [PATCH 07/17] Improve corruption detection in fts4
|
||||
Subject: [PATCH 07/22] Improve corruption detection in fts4
|
||||
|
||||
Backports https://www.sqlite.org/src/info/10f8a3b718e0f47b
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Wed, 20 Nov 2019 10:58:51 -0800
|
||||
Subject: [PATCH 08/17] Further improve corruption detection in fts3
|
||||
Subject: [PATCH 08/22] Further improve corruption detection in fts3
|
||||
|
||||
Backports https://sqlite.org/src/info/a0f6d526baecd061 (aka
|
||||
https://sqlite.org/src/info/a0f6d526baecd061a5e2)
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 3 Dec 2019 13:56:38 -0800
|
||||
Subject: [PATCH 09/17] Make sure WITH stack is disabled after error
|
||||
Subject: [PATCH 09/22] Make sure WITH stack is disabled after error
|
||||
|
||||
Backports https://sqlite.org/src/info/de6e6d6846d6a41c
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 3 Dec 2019 13:59:19 -0800
|
||||
Subject: [PATCH 10/17] Avoid zero offset
|
||||
Subject: [PATCH 10/22] Avoid zero offset
|
||||
|
||||
Backports https://www.sqlite.org/src/info/3ce804e99bbef83d
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 3 Dec 2019 14:01:40 -0800
|
||||
Subject: [PATCH 11/17] Avoid zero offset of nullptr
|
||||
Subject: [PATCH 11/22] Avoid zero offset of nullptr
|
||||
|
||||
Backports https://www.sqlite.org/src/info/85d95abec4a596eb
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Mon, 16 Dec 2019 11:49:51 -0800
|
||||
Subject: [PATCH 12/17] Fix buffer overread
|
||||
Subject: [PATCH 12/22] Fix buffer overread
|
||||
|
||||
Backports https://www.sqlite.org/src/info/e01fdbf9f700e1bd
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Mon, 16 Dec 2019 13:45:04 -0800
|
||||
Subject: [PATCH 13/17] Fix UB warning
|
||||
Subject: [PATCH 13/22] Fix UB warning
|
||||
|
||||
Backports https://sqlite.org/src/info/052fdf5e58b41cca
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Mon, 16 Dec 2019 13:48:39 -0800
|
||||
Subject: [PATCH 14/17] Avoid temp trigger crash
|
||||
Subject: [PATCH 14/22] Avoid temp trigger crash
|
||||
|
||||
Backports https://sqlite.org/src/info/c4cb9708d48ead10
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Mon, 16 Dec 2019 16:01:06 -0800
|
||||
Subject: [PATCH 15/17] Fix fts3 integer overflows
|
||||
Subject: [PATCH 15/22] Fix fts3 integer overflows
|
||||
|
||||
Backports https://www.sqlite.org/src/info/3b873029ef1903f7
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Wed, 18 Dec 2019 16:38:02 -0800
|
||||
Subject: [PATCH 16/17] Avoid infinite recursion in ALTER TABLE code
|
||||
Subject: [PATCH 16/22] Avoid infinite recursion in ALTER TABLE code
|
||||
|
||||
Backports https://www.sqlite.org/src/info/1d2e53a39b87e364685e21de137655b6eee725e4c6d27fc90865072d7c5892b5
|
||||
|
||||
|
2
third_party/sqlite/patches/0017-Add-restrictions-on-shadow-table-changes-in-defensiv.patch
vendored
2
third_party/sqlite/patches/0017-Add-restrictions-on-shadow-table-changes-in-defensiv.patch
vendored
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Thu, 19 Dec 2019 14:19:06 -0800
|
||||
Subject: [PATCH 17/17] Add restrictions on shadow table changes in defensive
|
||||
Subject: [PATCH 17/22] Add restrictions on shadow table changes in defensive
|
||||
mode
|
||||
|
||||
Backports https://www.sqlite.org/src/info/bae76a5c40703871
|
||||
|
118
