Hi all, On x86-64 Linux with SQLite 3.24.0 and the 201807110327 SQLite snapshot, the following program causes FTS5 to do an out-of-bounds access: https://gitlab.peach-bun.com/snippets/157
Sample ASan and Valgrind outputs are here: https://gitlab.peach-bun.com/snippets/158 It looks like if you feed in the byte sequence E3 81 BE E3 82 8A E3 82 84 (the UTF-8 encoding of γΎγγ), then the loop while( (p[n] & 0xc0)==0x80 ) n++; in sqlite3Fts5IndexCharlenToBytelen will attempt to read past the end of the string when building 3-character prefixes. I don't know what (if any) security/stability implications this out-of-bounds read has, but it is inconvenient to hit it when statically linking SQLite into an application has has ASan enabled (because it'll cause a program abort). Please let me know if I can provide any additional information that would help with a fix. Thanks, - David _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
