From abaf16dea291800e0f450c0b60d9da9f2149d6a9 Mon Sep 17 00:00:00 2001
From: openEuler Buildteam <buildteam@openeuler.org>
Date: Mon, 30 Dec 2019 16:17:34 -0500
Subject: [PATCH] fix CVE-2019-9936

---
 ext/fts5/fts5_hash.c      |  3 ++-
 ext/fts5/test/fts5aa.test | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c
index 7e404a8..c35b5d5 100644
--- a/ext/fts5/fts5_hash.c
+++ b/ext/fts5/fts5_hash.c
@@ -445,7 +445,8 @@ static int fts5HashEntrySort(
   for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
     Fts5HashEntry *pIter;
     for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
-      if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){
+      if( pTerm==0
+          || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm)) ){
         Fts5HashEntry *pEntry = pIter;
         pEntry->pScanNext = 0;
         for(i=0; ap[i]; i++){
diff --git a/ext/fts5/test/fts5aa.test b/ext/fts5/test/fts5aa.test
index 6fa3ad8..5c9b894 100644
--- a/ext/fts5/test/fts5aa.test
+++ b/ext/fts5/test/fts5aa.test
@@ -603,6 +603,18 @@ do_execsql_test 23.2 {
   SELECT * FROM t11, t10 WHERE t10.rowid IS NULL;
 }
 
+#-------------------------------------------------------------------------
+do_execsql_test 25.0 {
+  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
+}
+do_execsql_test 25.1 {
+  BEGIN;
+  INSERT INTO t13 VALUES('AAAA');
+SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');
+
+  END;
+}
+
 }
 
 expand_all_sql db
-- 
1.8.3.1