/ Check-in [083f523d]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add an assert() to verify that the nField+nXField values of a KeyInfo object are never less then the number of columns in a row for a non-corrupt database. This assert() currently fails, which is the root of the problem with ticket [f97c4637102a3ae72b].
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tkt-f97c4637
Files: files | file ages | folders
SHA1: 083f523d2f6702d4836d71986043db058e2c2356
User & Date: drh 2015-01-19 17:28:16
Context
2015-01-19
18:18
Strengthen the KeyInfo number-of-columns assert() added by the previous check-in. Closed-Leaf check-in: d0971b79 user: drh tags: tkt-f97c4637
17:28
Add an assert() to verify that the nField+nXField values of a KeyInfo object are never less then the number of columns in a row for a non-corrupt database. This assert() currently fails, which is the root of the problem with ticket [f97c4637102a3ae72b]. check-in: 083f523d user: drh tags: tkt-f97c4637
15:05
Enhance the command-line shell with the ability to set the SQLITE_TESTCTRL_NEVER_CORRUPT flag using: ".testctrl never_corrupt 1". check-in: 824328f9 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/vdbeaux.c.

  3262   3262     const UnpackedRecord *pPKey2, /* Right key */
  3263   3263     int desiredResult             /* Correct answer */
  3264   3264   ){
  3265   3265     u32 d1;            /* Offset into aKey[] of next data element */
  3266   3266     u32 idx1;          /* Offset into aKey[] of next header element */
  3267   3267     u32 szHdr1;        /* Number of bytes in header */
  3268   3268     int i = 0;
         3269  +  int nField = 0;    /* Number of fields seen in the pKey1 record */
  3269   3270     int rc = 0;
  3270   3271     const unsigned char *aKey1 = (const unsigned char *)pKey1;
  3271   3272     KeyInfo *pKeyInfo;
  3272   3273     Mem mem1;
  3273   3274   
  3274   3275     pKeyInfo = pPKey2->pKeyInfo;
  3275   3276     if( pKeyInfo->db==0 ) return 1;
................................................................................
  3294   3295     assert( pKeyInfo->nField>0 );
  3295   3296     assert( idx1<=szHdr1 || CORRUPT_DB );
  3296   3297     do{
  3297   3298       u32 serial_type1;
  3298   3299   
  3299   3300       /* Read the serial types for the next element in each key. */
  3300   3301       idx1 += getVarint32( aKey1+idx1, serial_type1 );
         3302  +    nField++;
  3301   3303   
  3302   3304       /* Verify that there is enough key space remaining to avoid
  3303   3305       ** a buffer overread.  The "d1+serial_type1+2" subexpression will
  3304   3306       ** always be greater than or equal to the amount of required key space.
  3305   3307       ** Use that approximation to avoid the more expensive call to
  3306   3308       ** sqlite3VdbeSerialTypeLen() in the common case.
  3307   3309       */
................................................................................
  3336   3338   
  3337   3339     /* rc==0 here means that one of the keys ran out of fields and
  3338   3340     ** all the fields up to that point were equal. Return the default_rc
  3339   3341     ** value.  */
  3340   3342     rc = pPKey2->default_rc;
  3341   3343   
  3342   3344   debugCompareEnd:
         3345  +  /* Verify that the total number of columns in the record does not
         3346  +  ** exceed pKeyInfo->nField + pKeyInfo->nXField.  
         3347  +  */
         3348  +  while( idx1<szHdr1 ){
         3349  +    u32 serial_type1;
         3350  +    idx1 += getVarint32( aKey1+idx1, serial_type1);
         3351  +    nField++;
         3352  +  }
         3353  +  assert( nField <= pKeyInfo->nField + pKeyInfo->nXField || CORRUPT_DB );
         3354  +
  3343   3355     if( desiredResult==0 && rc==0 ) return 1;
  3344   3356     if( desiredResult<0 && rc<0 ) return 1;
  3345   3357     if( desiredResult>0 && rc>0 ) return 1;
  3346   3358     if( CORRUPT_DB ) return 1;
  3347   3359     if( pKeyInfo->db->mallocFailed ) return 1;
  3348   3360     return 0;
  3349   3361   }