Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Avoid reading off the front of a page buffer when balancing a corrupt btree page. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
cb50509020d952fa9efed8df7fa08b07 |
User & Date: | drh 2019-01-14 05:48:10.140 |
Context
2019-01-14
| ||
11:56 | Have fts3 ignore empty sets of parenthesis if built with SQLITE_ENABLE_FTS3_PARENTHESIS. (check-in: c93c6b45a3 user: dan tags: trunk) | |
05:48 | Avoid reading off the front of a page buffer when balancing a corrupt btree page. (check-in: cb50509020 user: drh tags: trunk) | |
2019-01-13
| ||
20:23 | In dbfuzz2, avoid using a malloc in the LLVMFuzzerInitialize() initializer routine, so that no memory leaks are reported. Also, show the version of SQLite being used when the -v option is on. (check-in: 824f932469 user: drh tags: trunk) | |
Changes
Changes to src/btree.c.
︙ | ︙ | |||
6659 6660 6661 6662 6663 6664 6665 | if( rc ){ *pRC = rc; return; } /* The allocateSpace() routine guarantees the following properties ** if it returns successfully */ assert( idx >= 0 ); assert( idx >= pPage->cellOffset+2*pPage->nCell+2 || CORRUPT_DB ); assert( idx+sz <= (int)pPage->pBt->usableSize ); pPage->nFree -= (u16)(2 + sz); | < > > > > > > > > | 6659 6660 6661 6662 6663 6664 6665 6666 6667 6668 6669 6670 6671 6672 6673 6674 6675 6676 6677 6678 6679 6680 6681 6682 | if( rc ){ *pRC = rc; return; } /* The allocateSpace() routine guarantees the following properties ** if it returns successfully */ assert( idx >= 0 ); assert( idx >= pPage->cellOffset+2*pPage->nCell+2 || CORRUPT_DB ); assert( idx+sz <= (int)pPage->pBt->usableSize ); pPage->nFree -= (u16)(2 + sz); if( iChild ){ /* In a corrupt database where an entry in the cell index section of ** a btree page has a value of 3 or less, the pCell value might point ** as many as 4 bytes in front of the start of the aData buffer for ** the source page. Make sure this does not cause problems by not ** reading the first 4 bytes */ memcpy(&data[idx+4], pCell+4, sz-4); put4byte(&data[idx], iChild); }else{ memcpy(&data[idx], pCell, sz); } pIns = pPage->aCellIdx + i*2; memmove(pIns+2, pIns, 2*(pPage->nCell - i)); put2byte(pIns, idx); pPage->nCell++; /* increment the cell count */ if( (++data[pPage->hdrOffset+4])==0 ) data[pPage->hdrOffset+3]++; |
︙ | ︙ |