database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-07 02:42:48 +03:00
Code Activity

Avoid the possibility of integer overflow on a pointer comparison test for

Browse Source 
corruption in the database file.

FossilOrigin-Name: ff1b1ac3313ba9d70414e928ef3dd82913298a1a
This commit is contained in:
drh
2016-03-22 14:10:45 +00:00
parent 13969f5af0
commit 0b98207c5b
3 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/btree.c
View File

@@ -4472,8 +4472,13 @@ static int accessPayload(
#endif
assert( offset+amt <= pCur->info.nPayload );
if( &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize] ){
/* Trying to read or write past the end of the data is an error */
assert( aPayload > pPage->aData );
if( (aPayload - pPage->aData) > (pBt->usableSize - pCur->info.nLocal) ){
/* Trying to read or write past the end of the data is an error. The
** conditional above is really:
** &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize]
** but is recast into its current form to avoid integer overflow problems
*/
return SQLITE_CORRUPT_BKPT;
}