Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Avoid the possibility of integer overflow on a pointer comparison test for corruption in the database file. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
ff1b1ac3313ba9d70414e928ef3dd829 |
| User & Date: | drh 2016-03-22 14:10:45 |
Context
|
2016-03-22
| ||
| 14:37 | Create the "uptr" typedef (the same as uintptr_t when available) and use it to cast pointers before comparison. (check-in: 2484cc0c user: drh tags: trunk) | |
| 14:10 | Avoid the possibility of integer overflow on a pointer comparison test for corruption in the database file. (check-in: ff1b1ac3 user: drh tags: trunk) | |
|
2016-03-21
| ||
| 22:28 | Fix harmless compiler warnings. (check-in: 25d776e4 user: drh tags: trunk) | |
Changes
Changes to src/btree.c.
| ︙ | ︙ | |||
4468 4469 4470 4471 4472 4473 4474 | getCellInfo(pCur); aPayload = pCur->info.pPayload; #ifdef SQLITE_DIRECT_OVERFLOW_READ bEnd = offset+amt==pCur->info.nPayload; #endif assert( offset+amt <= pCur->info.nPayload ); | | > | > > > > | 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 |
getCellInfo(pCur);
aPayload = pCur->info.pPayload;
#ifdef SQLITE_DIRECT_OVERFLOW_READ
bEnd = offset+amt==pCur->info.nPayload;
#endif
assert( offset+amt <= pCur->info.nPayload );
assert( aPayload > pPage->aData );
if( (aPayload - pPage->aData) > (pBt->usableSize - pCur->info.nLocal) ){
/* Trying to read or write past the end of the data is an error. The
** conditional above is really:
** &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize]
** but is recast into its current form to avoid integer overflow problems
*/
return SQLITE_CORRUPT_BKPT;
}
/* Check if data must be read/written to/from the btree page itself. */
if( offset<pCur->info.nLocal ){
int a = amt;
if( a+offset>pCur->info.nLocal ){
|
| ︙ | ︙ |