From 16f6aeb0a017f8406ca9de7224f8c8fe6d5ee30e Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 27 Dec 2018 20:12:02 +0000
Subject: [PATCH 0684/1009] Fix another problem with corrupt database handling
 in fts5.

https://github.com/mackyle/sqlite/commit/16f6aeb0a017f8406ca9de7224f8c8fe6d5ee30e

---
 ext/fts5/fts5_index.c           |   3 +-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index acf2db2..c5fe01b 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -1649,12 +1649,13 @@ static void fts5SegIterLoadTerm(Fts5Index *p, Fts5SegIter *pIter, int nKeep){
   int nNew;                       /* Bytes of new data */
 
   iOff += fts5GetVarint32(&a[iOff], nNew);
-  if( iOff+nNew>pIter->pLeaf->nn ){
+  if( iOff+nNew>pIter->pLeaf->nn || nKeep>pIter->term.n ){
     p->rc = FTS5_CORRUPT;
     return;
   }
   pIter->term.n = nKeep;
   fts5BufferAppendBlob(&p->rc, &pIter->term, nNew, &a[iOff]);
+  assert( pIter->term.n<=pIter->term.nSpace );
   iOff += nNew;
   pIter->iTermLeafOffset = iOff;
   pIter->iTermLeafPgno = pIter->iLeafPgno;
-- 
1.8.3.1