SQLite: Check-in [85b97931]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Do not allow pointer arithmetic to move a pointer across a memory allocation boundary.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA1:	85b979319bcb8ec301ae39b36ad60348e4515be7
User & Date:	drh 2016-04-05 13:19:19

Context

2016-04-05
13:35		Use SQLITE_WITHIN() for pointer range comparisons in some testing code. (check-in: 7cacf4e9 user: drh tags: trunk)
13:19		Do not allow pointer arithmetic to move a pointer across a memory allocation boundary. (check-in: 85b97931 user: drh tags: trunk)
2016-04-04
18:04		Fix documentation typos. Comment changes only. No changes to code. (check-in: d5fc2f7f user: drh tags: trunk)

Changes

Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

  6541   6541     int iEnd = iFirst + nCell;
  6542   6542     assert( CORRUPT_DB || pPg->hdrOffset==0 );    /* Never called on page 1 */
  6543   6543     for(i=iFirst; i<iEnd; i++){
  6544   6544       int sz, rc;
  6545   6545       u8 *pSlot;
  6546   6546       sz = cachedCellSize(pCArray, i);
  6547   6547       if( (aData[1]==0 && aData[2]==0) || (pSlot = pageFindSlot(pPg,sz,&rc))==0 ){
         6548  +      if( (pData - pBegin)<sz ) return 1;
  6548   6549         pData -= sz;
  6549         -      if( pData<pBegin ) return 1;
  6550   6550         pSlot = pData;
  6551   6551       }
  6552   6552       /* pSlot and pCArray->apCell[i] will never overlap on a well-formed
  6553   6553       ** database.  But they might for a corrupt database.  Hence use memmove()
  6554   6554       ** since memcpy() sends SIGABORT with overlapping buffers on OpenBSD */
  6555   6555       assert( (pSlot+sz)<=pCArray->apCell[i]
  6556   6556            || pSlot>=(pCArray->apCell[i]+sz)