third_party/sqlite/patches/0018-Avoid-ambiguous-true-and-false-return.patch
vendored
Normal file
118
third_party/sqlite/patches/0018-Avoid-ambiguous-true-and-false-return.patch
vendored
Normal file
@ -0,0 +1,118 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 7 Jan 2020 13:32:12 -0800
|
||||
Subject: [PATCH 18/22] Avoid ambiguous true and false return
|
||||
|
||||
Backports https://www.sqlite.org/src/info/ff9492d3ff733c22
|
||||
|
||||
Bug: 1033461
|
||||
---
|
||||
third_party/sqlite/patched/src/expr.c | 21 ++++++++++++++++---
|
||||
third_party/sqlite/patched/src/select.c | 2 +-
|
||||
third_party/sqlite/patched/src/sqliteInt.h | 1 +
|
||||
third_party/sqlite/patched/test/with1.test | 24 ++++++++++++++++++++++
|
||||
4 files changed, 44 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/third_party/sqlite/patched/src/expr.c b/third_party/sqlite/patched/src/expr.c
|
||||
index e8b1f31c42aa..760978c482d3 100644
|
||||
--- a/third_party/sqlite/patched/src/expr.c
|
||||
+++ b/third_party/sqlite/patched/src/expr.c
|
||||
@@ -1814,19 +1814,34 @@ int sqlite3SelectWalkFail(Walker *pWalker, Select *NotUsed){
|
||||
return WRC_Abort;
|
||||
}
|
||||
|
||||
+/*
|
||||
+** Check the input string to see if it is "true" or "false" (in any case).
|
||||
+**
|
||||
+** If the string is.... Return
|
||||
+** "true" EP_IsTrue
|
||||
+** "false" EP_IsFalse
|
||||
+** anything else 0
|
||||
+*/
|
||||
+u32 sqlite3IsTrueOrFalse(const char *zIn){
|
||||
+ if( sqlite3StrICmp(zIn, "true")==0 ) return EP_IsTrue;
|
||||
+ if( sqlite3StrICmp(zIn, "false")==0 ) return EP_IsFalse;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/*
|
||||
** If the input expression is an ID with the name "true" or "false"
|
||||
** then convert it into an TK_TRUEFALSE term. Return non-zero if
|
||||
** the conversion happened, and zero if the expression is unaltered.
|
||||
*/
|
||||
int sqlite3ExprIdToTrueFalse(Expr *pExpr){
|
||||
+ u32 v;
|
||||
assert( pExpr->op==TK_ID || pExpr->op==TK_STRING );
|
||||
if( !ExprHasProperty(pExpr, EP_Quoted)
|
||||
- && (sqlite3StrICmp(pExpr->u.zToken, "true")==0
|
||||
- || sqlite3StrICmp(pExpr->u.zToken, "false")==0)
|
||||
+ && (v = sqlite3IsTrueOrFalse(pExpr->u.zToken))!=0
|
||||
){
|
||||
pExpr->op = TK_TRUEFALSE;
|
||||
- ExprSetProperty(pExpr, pExpr->u.zToken[4]==0 ? EP_IsTrue : EP_IsFalse);
|
||||
+ ExprSetProperty(pExpr, v);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
diff --git a/third_party/sqlite/patched/src/select.c b/third_party/sqlite/patched/src/select.c
|
||||
index ba70a2bdec78..be705c11d1b4 100644
|
||||
--- a/third_party/sqlite/patched/src/select.c
|
||||
+++ b/third_party/sqlite/patched/src/select.c
|
||||
@@ -1980,7 +1980,7 @@ int sqlite3ColumnsFromExprList(
|
||||
zName = pEList->a[i].zSpan;
|
||||
}
|
||||
}
|
||||
- if( zName ){
|
||||
+ if( zName && !sqlite3IsTrueOrFalse(zName) ){
|
||||
zName = sqlite3DbStrDup(db, zName);
|
||||
}else{
|
||||
zName = sqlite3MPrintf(db,"column%d",i+1);
|
||||
diff --git a/third_party/sqlite/patched/src/sqliteInt.h b/third_party/sqlite/patched/src/sqliteInt.h
|
||||
index 2eb9ff559aac..970ef817f3e1 100644
|
||||
--- a/third_party/sqlite/patched/src/sqliteInt.h
|
||||
+++ b/third_party/sqlite/patched/src/sqliteInt.h
|
||||
@@ -4093,6 +4093,7 @@ void sqlite3EndTransaction(Parse*,int);
|
||||
void sqlite3Savepoint(Parse*, int, Token*);
|
||||
