From 3af43610d9406dfc859f7aca5a3c6441c852911b Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Tue, 1 Jan 2019 13:59:34 +0000
Subject: [PATCH 0698/1009] Fix another case in fts5 where a corrupt database
 could cause a buffer overread.

https://github.com/mackyle/sqlite/commit/3af43610d9406dfc859f7aca5a3c6441c852911b

---
 ext/fts5/fts5_index.c           |   6 +-
 1 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index f786e8d..6ce9844 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -2311,6 +2311,7 @@ static void fts5LeafSeek(
         iPgidx += fts5GetVarint32(&pIter->pLeaf->p[iPgidx], iOff);
         if( iOff<4 || iOff>=pIter->pLeaf->szLeaf ){
           p->rc = FTS5_CORRUPT;
+          return;
         }else{
           nKeep = 0;
           iTermOff = iOff;
@@ -2323,8 +2324,11 @@ static void fts5LeafSeek(
   }
 
  search_success:
-
   pIter->iLeafOffset = iOff + nNew;
+  if( pIter->iLeafOffset>n ){
+    p->rc = FTS5_CORRUPT;
+    return;
+  }
   pIter->iTermLeafOffset = pIter->iLeafOffset;
   pIter->iTermLeafPgno = pIter->iLeafPgno;
 
-- 
1.8.3.1