Re: [sqlite] Bug? 3.7.5 RC2 FTS4 division by zero exception

2011-01-31 Thread Richard Hipp 
On Mon, Jan 31, 2011 at 6:44 PM, Samuel Adam  wrote:

> On Mon, 31 Jan 2011 18:08:41 -0500, Ralf Junker  wrote:
>
> > This SQL:
> >
> >   drop table if exists t11;
> >   CREATE VIRTUAL TABLE t11 USING fts4;
> >   INSERT INTO t11 VALUES('quitealongstringoftext');
> >   INSERT INTO t11 VALUES('anotherquitealongstringoftext');
> >   UPDATE t11_stat SET value = X'';
>
> I actually think this is a documentation bug/failure-to-warn liability:
>
>WARNING:  Deliberately junking FTS’ internal tables may
>not only corrupt your FTS table, but also cause SQLite
>to crash.  Don’t do this.  Also do not use the hair dryer
>while in the bathtub, attempt to stop the chainsaw’s chain
>with your hand,   Inserting peanuts into your SQLite
>database may cause it to contain nuts.
>
> Please add to FTS docs §6 so you can avoid being sued.
>

You are both right.

This problem cannot be hit unless you corrupt the shadow tables.   On the
other hand, FTS4 ought to return SQLITE_CORRUPT rather than crash.

Because this problem cannot be hit without corrupting the shadow tables
first and in a very particular way, and because we already have the 3.7.5
release packaged and ready to push out to the website and to stop that and
patch this and retest would take a week, and because there are more pressing
concerns that are waiting on the 3.7.5 release, I'm going to defer fixing
this until 3.7.6.

Thanks for the bug report Ralf and for the analysis Samuel.



>
> >   SELECT matchinfo(t11, 'nxa') FROM t11 WHERE t11 MATCH 'a*';
> >
> > leads to a division by zero exception in fts3_snippet.c, line 1171:
> >
> >   pInfo->aMatchinfo[iCol] =
> > (u32)(((u32)(nToken&0x)+nDoc/2)/nDoc);
> >
> > nDoc is zero here, which is not tested for, but I believe it should.
> >
> > Ralf
>
> Does the crash also occur when the zero occurs naturally, or is that
> codepath not exercised?  Perhaps an assert() is in order.
>
> Very truly,
>
> Samuel Adam 
> 763 Montgomery Road
> Hillsborough, NJ  08844-1304 • United States
> http://certifound.com/
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>



-- 
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Bug? 3.7.5 RC2 FTS4 division by zero exception

2011-01-31 Thread Samuel Adam 
On Mon, 31 Jan 2011 18:08:41 -0500, Ralf Junker  wrote:

> This SQL:
>
>   drop table if exists t11;
>   CREATE VIRTUAL TABLE t11 USING fts4;
>   INSERT INTO t11 VALUES('quitealongstringoftext');
>   INSERT INTO t11 VALUES('anotherquitealongstringoftext');
>   UPDATE t11_stat SET value = X'';

I actually think this is a documentation bug/failure-to-warn liability:

WARNING:  Deliberately junking FTS’ internal tables may
not only corrupt your FTS table, but also cause SQLite
to crash.  Don’t do this.  Also do not use the hair dryer
while in the bathtub, attempt to stop the chainsaw’s chain
with your hand,   Inserting peanuts into your SQLite
database may cause it to contain nuts.

Please add to FTS docs §6 so you can avoid being sued.

>   SELECT matchinfo(t11, 'nxa') FROM t11 WHERE t11 MATCH 'a*';
>
> leads to a division by zero exception in fts3_snippet.c, line 1171:
>
>   pInfo->aMatchinfo[iCol] =  
> (u32)(((u32)(nToken&0x)+nDoc/2)/nDoc);
>
> nDoc is zero here, which is not tested for, but I believe it should.
>
> Ralf

Does the crash also occur when the zero occurs naturally, or is that  
codepath not exercised?  Perhaps an assert() is in order.

Very truly,

Samuel Adam 
763 Montgomery Road
Hillsborough, NJ  08844-1304 • United States
http://certifound.com/
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] Bug? 3.7.5 RC2 FTS4 division by zero exception

2011-01-31 Thread Ralf Junker 
This SQL:

  drop table if exists t11;
  CREATE VIRTUAL TABLE t11 USING fts4;
  INSERT INTO t11 VALUES('quitealongstringoftext');
  INSERT INTO t11 VALUES('anotherquitealongstringoftext');
  UPDATE t11_stat SET value = X'';
  SELECT matchinfo(t11, 'nxa') FROM t11 WHERE t11 MATCH 'a*';

leads to a division by zero exception in fts3_snippet.c, line 1171:

  pInfo->aMatchinfo[iCol] = (u32)(((u32)(nToken&0x)+nDoc/2)/nDoc);

nDoc is zero here, which is not tested for, but I believe it should.

Ralf
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users