void sqlite3CloseSavepoints(sqlite3 *);
|
||||
void sqlite3LeaveMutexAndCloseZombie(sqlite3*);
|
||||
+u32 sqlite3IsTrueOrFalse(const char*);
|
||||
int sqlite3ExprIdToTrueFalse(Expr*);
|
||||
int sqlite3ExprTruthValue(const Expr*);
|
||||
int sqlite3ExprIsConstant(Expr*);
|
||||
diff --git a/third_party/sqlite/patched/test/with1.test b/third_party/sqlite/patched/test/with1.test
|
||||
index 4fb074b2cf0a..e5787db704d1 100644
|
||||
--- a/third_party/sqlite/patched/test/with1.test
|
||||
+++ b/third_party/sqlite/patched/test/with1.test
|
||||
@@ -1140,4 +1140,28 @@ do_execsql_test 24.2 {
|
||||
3 1 1 3
|
||||
}
|
||||
|
||||
+# 2020-01-02 chromium ticket 1033461
|
||||
+# Do not allow the generated name of a CTE be "true" or "false" as
|
||||
+# such a label might be later confused for the boolean literals of
|
||||
+# the same name, causing inconsistencies in the abstract syntax
|
||||
+# tree. This problem first arose in version 3.23.0 when SQLite
|
||||
+# began recognizing "true" and "false" as boolean literals, but also
|
||||
+# had to continue to recognize "true" and "false" as identifiers for
|
||||
+# backwards compatibility.
|
||||
+#
|
||||
+reset_db
|
||||
+do_execsql_test 25.1 {
|
||||
+ CREATE TABLE dual(dummy);
|
||||
+ INSERT INTO dual(dummy) VALUES('X');
|
||||
+ WITH cte1 AS (
|
||||
+ SELECT TRUE, (
|
||||
+ WITH cte2 AS (SELECT avg(DISTINCT TRUE) FROM dual)
|
||||
+ SELECT 2571 FROM cte2
|
||||
+ ) AS subquery1
|
||||
+ FROM dual
|
||||
+ GROUP BY 1
|
||||
+ )
|
||||
+ SELECT (SELECT 1324 FROM cte1) FROM cte1;
|
||||
+} {1324}
|
||||
+
|
||||
finish_test
|
||||
--
|
||||
2.24.1.735.g03f4e72817-goog
|
||||
|
52
third_party/sqlite/patches/0019-Fix-fts3-UB-uint64.patch
vendored
Normal file
52
third_party/sqlite/patches/0019-Fix-fts3-UB-uint64.patch
vendored
Normal file
@ -0,0 +1,52 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 7 Jan 2020 13:34:37 -0800
|
||||
Subject: [PATCH 19/22] Fix fts3 UB uint64
|
||||
|
||||
Backports https://sqlite.org/src/info/e1f12978b53683114ab0
|
||||
|
||||
Bug: 1037786
|
||||
---
|
||||
third_party/sqlite/patched/ext/fts3/fts3_snippet.c | 2 +-
|
||||
third_party/sqlite/patched/test/fts3snippet.test | 13 +++++++++++++
|
||||
2 files changed, 14 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/third_party/sqlite/patched/ext/fts3/fts3_snippet.c b/third_party/sqlite/patched/ext/fts3/fts3_snippet.c
|
||||
index dda71c3985af..6eae82dbc3ff 100644
|
||||
--- a/third_party/sqlite/patched/ext/fts3/fts3_snippet.c
|
||||
+++ b/third_party/sqlite/patched/ext/fts3/fts3_snippet.c
|
||||
@@ -560,7 +560,7 @@ static int fts3BestSnippet(
|
||||
/* Set the *pmSeen output variable. */
|
||||
for(i=0; i<nList; i++){
|
||||
if( sIter.aPhrase[i].pHead ){
|
||||
- *pmSeen |= (u64)1 << i;
|
||||
+ *pmSeen |= (u64)1 << (i%64);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/third_party/sqlite/patched/test/fts3snippet.test b/third_party/sqlite/patched/test/fts3snippet.test
|
||||
index ce565127b5a3..9ee37dc6263f 100644
|
||||
--- a/third_party/sqlite/patched/test/fts3snippet.test
|
||||
+++ b/third_party/sqlite/patched/test/fts3snippet.test
|
||||
@@ -587,5 +587,18 @@ do_execsql_test 5.1 {
|
||||
{[a70] [a71] [a72]}
|
||||
}
|
||||
|
||||
+#-------------------------------------------------------------------------
|
||||
+# Request a snippet from a query with more than 64 phrases.
