mirror of
https://github.com/sqlite/sqlite.git
synced 2025-11-14 00:22:38 +03:00
Store the MemPage structure in memory following, instead of preceding, the page data for cached pages. This reduces the likelihood of a corrupt database page image causing SQLite to read past the end of a buffer.
FossilOrigin-Name: 0ce42e76654d9ba52dac74c940d38b17866016ba
This commit is contained in:
dan
26
manifest
26
manifest
@@ -1,8 +1,5 @@
|
||||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA1
|
||||
|
||||
C Remove\sa\scondition\sthat\smust\salways\sbe\strue.\s\sReplace\sit\swith\san\sassert().
|
||||
D 2010-06-10T01:07:42
|
||||
C Store\sthe\sMemPage\sstructure\sin\smemory\sfollowing,\sinstead\sof\spreceding,\sthe\spage\sdata\sfor\scached\spages.\sThis\sreduces\sthe\slikelihood\sof\sa\scorrupt\sdatabase\spage\simage\scausing\sSQLite\sto\sread\spast\sthe\send\sof\sa\sbuffer.
|
||||
D 2010-06-10T06:53:27
|
||||
F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
|
||||
F Makefile.in a5cad1f8f3e021356bfcc6c77dc16f6f1952bbc3
|
||||
F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
|
||||
@@ -160,7 +157,7 @@ F src/os_win.c 0cf1f571546f165001e2391b5d4a4a16d86977d3
|
||||
F src/pager.c dde0b7447763299ebc4f27a7c3ab25b3b136c69f
|
||||
F src/pager.h 76466c3a5af56943537f68b1f16567101a0cd1d0
|
||||
F src/parse.y ace5c7a125d9f2a410e431ee3209034105045f7e
|
||||
F src/pcache.c ace8f6a5ecd4711cc66a1b23053be7109bd437cf
|
||||
F src/pcache.c 1e9aa2dbc0845b52e1b51cc39753b6d1e041cb07
|
||||
F src/pcache.h c683390d50f856d4cd8e24342ae62027d1bb6050
|
||||
F src/pcache1.c 3a7c28f46a61b43ff0b5c087a7983c154f4b264c
|
||||
F src/pragma.c 423865323a4074f1e0d4ab02af0be014653e8863
|
||||
@@ -313,7 +310,7 @@ F test/corrupt8.test 9992ef7f67cefc576b92373f6bf5ab8775280f51
|
||||
F test/corrupt9.test 4aa1cb1ef091cb0e13e89a819c72911631b5176a
|
||||
F test/corruptA.test 38b4f81c16099f6d8fa8b37e188fde76b8243994
|
||||
F test/corruptB.test d88b500f7994cb2eb9646410c263111e9831f889
|
||||
F test/corruptC.test e753c037cd4d92c760de760ddf6db7faea6a2fc2
|
||||
F test/corruptC.test c19fcc3693931f2334305d96497092ff6b8f9429
|
||||
F test/corruptD.test 3ae6e2dc6e2226c6935a8a40d4b5ee3eba75f8c0
|
||||
F test/corruptE.test 34de490791060d749c933aef3970839df3f63ea9
|
||||
F test/count.test 454e1ce985c94d13efeac405ce54439f49336163
|
||||
@@ -821,14 +818,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
|
||||
F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
|
||||
F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
|
||||
F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
|
||||
P ea05b7f929e4696175dbc3ded36dba8ed2a6b575
|
||||
R b2aa1ec382260251004c82b1180e6cb4
|
||||
U drh
|
||||
Z c9d9a3c8cddce25be30d2d7e79616c72
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.6 (GNU/Linux)
|
||||
|
||||
iD8DBQFMEDrhoxKgR168RlERAoNcAJ9ApOQLwNGdKX9r0AgpaNELEJ1wfgCcDI4V
|
||||
bkS2YGF3Gfz/u96PVSnmtbQ=
|
||||
=FCD6
|
||||
-----END PGP SIGNATURE-----
|
||||
P 7abcd54ec09e8025193d1e0ea57775051d823801
|
||||
R 31070636553ae76b50ea1052e3aa5bdb
|
||||
U dan
|
||||
Z e8833716b224a38eb8684e00df026f78
|
||||
|
||||
@@ -1 +1 @@
|
||||
7abcd54ec09e8025193d1e0ea57775051d823801
|
||||
0ce42e76654d9ba52dac74c940d38b17866016ba
|
||||
10
src/pcache.c
10
src/pcache.c
@@ -260,15 +260,17 @@ int sqlite3PcacheFetch(
|
||||
|
||||
if( pPage ){
|
||||
if( !pPage->pData ){
|
||||
memset(pPage, 0, sizeof(PgHdr) + pCache->szExtra);
|
||||
pPage->pExtra = (void*)&pPage[1];
|
||||
pPage->pData = (void *)&((char *)pPage)[sizeof(PgHdr) + pCache->szExtra];
|
||||
memset(pPage, 0, sizeof(PgHdr));
|
||||
pPage->pData = (void *)&pPage[1];
|
||||
pPage->pExtra = (void*)&((char *)pPage->pData)[pCache->szPage];
|
||||
memset(pPage->pExtra, 0, pCache->szExtra);
|
||||
pPage->pCache = pCache;
|
||||
pPage->pgno = pgno;
|
||||
}
|
||||
assert( pPage->pCache==pCache );
|
||||
assert( pPage->pgno==pgno );
|
||||
assert( pPage->pExtra==(void *)&pPage[1] );
|
||||
assert( pPage->pData==(void *)&pPage[1] );
|
||||
assert( pPage->pExtra==(void *)&((char *)&pPage[1])[pCache->szPage] );
|
||||
|
||||
if( 0==pPage->nRef ){
|
||||
pCache->nRef++;
|
||||
|
||||
@@ -276,6 +276,17 @@ do_test corruptC-2.14 {
|
||||
catchsql {DELETE FROM t1 WHERE rowid = (SELECT max(rowid) FROM t1)}
|
||||
} {1 {database disk image is malformed}}
|
||||
|
||||
# At one point this particular corrupt database was causing a buffer
|
||||
# overread. Which caused a crash in a run of all.test once.
|
||||
#
|
||||
do_test corruptC-2.15 {
|
||||
db close
|
||||
copy_file test.bu test.db
|
||||
hexio_write test.db 986 b9
|
||||
sqlite3 db test.db
|
||||
catchsql {SELECT count(*) FROM sqlite_master;}
|
||||
} {1 {malformed database schema (t1i1) - no such table: main.t1}}
|
||||
|
||||
#
|
||||
# Now test for a series of quasi-random seeds.
|
||||
# We loop over the entire file size and touch
|
||||
|
||||
Reference in New Issue
Block a user