SQLite

Check-in [4cc5694cbd]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Ensure that the cell overwrite optimization does not overwrite the header of the b-tree page.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 4cc5694cbd69749c146679c367860952fdf3f5356426ddfd1dce470569702bc1
User & Date: drh 2019-08-15 13:17:49.826
Context
2019-08-15
13:46
Avoid downgrading SQLITE_CORRUPT errors detected by the schema parser into SQLITE_NOMEM or SQLITE_ERROR errors. (check-in: b2e79f8ff0 user: drh tags: trunk)
13:17
Ensure that the cell overwrite optimization does not overwrite the header of the b-tree page. (check-in: 4cc5694cbd user: drh tags: trunk)
00:04
Early detection out-of-bounds page numbers on the direct-overflow-read optimization gives consistent error messages regardless of whether or not the optimization is enabled. (check-in: b517a52fa3 user: drh tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/btree.c.
7671
7672
7673
7674
7675
7676
7677
7678

7679
7680
7681
7682
7683
7684
7685
7671
7672
7673
7674
7675
7676
7677

7678
7679
7680
7681
7682
7683
7684
7685







-
+







    ** This must be done in advance.  Once the balance starts, the cell
    ** offset section of the btree page will be overwritten and we will no
    ** long be able to find the cells if a pointer to each cell is not saved
    ** first.
    */
    memset(&b.szCell[b.nCell], 0, sizeof(b.szCell[0])*(limit+pOld->nOverflow));
    if( pOld->nOverflow>0 ){
      if( limit<pOld->aiOvfl[0] ){
      if( NEVER(limit<pOld->aiOvfl[0]) ){
        rc = SQLITE_CORRUPT_BKPT;
        goto balance_cleanup;
      }
      limit = pOld->aiOvfl[0];
      for(j=0; j<limit; j++){
        b.apCell[b.nCell] = aData + (maskPage & get2byteAligned(piCell));
        piCell += 2;
8472
8473
8474
8475
8476
8477
8478
8479



8480
8481
8482
8483
8484
8485
8486
8472
8473
8474
8475
8476
8477
8478

8479
8480
8481
8482
8483
8484
8485
8486
8487
8488







-
+
+
+







  int nTotal = pX->nData + pX->nZero; /* Total bytes of to write */
  int rc;                             /* Return code */
  MemPage *pPage = pCur->pPage;       /* Page being written */
  BtShared *pBt;                      /* Btree */
  Pgno ovflPgno;                      /* Next overflow page to write */
  u32 ovflPageSize;                   /* Size to write on overflow page */

  if( pCur->info.pPayload + pCur->info.nLocal > pPage->aDataEnd ){
  if( pCur->info.pPayload + pCur->info.nLocal > pPage->aDataEnd
   || pCur->info.pPayload < pPage->aData + pPage->cellOffset
  ){
    return SQLITE_CORRUPT_BKPT;
  }
  /* Overwrite the local portion first */
  rc = btreeOverwriteContent(pPage, pCur->info.pPayload, pX,
                             0, pCur->info.nLocal);
  if( rc ) return rc;
  if( pCur->info.nLocal==nTotal ) return SQLITE_OK;
Changes to test/fuzzdata8.db.

cannot compute difference between binary files