> On Oct 6, 2017, at 1:32 PM, Kent Williams wrote:
>
> Instead of
>
> aMatchinfo = (unsigned int *)sqlite3_value_blob(apVal[0]);
>
> Something like:
>
> if((aMatchinfo = (unsigned int *)sqlite3_value_blob(apVal[0])) == 0) {
> sqlite3_result_error(pCtx,
> "invalid matchinf
I like that it checks aMatchinfo for internal consistency.
The one thing that isn't in the new rankfunk.
Instead of
aMatchinfo = (unsigned int *)sqlite3_value_blob(apVal[0]);
Something like:
if((aMatchinfo = (unsigned int *)sqlite3_value_blob(apVal[0])) == 0) {
sqlite3_result_error(pC
A few corrections on this page about FTS (hopefully not too nit-picky):
1)
=== BEGIN QUOTE ===
-- ("driver" may also appear in the title, but this alone will not satisfy
the.
-- query criteria).
=== END QUOTE ===
There should not be a dot in "the."
2)
=== BEGIN QUOTE ===
putting the keyword
Dan Kennedy wrote:
On 10/06/2017 11:58 PM, Richard Hipp wrote:
>
>> On 10/6/17, Jens Alfke wrote:
>>
>>> Thanks for posting this — my adaptation of that sample code in my project
>>> had the same bug.
>>>
>>> I’m not sure how the SQL in your application gets generated, but if you
>>> allow untru
On 10/06/2017 11:58 PM, Richard Hipp wrote:
On 10/6/17, Jens Alfke wrote:
Thanks for posting this — my adaptation of that sample code in my project
had the same bug.
I’m not sure how the SQL in your application gets generated, but if you
allow untrusted SQL, it’s still possible to create a que
On 10/6/17, Kent Williams wrote:
>
> As for 'untrusted SQL' -- if you open your databases (or our clients'
> databases) to unrestricted queries, you wouldn't need a malicious use of
> full-text search to ruin everybody's day ;-)
>
That was my thinking too, for a long time. I figured that any exp
Luckily, any SQL we generate is done by our own developers, and runs
through QA. Not only that, we've got a guy who likes to find exploits
for our backend software.
As for 'untrusted SQL' -- if you open your databases (or our clients'
databases) to unrestricted queries, you wouldn't need a ma
On 10/6/17, Jens Alfke wrote:
> Thanks for posting this — my adaptation of that sample code in my project
> had the same bug.
>
> I’m not sure how the SQL in your application gets generated, but if you
> allow untrusted SQL, it’s still possible to create a query that can cause
> the rank function
Thanks for posting this — my adaptation of that sample code in my project had
the same bug.
I’m not sure how the SQL in your application gets generated, but if you allow
untrusted SQL, it’s still possible to create a query that can cause the rank
function to crash. For example (assuming I have
9 matches
Mail list logo