Skip to content

Commit 3e56d28

Browse files
sivukhinsivukhin
committed
fix potential crash in fts5
- see: https://sqlite.org/forum/forumpost/171bcc2bcd
1 parent 351e6eb commit 3e56d28

File tree

1 file changed

+33
-27
lines changed

1 file changed

+33
-27
lines changed

libsql-sqlite3/ext/fts5/fts5_tokenize.c

Lines changed: 33 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1290,40 +1290,46 @@ static int fts5TriCreate(
12901290
Fts5Tokenizer **ppOut
12911291
){
12921292
int rc = SQLITE_OK;
1293-
TrigramTokenizer *pNew = (TrigramTokenizer*)sqlite3_malloc(sizeof(*pNew));
1294-
UNUSED_PARAM(pUnused);
1295-
if( pNew==0 ){
1296-
rc = SQLITE_NOMEM;
1293+
TrigramTokenizer *pNew = 0;
1294+
1295+
if( nArg%2 ){
1296+
rc = SQLITE_ERROR;
12971297
}else{
1298-
int i;
1299-
pNew->bFold = 1;
1300-
pNew->iFoldParam = 0;
1301-
for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
1302-
const char *zArg = azArg[i+1];
1303-
if( 0==sqlite3_stricmp(azArg[i], "case_sensitive") ){
1304-
if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1] ){
1305-
rc = SQLITE_ERROR;
1298+
pNew = (TrigramTokenizer*)sqlite3_malloc(sizeof(*pNew));
1299+
UNUSED_PARAM(pUnused);
1300+
if( pNew==0 ){
1301+
rc = SQLITE_NOMEM;
1302+
}else{
1303+
int i;
1304+
pNew->bFold = 1;
1305+
pNew->iFoldParam = 0;
1306+
for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
1307+
const char *zArg = azArg[i+1];
1308+
if( 0==sqlite3_stricmp(azArg[i], "case_sensitive") ){
1309+
if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1] ){
1310+
rc = SQLITE_ERROR;
1311+
}else{
1312+
pNew->bFold = (zArg[0]=='0');
1313+
}
1314+
}else if( 0==sqlite3_stricmp(azArg[i], "remove_diacritics") ){
1315+
if( (zArg[0]!='0' && zArg[0]!='1' && zArg[0]!='2') || zArg[1] ){
1316+
rc = SQLITE_ERROR;
1317+
}else{
1318+
pNew->iFoldParam = (zArg[0]!='0') ? 2 : 0;
1319+
}
13061320
}else{
1307-
pNew->bFold = (zArg[0]=='0');
1308-
}
1309-
}else if( 0==sqlite3_stricmp(azArg[i], "remove_diacritics") ){
1310-
if( (zArg[0]!='0' && zArg[0]!='1' && zArg[0]!='2') || zArg[1] ){
13111321
rc = SQLITE_ERROR;
1312-
}else{
1313-
pNew->iFoldParam = (zArg[0]!='0') ? 2 : 0;
13141322
}
1315-
}else{
1316-
rc = SQLITE_ERROR;
13171323
}
1318-
}
13191324

1320-
if( pNew->iFoldParam!=0 && pNew->bFold==0 ){
1321-
rc = SQLITE_ERROR;
1322-
}
1325+
if( pNew->iFoldParam!=0 && pNew->bFold==0 ){
1326+
rc = SQLITE_ERROR;
1327+
}
13231328

1324-
if( rc!=SQLITE_OK ){
1325-
fts5TriDelete((Fts5Tokenizer*)pNew);
1326-
pNew = 0;
1329+
if( rc!=SQLITE_OK ){
1330+
fts5TriDelete((Fts5Tokenizer*)pNew);
1331+
pNew = 0;
1332+
}
13271333
}
13281334
}
13291335
*ppOut = (Fts5Tokenizer*)pNew;

0 commit comments

Comments
 (0)