Use flexible arrays in the recovery extension and in the fuzzcheck test program.

Adjust the unix makefile to use -fsanitize=bounds-strict when building fuzzcheck-asan. FossilOrigin-Name: 6ea6a6b211fed1a14d7bec1ab1790dec09e2a00423860498a60b760c4a4561fa
2025-07-29 08:01:23 +03:00 · 2025-03-15 13:04:16 +00:00
parent bd0e3ed522
commit 0a4f10e6e2
5 changed files with 26 additions and 18 deletions
--- a/ext/recover/sqlite3recover.c
+++ b/ext/recover/sqlite3recover.c
@ -140,9 +140,12 @@ struct RecoverColumn {
 typedef struct RecoverBitmap RecoverBitmap;
 struct RecoverBitmap {
  i64 nPg;                        /* Size of bitmap */
-  u32 aElem[1];                   /* Array of 32-bit bitmasks */
+  u32 aElem[];                    /* Array of 32-bit bitmasks */
 };

+/* Size in bytes of a RecoverBitmap object sufficient to cover 32 pages */
+#define SZ_RECOVERBITMAP_32  (16)
+
 /*
 ** State variables (part of the sqlite3_recover structure) used while
 ** recovering data for tables identified in the recovered schema (state
@ -382,7 +385,7 @@ static int recoverError(
 */
 static RecoverBitmap *recoverBitmapAlloc(sqlite3_recover *p, i64 nPg){
  int nElem = (nPg+1+31) / 32;
-  int nByte = sizeof(RecoverBitmap) + nElem*sizeof(u32);
+  int nByte = SZ_RECOVERBITMAP_32 + nElem*sizeof(u32);
  RecoverBitmap *pRet = (RecoverBitmap*)recoverMalloc(p, nByte);

  if( pRet ){
--- a/main.mk
+++ b/main.mk
@ -2169,7 +2169,7 @@ fuzzy: fuzzcheck$(T.exe)
 xbin: fuzzcheck$(T.exe)

