Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a couple of memory-sanitizer complaints that could be triggered by a corrupt database. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
39c8686cabe6c437ba4860aade49a701 |
| User & Date: | dan 2021-03-01 16:16:59 |
Context
|
2021-03-01
| ||
| 21:43 | Add #ifndef macros so that the build works again with -DSQLITE_OMIT_AUTHORIZATION and -DSQLITE_OMIT_WINDOWFUNC. (check-in: 9400bdc6 user: drh tags: trunk) | |
| 16:16 | Fix a couple of memory-sanitizer complaints that could be triggered by a corrupt database. (check-in: 39c8686c user: dan tags: trunk) | |
| 16:15 | Fix another msan complain triggered by a corrupt database. (Closed-Leaf check-in: d235d406 user: dan tags: msan-fix) | |
|
2021-02-27
| ||
| 15:32 | Add OOM test case associated with the fix in the previous commit. (check-in: a631c38d user: dan tags: trunk) | |
Changes
Changes to src/btree.c.
| ︙ | ︙ | |||
7633 7634 7635 7636 7637 7638 7639 |
if( (i+nxDiv-pParent->nOverflow)==pParent->nCell ){
pRight = &pParent->aData[pParent->hdrOffset+8];
}else{
pRight = findCell(pParent, i+nxDiv-pParent->nOverflow);
}
pgno = get4byte(pRight);
while( 1 ){
| > | > | 7633 7634 7635 7636 7637 7638 7639 7640 7641 7642 7643 7644 7645 7646 7647 7648 7649 |
if( (i+nxDiv-pParent->nOverflow)==pParent->nCell ){
pRight = &pParent->aData[pParent->hdrOffset+8];
}else{
pRight = findCell(pParent, i+nxDiv-pParent->nOverflow);
}
pgno = get4byte(pRight);
while( 1 ){
if( rc==SQLITE_OK ){
rc = getAndInitPage(pBt, pgno, &apOld[i], 0, 0);
}
if( rc ){
memset(apOld, 0, (i+1)*sizeof(MemPage*));
goto balance_cleanup;
}
if( apOld[i]->nFree<0 ){
rc = btreeComputeFreeSpace(apOld[i]);
if( rc ){
|
| ︙ | ︙ | |||
7672 7673 7674 7675 7676 7677 7678 7679 |
** the dropCell() routine will overwrite the entire cell with zeroes.
** In this case, temporarily copy the cell into the aOvflSpace[]
** buffer. It will be copied out again as soon as the aSpace[] buffer
** is allocated. */
if( pBt->btsFlags & BTS_FAST_SECURE ){
int iOff;
iOff = SQLITE_PTR_TO_INT(apDiv[i]) - SQLITE_PTR_TO_INT(pParent->aData);
| > > | < < < < | 7674 7675 7676 7677 7678 7679 7680 7681 7682 7683 7684 7685 7686 7687 7688 7689 7690 7691 |
** the dropCell() routine will overwrite the entire cell with zeroes.
** In this case, temporarily copy the cell into the aOvflSpace[]
** buffer. It will be copied out again as soon as the aSpace[] buffer
** is allocated. */
if( pBt->btsFlags & BTS_FAST_SECURE ){
int iOff;
/* If the following if() condition is not true, the db is corrupted.
** The call to dropCell() below will detect this. */
iOff = SQLITE_PTR_TO_INT(apDiv[i]) - SQLITE_PTR_TO_INT(pParent->aData);
if( (iOff+szNew[i])<=(int)pBt->usableSize ){
memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]);
apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData];
}
}
dropCell(pParent, i+nxDiv-pParent->nOverflow, szNew[i], &rc);
}
}
|
| ︙ | ︙ |
Changes to src/pcache1.c.
| ︙ | ︙ | |||
457 458 459 460 461 462 463 464 465 466 467 468 469 470 |
#ifndef SQLITE_PCACHE_SEPARATE_HEADER
p = (PgHdr1 *)&((u8 *)pPg)[pCache->szPage];
#endif
p->page.pBuf = pPg;
p->page.pExtra = &p[1];
p->isBulkLocal = 0;
p->isAnchor = 0;
}
(*pCache->pnPurgeable)++;
return p;
}
/*
** Free a page object allocated by pcache1AllocPage().
| > | 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 |
#ifndef SQLITE_PCACHE_SEPARATE_HEADER
p = (PgHdr1 *)&((u8 *)pPg)[pCache->szPage];
#endif
p->page.pBuf = pPg;
p->page.pExtra = &p[1];
p->isBulkLocal = 0;
p->isAnchor = 0;
p->pLruPrev = 0; /* Initializing this saves a valgrind error */
}
(*pCache->pnPurgeable)++;
return p;
}
/*
** Free a page object allocated by pcache1AllocPage().
|
| ︙ | ︙ |