SQLite

Check-in [85b979319b]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not allow pointer arithmetic to move a pointer across a memory allocation boundary.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 85b979319bcb8ec301ae39b36ad60348e4515be7
User & Date: drh 2016-04-05 13:19:19.622
Context
2016-04-05
13:35
Use SQLITE_WITHIN() for pointer range comparisons in some testing code. (check-in: 7cacf4e954 user: drh tags: trunk)
13:19
Do not allow pointer arithmetic to move a pointer across a memory allocation boundary. (check-in: 85b979319b user: drh tags: trunk)
2016-04-04
18:04
Fix documentation typos. Comment changes only. No changes to code. (check-in: d5fc2f7f90 user: drh tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/btree.c. 
6541
6542
6543
6544
6545
6546
6547

6548
6549
6550
6551
6552
6553
6554
6555
6556

6541
6542
6543
6544
6545
6546
6547
6548
6549

6550
6551
6552
6553
6554
6555
6556








+

-








  int iEnd = iFirst + nCell;
  assert( CORRUPT_DB || pPg->hdrOffset==0 );    /* Never called on page 1 */
  for(i=iFirst; i<iEnd; i++){
    int sz, rc;
    u8 *pSlot;
    sz = cachedCellSize(pCArray, i);
    if( (aData[1]==0 && aData[2]==0) || (pSlot = pageFindSlot(pPg,sz,&rc))==0 ){
      if( (pData - pBegin)<sz ) return 1;
      pData -= sz;
      if( pData<pBegin ) return 1;
      pSlot = pData;
    }
    /* pSlot and pCArray->apCell[i] will never overlap on a well-formed
    ** database.  But they might for a corrupt database.  Hence use memmove()
    ** since memcpy() sends SIGABORT with overlapping buffers on OpenBSD */
    assert( (pSlot+sz)<=pCArray->apCell[i]
         || pSlot>=(pCArray->apCell[i]+sz)