Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Enhance the btree search routine so that it does early detection of impossibly large keys and thereby avoids a large malloc() call. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
3ecaaee69f49e43d38047b7d53b82689 |
User & Date: | drh 2019-01-21 23:18:22.833 |
Context
2019-01-22
| ||
02:34 | Ensure that a key comparison does not read a collating sequence past the end of the KeyInfo, even if the key field of an index is corrupted by having a string in the last column instead of the ROWID. (check-in: 058a8006dc user: drh tags: trunk) | |
2019-01-21
| ||
23:18 | Enhance the btree search routine so that it does early detection of impossibly large keys and thereby avoids a large malloc() call. (check-in: 3ecaaee69f user: drh tags: trunk) | |
17:57 | Avoid deferencing a freed pointer following an OOM or SQLITE_CORRUPT error in the fts3 xDestroy method. (check-in: 505ed9a478 user: dan tags: trunk) | |
Changes
Changes to src/btree.c.
︙ | ︙ | |||
5471 5472 5473 5474 5475 5476 5477 | u8 * const pCellBody = pCell - pPage->childPtrSize; pPage->xParseCell(pPage, pCellBody, &pCur->info); nCell = (int)pCur->info.nKey; testcase( nCell<0 ); /* True if key size is 2^32 or more */ testcase( nCell==0 ); /* Invalid key size: 0x80 0x80 0x00 */ testcase( nCell==1 ); /* Invalid key size: 0x80 0x80 0x01 */ testcase( nCell==2 ); /* Minimum legal index key size */ | | | 5471 5472 5473 5474 5475 5476 5477 5478 5479 5480 5481 5482 5483 5484 5485 | u8 * const pCellBody = pCell - pPage->childPtrSize; pPage->xParseCell(pPage, pCellBody, &pCur->info); nCell = (int)pCur->info.nKey; testcase( nCell<0 ); /* True if key size is 2^32 or more */ testcase( nCell==0 ); /* Invalid key size: 0x80 0x80 0x00 */ testcase( nCell==1 ); /* Invalid key size: 0x80 0x80 0x01 */ testcase( nCell==2 ); /* Minimum legal index key size */ if( nCell<2 || nCell/pCur->pBt->usableSize>pCur->pBt->nPage ){ rc = SQLITE_CORRUPT_PAGE(pPage); goto moveto_finish; } pCellKey = sqlite3Malloc( nCell+18 ); if( pCellKey==0 ){ rc = SQLITE_NOMEM_BKPT; goto moveto_finish; |
︙ | ︙ |