SQLite: Check-in [3ecaaee6]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Enhance the btree search routine so that it does early detection of impossibly large keys and thereby avoids a large malloc() call.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA3-256:	3ecaaee69f49e43d38047b7d53b82689eba7f7d33541fcac3c32b6dc8a568458
User & Date:	drh 2019-01-21 23:18:22

Context

2019-01-22
02:34		Ensure that a key comparison does not read a collating sequence past the end of the KeyInfo, even if the key field of an index is corrupted by having a string in the last column instead of the ROWID. check-in: 058a8006 user: drh tags: trunk
2019-01-21
23:18		Enhance the btree search routine so that it does early detection of impossibly large keys and thereby avoids a large malloc() call. check-in: 3ecaaee6 user: drh tags: trunk
17:57		Avoid deferencing a freed pointer following an OOM or SQLITE_CORRUPT error in the fts3 xDestroy method. check-in: 505ed9a4 user: dan tags: trunk

Changes

Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/btree.c.

          u8 * const pCellBody = pCell - pPage->childPtrSize;
          pPage->xParseCell(pPage, pCellBody, &pCur->info);
          nCell = (int)pCur->info.nKey;
          testcase( nCell<0 );   /* True if key size is 2^32 or more */
          testcase( nCell==0 );  /* Invalid key size:  0x80 0x80 0x00 */
          testcase( nCell==1 );  /* Invalid key size:  0x80 0x80 0x01 */
          testcase( nCell==2 );  /* Minimum legal index key size */
          if( nCell<2 ){
            rc = SQLITE_CORRUPT_PAGE(pPage);
            goto moveto_finish;
          }
          pCellKey = sqlite3Malloc( nCell+18 );
          if( pCellKey==0 ){
            rc = SQLITE_NOMEM_BKPT;
            goto moveto_finish;

          u8 * const pCellBody = pCell - pPage->childPtrSize;
          pPage->xParseCell(pPage, pCellBody, &pCur->info);
          nCell = (int)pCur->info.nKey;
          testcase( nCell<0 );   /* True if key size is 2^32 or more */
          testcase( nCell==0 );  /* Invalid key size:  0x80 0x80 0x00 */
          testcase( nCell==1 );  /* Invalid key size:  0x80 0x80 0x01 */
          testcase( nCell==2 );  /* Minimum legal index key size */
          if( nCell<2 || nCell/pCur->pBt->usableSize>pCur->pBt->nPage ){
            rc = SQLITE_CORRUPT_PAGE(pPage);
            goto moveto_finish;
          }
          pCellKey = sqlite3Malloc( nCell+18 );
          if( pCellKey==0 ){
            rc = SQLITE_NOMEM_BKPT;
            goto moveto_finish;