Add a NEVER() on an always-false conditional in pager.c.

Make sure the text of the master journal file is zero-terminated before trying to process it - to prevent a buffer overrun in strlen(). (CVS 6937) FossilOrigin-Name: cc9430e334fe98e1c35d408f81a2d8953377cda6
2025-08-07 02:42:48 +03:00 · 2009-07-25 14:18:57 +00:00
parent 8c924fe002
commit 0b0abe45ca
3 changed files with 15 additions and 13 deletions
--- a/src/pager.c
+++ b/src/pager.c
@@ -18,7 +18,7 @@
 ** file simultaneously, or one process from reading the database while
 ** another is writing.
 **
-** @(#) $Id: pager.c,v 1.621 2009/07/25 11:40:08 danielk1977 Exp $
+** @(#) $Id: pager.c,v 1.622 2009/07/25 14:18:57 drh Exp $
 */
 #ifndef SQLITE_OMIT_DISKIO
 #include "sqliteInt.h"
@@ -1728,14 +1728,15 @@ static int pager_delmaster(Pager *pPager, const char *zMaster){
    /* Load the entire master journal file into space obtained from
    ** sqlite3_malloc() and pointed to by zMasterJournal. 
    */
-    zMasterJournal = (char *)sqlite3Malloc((int)nMasterJournal + nMasterPtr);
+    zMasterJournal = sqlite3Malloc((int)nMasterJournal + nMasterPtr + 1);
    if( !zMasterJournal ){
      rc = SQLITE_NOMEM;
      goto delmaster_out;
    }
-    zMasterPtr = &zMasterJournal[nMasterJournal];
+    zMasterPtr = &zMasterJournal[nMasterJournal+1];
    rc = sqlite3OsRead(pMaster, zMasterJournal, (int)nMasterJournal, 0);
    if( rc!=SQLITE_OK ) goto delmaster_out;
+    zMasterJournal[nMasterJournal] = 0;

    zJournal = zMasterJournal;
    while( (zJournal-zMasterJournal)<nMasterJournal ){
@@ -3110,8 +3111,9 @@ static int pagerStress(void *p, PgHdr *pPg){
  ** be restored to its current value when the "ROLLBACK TO sp" is 
  ** executed.
  */
-  if( rc==SQLITE_OK && pPg->pgno>pPager->dbSize && subjRequiresPage(pPg) ){
-assert(0);
+  if( NEVER(
+      rc==SQLITE_OK && pPg->pgno>pPager->dbSize && subjRequiresPage(pPg)
+  ) ){
    rc = subjournalPage(pPg);
  }