/ Check-in [e7aca071]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Allocate a few extra bytes for the pager temp page as an overrun buffer while processing corrupt database files.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: e7aca0714bc475e04b16e9db78722ce025d2a1382f80cfc0a49cff2af904eae5
User & Date: drh 2019-02-26 17:49:07
Context
2019-02-26
17:52
New test cases added to test/fuzzdata8.db. check-in: 61fdfc57 user: drh tags: trunk
17:49
Allocate a few extra bytes for the pager temp page as an overrun buffer while processing corrupt database files. check-in: e7aca071 user: drh tags: trunk
16:17
Use unsigned integers to count the number of pages in a freelist during an integrity_check, to avoid any possibility of a signed integer overflow. check-in: 05b87e07 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/pager.c.

3782
3783
3784
3785
3786
3787
3788


3789

3790



3791
3792
3793
3794
3795
3796
3797
    char *pNew = NULL;             /* New temp space */
    i64 nByte = 0;

    if( pPager->eState>PAGER_OPEN && isOpen(pPager->fd) ){
      rc = sqlite3OsFileSize(pPager->fd, &nByte);
    }
    if( rc==SQLITE_OK ){


      pNew = (char *)sqlite3PageMalloc(pageSize);

      if( !pNew ) rc = SQLITE_NOMEM_BKPT;



    }

    if( rc==SQLITE_OK ){
      pager_reset(pPager);
      rc = sqlite3PcacheSetPageSize(pPager->pPCache, pageSize);
    }
    if( rc==SQLITE_OK ){







>
>
|
>
|
>
>
>







3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
    char *pNew = NULL;             /* New temp space */
    i64 nByte = 0;

    if( pPager->eState>PAGER_OPEN && isOpen(pPager->fd) ){
      rc = sqlite3OsFileSize(pPager->fd, &nByte);
    }
    if( rc==SQLITE_OK ){
      /* 8 bytes of zeroed overrun space is sufficient so that the b-tree
      * cell header parser will never run off the end of the allocation */
      pNew = (char *)sqlite3PageMalloc(pageSize+8);
      if( !pNew ){
        rc = SQLITE_NOMEM_BKPT;
      }else{
        memset(pNew+pageSize, 0, 8);
      }
    }

    if( rc==SQLITE_OK ){
      pager_reset(pPager);
      rc = sqlite3PcacheSetPageSize(pPager->pPCache, pageSize);
    }
    if( rc==SQLITE_OK ){