|
||||
+#
|
||||
+reset_db
|
||||
+do_execsql_test 6.0 {
|
||||
+ CREATE VIRTUAL TABLE f USING fts3(b);
|
||||
+ INSERT INTO f VALUES ( x'746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218');
|
||||
+}
|
||||
+
|
||||
+do_execsql_test 6.1 {
|
||||
+ SELECT length(snippet(f))>0 FROM f WHERE b MATCH x'1065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a010f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c2a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e0f42';
|
||||
+} {1}
|
||||
+
|
||||
set sqlite_fts3_enable_parentheses 0
|
||||
finish_test
|
||||
--
|
||||
2.24.1.735.g03f4e72817-goog
|
||||
|
72
third_party/sqlite/patches/0020-Avoid-large-memory-alloc-for-corrupt-record.patch
vendored
Normal file
72
third_party/sqlite/patches/0020-Avoid-large-memory-alloc-for-corrupt-record.patch
vendored
Normal file
@ -0,0 +1,72 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 7 Jan 2020 13:38:31 -0800
|
||||
Subject: [PATCH 20/22] Avoid large memory alloc for corrupt record
|
||||
|
||||
Backports https://www.sqlite.org/src/info/9add58fe9688d5c1
|
||||
|
||||
Bug: 1038213
|
||||
---
|
||||
third_party/sqlite/patched/ext/fts3/fts3_write.c | 12 +++++++++---
|
||||
third_party/sqlite/patched/test/fts3corrupt4.test | 9 +++++++++
|
||||
2 files changed, 18 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/third_party/sqlite/patched/ext/fts3/fts3_write.c b/third_party/sqlite/patched/ext/fts3/fts3_write.c
|
||||
index 8b6b729987c3..f30bf343635d 100644
|
||||
--- a/third_party/sqlite/patched/ext/fts3/fts3_write.c
|
||||
+++ b/third_party/sqlite/patched/ext/fts3/fts3_write.c
|
||||
@@ -335,7 +335,7 @@ static int fts3SqlStmt(
|
||||
** returns zero rows. */
|
||||
/* 28 */ "SELECT level, count(*) AS cnt FROM %Q.'%q_segdir' "
|
||||
" GROUP BY level HAVING cnt>=?"