 fuzzcheck-asan$(T.exe):	$(FUZZCHECK_SRC) sqlite3.c sqlite3.h $(FUZZCHECK_DEP)
-	$(T.link) -o $@ -fsanitize=address $(FUZZCHECK_OPT) $(FUZZCHECK_SRC) \
+	$(T.link) -o $@ -fsanitize=address,bounds-strict $(FUZZCHECK_OPT) $(FUZZCHECK_SRC) \
 		sqlite3.c $(LDFLAGS.libsqlite3)
 fuzzy: fuzzcheck-asan$(T.exe)
 xbin: fuzzcheck-asan$(T.exe)
--- a/16
+++ b/16
@ -1,5 +1,5 @@
-C Use\sflexible\sarrays\swhereever\sappropriate\sin\sFTS5.
-D 2025-03-15T12:22:39.392
+C Use\sflexible\sarrays\sin\sthe\srecovery\sextension\sand\sin\sthe\sfuzzcheck\stest\sprogram.\nAdjust\sthe\sunix\smakefile\sto\suse\s-fsanitize=bounds-strict\swhen\sbuilding\nfuzzcheck-asan.
+D 2025-03-15T13:04:16.138
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md e108e1e69ae8e8a59e93c455654b8ac9356a11720d3345df2a4743e9590fb20d
@ -523,7 +523,7 @@ F ext/recover/recoverpgsz.test 88766fcb810e52ee05335c456d4e5fb06d02b73d3ccb48c52
 F ext/recover/recoverrowid.test f948bf4024a5f41b0e21b8af80c60564c5b5d78c05a8d64fc00787715ff9f45f
 F ext/recover/recoverslowidx.test c90d59c46bb8924a973ac6fbc38f3163cee38cc240256addcab1cf1a322c37dc
 F ext/recover/recoversql.test e66d01f95302a223bcd3fd42b5ee58dc2b53d70afa90b0d00e41e4b8eab20486
-F ext/recover/sqlite3recover.c 0ecdcb4df8967c84aa4dfe786816998bf2ef5cce55f4ac85ad4079e76f271027
+F ext/recover/sqlite3recover.c 098b622d34499625a3c87bc31abc237f8e9b992fa93ac5071f280bb0d90e7fd8
 F ext/recover/sqlite3recover.h 011c799f02deb70ab685916f6f538e6bb32c4e0025e79bfd0e24ff9c74820959
 F ext/recover/test_recover.c 072260d7452a3b81aba995b2b3269e7ec2aa7f06725544ba4c25b1b0a1dbc61a
 F ext/repair/README.md 92f5e8aae749a4dae14f02eea8e1bb42d4db2b6ce5e83dbcdd6b1446997e0c15
@ -705,7 +705,7 @@ F ext/wasm/tests/opfs/sahpool/sahpool-pausing.js f264925cfc82155de38cecb3d204c36
 F ext/wasm/tests/opfs/sahpool/sahpool-worker.js bd25a43fc2ab2d1bafd8f2854ad3943ef673f7c3be03e95ecf1612ff6e8e2a61
 F ext/wasm/wasmfs.make 68999f5bd8c489239592d59a420f8c627c99169bbd6fa16a404751f757b9f702
 F magic.txt 5ade0bc977aa135e79e3faaea894d5671b26107cc91e70783aa7dc83f22f3ba0
-F main.mk f2f6af216cf14ec010d317e2f75ed5dc2134a2f9d6be7df3a96ee11149598ca1
+F main.mk c7716a7f5559e9055519796fb27f257e4588bfae0f5c59e38b40f4e6ea51f5f0
 F mptest/config01.test 3c6adcbc50b991866855f1977ff172eb6d901271
 F mptest/config02.test 4415dfe36c48785f751e16e32c20b077c28ae504
 F mptest/crash01.test 61e61469e257df0850df4293d7d4d6c2af301421
@ -1278,7 +1278,7 @@ F test/fuzz3.test 70ba57260364b83e964707b9d4b5625284239768ab907dd387c740c0370ce3
 F test/fuzz4.test c229bcdb45518a89e1d208a21343e061503460ac69fae1539320a89f572eb634
 F test/fuzz_common.tcl b7197de6ed1ee8250a4f82d67876f4561b42ee8cbbfc6160dcb66331bad3f830
 F test/fuzz_malloc.test f348276e732e814802e39f042b1f6da6362a610af73a528d8f76898fde6b22f2
-F test/fuzzcheck.c 97eab1b916d576a0f734b921598bdac05ff04d1f15c494dbe40ca71a772c56bb
+F test/fuzzcheck.c 128789e46d14f2a3ab452fb341165897ff471c4bbef09f8e113c80839acf8941
 F test/fuzzdata1.db 3e86d9cf5aea68ddb8e27c02d7dfdaa226347426c7eb814918e4d95475bf8517
 F test/fuzzdata2.db 128b3feeb78918d075c9b14b48610145a0dd4c8d6f1ca7c2870c7e425f5bf31f
 F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba
@ -2213,8 +2213,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh 49a486c5069de041aedcbde4de178293e0463ae9918ecad7539eedf0ec77a139
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 28ac776a23da2753265a7fe2ee2ebb09964815fc9058e69c08275fc217842edc
-R c3399a4ca4e26a3efb3d2d24d674f2fd
+P 16dfc415b6e98a2acae79a24bb0afd401e60efc27cbdd1603a426fd33e17d427
+R 16bdd7a30aeb17479eb9d6ab2f69c679
 U drh
-Z 06abea0099d4abff8fb7955f85c850ef
+Z f00ea2f5fbf083c38b332f57e1d5d154
 # Remove this line to create a well-formed Fossil manifest.
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-16dfc415b6e98a2acae79a24bb0afd401e60efc27cbdd1603a426fd33e17d427
+6ea6a6b211fed1a14d7bec1ab1790dec09e2a00423860498a60b760c4a4561fa
--- a/test/fuzzcheck.c
+++ b/test/fuzzcheck.c
@ -129,9 +129,12 @@ struct Blob {
  int id;                 /* Id of this Blob */
  int seq;                /* Sequence number */
  int sz;                 /* Size of this Blob in bytes */
-  unsigned char a[1];     /* Blob content.  Extra space allocated as needed. */
+  unsigned char a[];      /* Blob content.  Extra space allocated as needed. */
 };

+/* Size in bytes of a Blob object sufficient to store N byte of content */
+#define SZ_BLOB(N) (offsetof(Blob,a) + (((N)+7)&~7))
+
 /*
 ** Maximum number of files in the in-memory virtual filesystem.
 */
@ -512,13 +515,15 @@ static void blobListLoadFromDb(
  int *pN,                 /* OUT: Write number of blobs loaded here */
  Blob **ppList            /* OUT: Write the head of the blob list here */
 ){
-  Blob head;
+  Blob *head;
  Blob *p;
  sqlite3_stmt *pStmt;
  int n = 0;
  int rc;
  char *z2;
+  unsigned char tmp[SZ_BLOB(8)];

+  head = (Blob*)tmp;
  if( firstId>0 ){
    z2 = sqlite3_mprintf("%s WHERE rowid BETWEEN %d AND %d", zSql,
                         firstId, lastId);
@ -528,11 +533,11 @@ static void blobListLoadFromDb(
  rc = sqlite3_prepare_v2(db, z2, -1, &pStmt, 0);
  sqlite3_free(z2);
  if( rc ) fatalError("%s", sqlite3_errmsg(db));
-  head.pNext = 0;
-  p = &head;
+  head->pNext = 0;
+  p = head;
  while( SQLITE_ROW==sqlite3_step(pStmt) ){
    int sz = sqlite3_column_bytes(pStmt, 1);
-    Blob *pNew = safe_realloc(0, sizeof(*pNew)+sz );
+    Blob *pNew = safe_realloc(0, SZ_BLOB(sz+1));
    pNew->id = sqlite3_column_int(pStmt, 0);
    pNew->sz = sz;
    pNew->seq = n++;
@ -544,7 +549,7 @@ static void blobListLoadFromDb(
  }
  sqlite3_finalize(pStmt);
  *pN = n;
-  *ppList = head.pNext;
+  *ppList = head->pNext;
 }

 /*