Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Ensure that the cell overwrite optimization does not overwrite the header of the b-tree page. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
4cc5694cbd69749c146679c367860952 |
| User & Date: | drh 2019-08-15 13:17:49 |
Context
|
2019-08-15
| ||
| 13:46 | Avoid downgrading SQLITE_CORRUPT errors detected by the schema parser into SQLITE_NOMEM or SQLITE_ERROR errors. (check-in: b2e79f8f user: drh tags: trunk) | |
| 13:17 | Ensure that the cell overwrite optimization does not overwrite the header of the b-tree page. (check-in: 4cc5694c user: drh tags: trunk) | |
| 00:04 | Early detection out-of-bounds page numbers on the direct-overflow-read optimization gives consistent error messages regardless of whether or not the optimization is enabled. (check-in: b517a52f user: drh tags: trunk) | |
Changes
Changes to src/btree.c.
7671 7671 ** This must be done in advance. Once the balance starts, the cell 7672 7672 ** offset section of the btree page will be overwritten and we will no 7673 7673 ** long be able to find the cells if a pointer to each cell is not saved 7674 7674 ** first. 7675 7675 */ 7676 7676 memset(&b.szCell[b.nCell], 0, sizeof(b.szCell[0])*(limit+pOld->nOverflow)); 7677 7677 if( pOld->nOverflow>0 ){ 7678 - if( limit<pOld->aiOvfl[0] ){ 7678 + if( NEVER(limit<pOld->aiOvfl[0]) ){ 7679 7679 rc = SQLITE_CORRUPT_BKPT; 7680 7680 goto balance_cleanup; 7681 7681 } 7682 7682 limit = pOld->aiOvfl[0]; 7683 7683 for(j=0; j<limit; j++){ 7684 7684 b.apCell[b.nCell] = aData + (maskPage & get2byteAligned(piCell)); 7685 7685 piCell += 2; ................................................................................ 8472 8472 int nTotal = pX->nData + pX->nZero; /* Total bytes of to write */ 8473 8473 int rc; /* Return code */ 8474 8474 MemPage *pPage = pCur->pPage; /* Page being written */ 8475 8475 BtShared *pBt; /* Btree */ 8476 8476 Pgno ovflPgno; /* Next overflow page to write */ 8477 8477 u32 ovflPageSize; /* Size to write on overflow page */ 8478 8478 8479 - if( pCur->info.pPayload + pCur->info.nLocal > pPage->aDataEnd ){ 8479 + if( pCur->info.pPayload + pCur->info.nLocal > pPage->aDataEnd 8480 + || pCur->info.pPayload < pPage->aData + pPage->cellOffset 8481 + ){ 8480 8482 return SQLITE_CORRUPT_BKPT; 8481 8483 } 8482 8484 /* Overwrite the local portion first */ 8483 8485 rc = btreeOverwriteContent(pPage, pCur->info.pPayload, pX, 8484 8486 0, pCur->info.nLocal); 8485 8487 if( rc ) return rc; 8486 8488 if( pCur->info.nLocal==nTotal ) return SQLITE_OK;
Changes to test/fuzzdata8.db.
cannot compute difference between binary files