/ Check-in [fb125bd3]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:The defragmentPage() routine detects corruption in the first-free-slot fields at offset 1 in the header and throws an error, rather than asserting.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: fb125bd338ab32b33d02fe61b76497b6d4a2a160056d6e759e15c94903e61a41
User & Date: drh 2019-03-30 18:39:13
Context
2019-03-30
19:17
Add a call to sqlite3FaultSim(410) inside of btreeRestoreCursorPosition() to simplify testing of error scenarios. check-in: bb643bac user: drh tags: trunk
18:39
The defragmentPage() routine detects corruption in the first-free-slot fields at offset 1 in the header and throws an error, rather than asserting. check-in: fb125bd3 user: drh tags: trunk
17:30
Add the blobio.c extension module implementing readblob() and writeblob(). Experimental. check-in: e3fde56d user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/btree.c.

1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439

1440
1441
1442
1443
1444
1445
1446
  /* This block handles pages with two or fewer free blocks and nMaxFrag
  ** or fewer fragmented bytes. In this case it is faster to move the
  ** two (or one) blocks of cells using memmove() and add the required
  ** offsets to each pointer in the cell-pointer array than it is to 
  ** reconstruct the entire page.  */
  if( (int)data[hdr+7]<=nMaxFrag ){
    int iFree = get2byte(&data[hdr+1]);

    /* If the initial freeblock offset were out of bounds, that would have
    ** been detected by btreeComputeFreeSpace() when it was computing the
    ** number of free bytes on the page. */
    assert( iFree<=usableSize-4 );

    if( iFree ){
      int iFree2 = get2byte(&data[iFree]);
      if( iFree2>usableSize-4 ) return SQLITE_CORRUPT_PAGE(pPage);
      if( 0==iFree2 || (data[iFree2]==0 && data[iFree2+1]==0) ){
        u8 *pEnd = &data[cellOffset + nCell*2];
        u8 *pAddr;
        int sz2 = 0;







<
<
<
<
<
>







1428
1429
1430
1431
1432
1433
1434





1435
1436
1437
1438
1439
1440
1441
1442
  /* This block handles pages with two or fewer free blocks and nMaxFrag
  ** or fewer fragmented bytes. In this case it is faster to move the
  ** two (or one) blocks of cells using memmove() and add the required
  ** offsets to each pointer in the cell-pointer array than it is to 
  ** reconstruct the entire page.  */
  if( (int)data[hdr+7]<=nMaxFrag ){
    int iFree = get2byte(&data[hdr+1]);





    if( iFree>usableSize-4 ) return SQLITE_CORRUPT_PAGE(pPage);
    if( iFree ){
      int iFree2 = get2byte(&data[iFree]);
      if( iFree2>usableSize-4 ) return SQLITE_CORRUPT_PAGE(pPage);
      if( 0==iFree2 || (data[iFree2]==0 && data[iFree2+1]==0) ){
        u8 *pEnd = &data[cellOffset + nCell*2];
        u8 *pAddr;
        int sz2 = 0;