sqlite/0050-Fix-CVE-2019-9936.patch

From abaf16dea291800e0f450c0b60d9da9f2149d6a9 Mon Sep 17 00:00:00 2001
From: openEuler Buildteam <buildteam@openeuler.org>
Date: Mon, 30 Dec 2019 16:17:34 -0500
Subject: [PATCH] fix CVE-2019-9936

---
 ext/fts5/fts5_hash.c      |  3 ++-
 ext/fts5/test/fts5aa.test | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c
index 7e404a8..c35b5d5 100644
--- a/ext/fts5/fts5_hash.c
+++ b/ext/fts5/fts5_hash.c
@@ -445,7 +445,8 @@ static int fts5HashEntrySort(
   for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
     Fts5HashEntry *pIter;
     for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
-      if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){
+      if( pTerm==0
+          || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm)) ){
         Fts5HashEntry *pEntry = pIter;
         pEntry->pScanNext = 0;
         for(i=0; ap[i]; i++){
diff --git a/ext/fts5/test/fts5aa.test b/ext/fts5/test/fts5aa.test
index 6fa3ad8..5c9b894 100644
--- a/ext/fts5/test/fts5aa.test
+++ b/ext/fts5/test/fts5aa.test
@@ -603,6 +603,18 @@ do_execsql_test 23.2 {
   SELECT * FROM t11, t10 WHERE t10.rowid IS NULL;
 }
 
+#-------------------------------------------------------------------------
+do_execsql_test 25.0 {
+  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
+}
+do_execsql_test 25.1 {
+  BEGIN;
+  INSERT INTO t13 VALUES('AAAA');
+SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');
+
+  END;
+}
+
 }
 
 expand_all_sql db
-- 
1.8.3.1
fix CVE-2019-9936 and CVE-2019-9937 2020-01-03 22:54:16 +08:00			`From abaf16dea291800e0f450c0b60d9da9f2149d6a9 Mon Sep 17 00:00:00 2001`
			`From: openEuler Buildteam <buildteam@openeuler.org>`
			`Date: Mon, 30 Dec 2019 16:17:34 -0500`
			`Subject: [PATCH] fix CVE-2019-9936`

			`---`
			`ext/fts5/fts5_hash.c \| 3 ++-`
			`ext/fts5/test/fts5aa.test \| 12 ++++++++++++`
			`2 files changed, 14 insertions(+), 1 deletion(-)`

			`diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c`
			`index 7e404a8..c35b5d5 100644`
			`--- a/ext/fts5/fts5_hash.c`
			`+++ b/ext/fts5/fts5_hash.c`
			`@@ -445,7 +445,8 @@ static int fts5HashEntrySort(`
			`for(iSlot=0; iSlot<pHash->nSlot; iSlot++){`
			`Fts5HashEntry *pIter;`
			`for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){`
			`- if( pTerm==0 \|\| 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){`
			`+ if( pTerm==0`
			`+ \|\| (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm)) ){`
			`Fts5HashEntry *pEntry = pIter;`
			`pEntry->pScanNext = 0;`
			`for(i=0; ap[i]; i++){`
			`diff --git a/ext/fts5/test/fts5aa.test b/ext/fts5/test/fts5aa.test`
			`index 6fa3ad8..5c9b894 100644`
			`--- a/ext/fts5/test/fts5aa.test`
			`+++ b/ext/fts5/test/fts5aa.test`
			`@@ -603,6 +603,18 @@ do_execsql_test 23.2 {`
			`SELECT * FROM t11, t10 WHERE t10.rowid IS NULL;`
			`}`

			`+#-------------------------------------------------------------------------`
			`+do_execsql_test 25.0 {`
			`+ CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);`
			`+}`
			`+do_execsql_test 25.1 {`
			`+ BEGIN;`
			`+ INSERT INTO t13 VALUES('AAAA');`
			`+SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');`
			`+`
			`+ END;`
			`+}`
			`+`
			`}`

			`expand_all_sql db`
			`--`
			`1.8.3.1`