/ Check-in [85b97931]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not allow pointer arithmetic to move a pointer across a memory allocation boundary.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 85b979319bcb8ec301ae39b36ad60348e4515be7
User & Date: drh 2016-04-05 13:19:19
Context
2016-04-05
13:35
Use SQLITE_WITHIN() for pointer range comparisons in some testing code. check-in: 7cacf4e9 user: drh tags: trunk
13:19
Do not allow pointer arithmetic to move a pointer across a memory allocation boundary. check-in: 85b97931 user: drh tags: trunk
2016-04-04
18:04
Fix documentation typos. Comment changes only. No changes to code. check-in: d5fc2f7f user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

  6541   6541     int iEnd = iFirst + nCell;
  6542   6542     assert( CORRUPT_DB || pPg->hdrOffset==0 );    /* Never called on page 1 */
  6543   6543     for(i=iFirst; i<iEnd; i++){
  6544   6544       int sz, rc;
  6545   6545       u8 *pSlot;
  6546   6546       sz = cachedCellSize(pCArray, i);
  6547   6547       if( (aData[1]==0 && aData[2]==0) || (pSlot = pageFindSlot(pPg,sz,&rc))==0 ){
         6548  +      if( (pData - pBegin)<sz ) return 1;
  6548   6549         pData -= sz;
  6549         -      if( pData<pBegin ) return 1;
  6550   6550         pSlot = pData;
  6551   6551       }
  6552   6552       /* pSlot and pCArray->apCell[i] will never overlap on a well-formed
  6553   6553       ** database.  But they might for a corrupt database.  Hence use memmove()
  6554   6554       ** since memcpy() sends SIGABORT with overlapping buffers on OpenBSD */
  6555   6555       assert( (pSlot+sz)<=pCArray->apCell[i]
  6556   6556            || pSlot>=(pCArray->apCell[i]+sz)