|
||||
- " ORDER BY (level %% 1024) ASC LIMIT 1",
|
||||
+ " ORDER BY (level %% 1024) ASC, 2 DESC LIMIT 1",
|
||||
|
||||
/* Estimate the upper limit on the number of leaf nodes in a new segment
|
||||
** created by merging the oldest :2 segments from absolute level :1. See
|
||||
@@ -4925,8 +4925,14 @@ int sqlite3Fts3Incrmerge(Fts3Table *p, int nMerge, int nMin){
|
||||
|
||||
rc = fts3IncrmergeHintPop(&hint, &iHintAbsLevel, &nHintSeg);
|
||||
if( nSeg<0 || (iAbsLevel % nMod) >= (iHintAbsLevel % nMod) ){
|
||||
+ /* Based on the scan in the block above, it is known that there
|
||||
+ ** are no levels with a relative level smaller than that of
|
||||
+ ** iAbsLevel with more than nSeg segments, or if nSeg is -1,
|
||||
+ ** no levels with more than nMin segments. Use this to limit the
|
||||
+ ** value of nHintSeg to avoid a large memory allocation in case the
|
||||
+ ** merge-hint is corrupt*/
|
||||
iAbsLevel = iHintAbsLevel;
|
||||
- nSeg = nHintSeg;
|
||||
+ nSeg = MIN(MAX(nMin,nSeg), nHintSeg);
|
||||
bUseHint = 1;
|
||||
bDirtyHint = 1;
|
||||
}else{
|
||||
@@ -4939,7 +4945,7 @@ int sqlite3Fts3Incrmerge(Fts3Table *p, int nMerge, int nMin){
|
||||
/* If nSeg is less that zero, then there is no level with at least
|
||||
** nMin segments and no hint in the %_stat table. No work to do.
|
||||
** Exit early in this case. */
|
||||
- if( nSeg<0 ) break;
|
||||
+ if( nSeg<=0 ) break;
|
||||
|
||||
/* Open a cursor to iterate through the contents of the oldest nSeg
|
||||
** indexes of absolute level iAbsLevel. If this cursor is opened using
|
||||
diff --git a/third_party/sqlite/patched/test/fts3corrupt4.test b/third_party/sqlite/patched/test/fts3corrupt4.test
|
||||
index 45dd52fff29e..ed670c72223c 100644
|
||||
--- a/third_party/sqlite/patched/test/fts3corrupt4.test
|
||||
+++ b/third_party/sqlite/patched/test/fts3corrupt4.test
|
||||
@@ -5589,4 +5589,13 @@ do_catchsql_test 35.1 {
|
||||
INSERT INTO f(f) VALUES ('integrity-check');
|
||||
} {1 {database disk image is malformed}}
|
||||
|
||||
+reset_db
|
||||
+do_catchsql_test 36.0 {
|
||||
+ CREATE VIRTUAL TABLE f USING fts3(a,tokenize=porter);
|
||||
+ CREATE TABLE 'f_stat'(id INTEGER PRIMARY KEY, value BLOB);
|
||||
+ INSERT INTO f VALUES (1);
|
||||
+ INSERT INTO f_stat VALUES (1,x'00000000000101010119013d00ffff0400fa83717b71a69297979701f63d010101010101010101010101190000000000000000fa83717b71a601f63d01010101010101010101010119013d00ffffff0400fa83717b71a69297979701f63d010101010101010101010101190000000000000000fa83717b71a69201f63d010101f63d01010101010101010101010119013d00ffffff0400fa83717b71a6929797010101010101010101010119013d00ffff01f63d01010101010101010101010119013d00ffffff0400fa83717b71a69297979701f63d00fa03ffffffa69297979701f63d010101000000000101010101197e9797976567656565ffa63535354e');
|
||||
+ INSERT INTO f(f) VALUES ('merge=53,216');
|
||||
+} {0 {}}
|
||||
+
|
||||
finish_test
|
||||
--
|
||||
2.24.1.735.g03f4e72817-goog
|
||||
|
31
third_party/sqlite/patches/0021-Avoid-invalid-pointer-dereference-in-ORDER-BY.patch
vendored
Normal file
31
third_party/sqlite/patches/0021-Avoid-invalid-pointer-dereference-in-ORDER-BY.patch
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 7 Jan 2020 13:42:03 -0800
|
||||
Subject: [PATCH 21/22] Avoid invalid pointer dereference in ORDER BY
|
||||
|
||||
Backports https://sqlite.org/src/info/1ca0bd982ab1183bbafce0d260e4dceda5eb766ed2e7793374a88d1ae0bdd2ca
