I like that it checks aMatchinfo for internal consistency.
The one thing that isn't in the new rankfunk.
Instead of
aMatchinfo = (unsigned int *)sqlite3_value_blob(apVal[0]);
Something like:
if((aMatchinfo = (unsigned int *)sqlite3_value_blob(apVal[0])) == 0) {
sqlite3_result_error(pCtx,
"invalid matchinfo blob passed to function rank()", -1);
}
On 10/06/2017 01:22 PM, Dan Kennedy wrote:
On 10/06/2017 11:58 PM, Richard Hipp wrote:
On 10/6/17, Jens Alfke <j...@mooseyard.com> wrote:
Thanks for posting this — my adaptation of that sample code in my
project
had the same bug.
I’m not sure how the SQL in your application gets generated, but if you
allow untrusted SQL, it’s still possible to create a query that can
cause
the rank function to crash.
We (developers) have already made a note to update the code example in
the documentation to include lots of validity checking on the
matchinfo() blob.
New version on the draft website here:
http://sqlite.org/draft/fts3.html#appendix_a
Any further bug reports or feedback welcome!
Dan.
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