|
||||
|
||||
Bug: 1038863
|
||||
---
|
||||
third_party/sqlite/patched/src/window.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/third_party/sqlite/patched/src/window.c b/third_party/sqlite/patched/src/window.c
|
||||
index c251cd01974d..2d79ffe63d6d 100644
|
||||
--- a/third_party/sqlite/patched/src/window.c
|
||||
+++ b/third_party/sqlite/patched/src/window.c
|
||||
@@ -883,9 +883,11 @@ static ExprList *exprListAppendList(
|
||||
int nInit = pList ? pList->nExpr : 0;
|
||||
for(i=0; i<pAppend->nExpr; i++){
|
||||
Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
|
||||
+ assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
|
||||
if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
|
||||
pDup->op = TK_NULL;
|
||||
pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
|
||||
+ pDup->u.zToken = 0;
|
||||
}
|
||||
pList = sqlite3ExprListAppend(pParse, pList, pDup);
|
||||
if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
|
||||
--
|
||||
2.24.1.735.g03f4e72817-goog
|
||||
|
50
third_party/sqlite/patches/0022-Fix-zipfile-extension-INSERT-with-NULL-pathname.patch
vendored
Normal file
50
third_party/sqlite/patches/0022-Fix-zipfile-extension-INSERT-with-NULL-pathname.patch
vendored
Normal file
@ -0,0 +1,50 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Darwin Huang <huangdarwin@chromium.org>
|
||||
Date: Tue, 7 Jan 2020 13:43:48 -0800
|
||||
Subject: [PATCH 22/22] Fix zipfile extension INSERT with NULL pathname
|
||||
|
||||
Backports https://sqlite.org/src/info/a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06
|
||||
|
||||
Bug: 1038863
|
||||
---
|
||||
third_party/sqlite/patched/ext/misc/zipfile.c | 1 +
|
||||
third_party/sqlite/patched/test/zipfile.test | 13 +++++++++++++
|
||||
2 files changed, 14 insertions(+)
|
||||
|
||||
diff --git a/third_party/sqlite/patched/ext/misc/zipfile.c b/third_party/sqlite/patched/ext/misc/zipfile.c
|
||||
index 5a88389bf2da..1dc47a7d9ae0 100644
|
||||
--- a/third_party/sqlite/patched/ext/misc/zipfile.c
|
||||
+++ b/third_party/sqlite/patched/ext/misc/zipfile.c
|
||||
@@ -1618,6 +1618,7 @@ static int zipfileUpdate(
|
||||
|
||||
if( rc==SQLITE_OK ){
|
||||
zPath = (const char*)sqlite3_value_text(apVal[2]);
|
||||
+ if( zPath==0 ) zPath = "";
|
||||
nPath = (int)strlen(zPath);
|
||||
mTime = zipfileGetTime(apVal[4]);
|
||||
}
|
||||
diff --git a/third_party/sqlite/patched/test/zipfile.test b/third_party/sqlite/patched/test/zipfile.test
|
||||
index 25dc5d6497d1..f5c503d7f156 100644
|
||||
--- a/third_party/sqlite/patched/test/zipfile.test
|
||||
+++ b/third_party/sqlite/patched/test/zipfile.test
|
||||
@@ -795,4 +795,17 @@ if {$tcl_platform(platform)!="windows"} {
|
||||
} {. ./x1.txt ./x2.txt}
|
||||
}
|
||||
|
||||
+# 2019-12-18 Yongheng and Rui fuzzer
|
||||
+#
|
||||
+do_execsql_test 13.10 {
|
||||
+ DROP TABLE IF EXISTS t0;
|
||||
+ DROP TABLE IF EXISTS t1;
|
||||
+ CREATE TABLE t0(a,b,c,d,e,f,g);
|
||||
+ REPLACE INTO t0(c,b,f) VALUES(10,10,10);
|
||||
+ CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
|
||||
+ REPLACE INTO t1 SELECT * FROM t0;
|
||||
+ SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
|
||||
+ quote(data),quote(method) FROM t1;
|
||||
+} {'' 10 10 2 X'3130' X'3130' 0}
|
||||
+
|
||||
finish_test
|
||||
--
|
||||
2.24.1.735.g03f4e72817-goog
|
||||
|
Reference in New Issue
Block a user