From 2683665406947769c3495b99dd4eef073d2cf4ed Mon Sep 17 00:00:00 2001
From: danielk1977 <danielk1977@noemail.net>
Date: Mon, 17 Jan 2005 01:33:13 +0000
Subject: [PATCH] Have sqlite3pager_get() return SQLITE_CORRUPT for a page
 number greater than 2^31. (CVS 2222)

FossilOrigin-Name: feb49d10e83ecc186024d4e96b64ef92cf876715
---
 manifest      | 18 +++++++++---------
 manifest.uuid |  2 +-
 src/btree.c   | 27 +++++++++++++++++----------
 src/pager.c   | 15 +++++++++++++--
 test/all.test |  3 +--
 5 files changed, 41 insertions(+), 24 deletions(-)

diff --git a/manifest b/manifest
index 70ba7c0179..e812435a9f 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Turn\son\squick-balance\sby\sdefault.\s(CVS\s2221)
-D 2005-01-16T23:21:00
+C Have\ssqlite3pager_get()\sreturn\sSQLITE_CORRUPT\sfor\sa\spage\snumber\sgreater\sthan\s2^31.\s(CVS\s2222)
+D 2005-01-17T01:33:14
 F Makefile.in 78d6d0af3725aef32468ac9923444d7645d21a28
 F Makefile.linux-gcc a9e5a0d309fa7c38e7c14d3ecf7690879d3a5457
 F README a01693e454a00cc117967e3f9fdab2d4d52e9bc1
@@ -29,7 +29,7 @@ F sqlite3.def dbaeb20c153e1d366e8f421b55a573f5dfc00863
 F sqlite3.pc.in 985b9bf34192a549d7d370e0f0b6b34a4f61369a
 F src/attach.c e49d09dad9f5f9fb10b4b0c1be5a70ae4c45e689
 F src/auth.c 3b81f2a42f48a62c2c9c9b0eda31a157c681edea
-F src/btree.c 528a661ae10ee7513b3db724a4acfd0e90991798
+F src/btree.c 5fcaa2386570d2c905c57ffa13651203950ce33c
 F src/btree.h 74d19cf40ab49fd69abe9e4e12a6c321ad86c497
 F src/build.c af1296e8a21a406b4f4c4f1e1365e075071219f3
 F src/cursor.c f883813759742068890b1f699335872bfa8fdf41
@@ -51,7 +51,7 @@ F src/os_unix.c 08340c864822115bf87c6c1735780a0996278b81
 F src/os_unix.h f3097815e041e82e24d92505e1ff61ba24172d13
 F src/os_win.c 3c0b0a3bc33318cf555a1cd130232ad1b9a5a711
 F src/os_win.h 41a946bea10f61c158ce8645e7646b29d44f122b
-F src/pager.c 4b37f741fc199166cc69cfdfdbbb1e41b30f7ede
+F src/pager.c 6319578f176cbc53eb044940ce484fae244ba6c5
 F src/pager.h 9eba8c53dd91eae7f3f90743b2ee242da02a9862
 F src/parse.y ceba179b9703657180963568f54b0e75f33e36e1
 F src/pragma.c ac594f74c90ffec043c43e49358719ffeb491eec
@@ -82,7 +82,7 @@ F src/vdbeaux.c 6c294f7390880a7bb4795c9e0bc605b1a416579a
 F src/vdbemem.c 62fe89471b656a922e9879be005abf690509ead3
 F src/where.c 3a0d08505e298242f6f151f019a05129a4f8704c
 F tclinstaller.tcl 36478c3bbfc5b93ceac42d94e3c736937b808432
-F test/all.test 67984b11ab45c9e5811fb305f8b19012dedf2a02
+F test/all.test d9c4775753de7321c0f93aac2c08b417378d509a
 F test/alter.test 95c57a4f461fa81293e0dccef7f83889aadb169a
 F test/attach.test f39069efd4394422798f249df9a31489aa941ee1
 F test/attach2.test eeb987770f4dbe68bd29afdbc2e8cff0142e6eb5
@@ -267,7 +267,7 @@ F www/tclsqlite.tcl e73f8f8e5f20e8277619433f7970060ab01088fc
 F www/vdbe.tcl 095f106d93875c94b47367384ebc870517431618
 F www/version3.tcl 092a01f5ef430d2c4acc0ae558d74c4bb89638a0
 F www/whentouse.tcl c3b50d3ac31c54be2a1af9b488a89d22f1e6e746
-P de9ad673d037f7bfca3a2d439259a63c9ed954db
-R a3c633ca18ad9c504d2c45368f1d4e12
-U drh
-Z 9410eca575f29e730c32c01825919813
+P d0356dee55bd43f361ede1344e90d1ba6b5cde1e
+R c4fd31d8e980e6dc9c216408c16733fb
+U danielk1977
+Z f8cb6f96573ed3a635c83870ecccf67f
diff --git a/manifest.uuid b/manifest.uuid
index 57ca7c6586..57a31388c9 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-d0356dee55bd43f361ede1344e90d1ba6b5cde1e
\ No newline at end of file
+feb49d10e83ecc186024d4e96b64ef92cf876715
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index 167197f3ee..edb59c7ef7 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -9,7 +9,7 @@
 **    May you share freely, never taking more than you give.
 **
 *************************************************************************
-** $Id: btree.c,v 1.238 2005/01/16 23:21:00 drh Exp $
+** $Id: btree.c,v 1.239 2005/01/17 01:33:14 danielk1977 Exp $
 **
 ** This file implements a external (disk-based) database using BTrees.
 ** For a detailed discussion of BTrees, refer to
@@ -664,13 +664,11 @@ static int cellSizePtr(MemPage *pPage, u8 *pCell){
 
 #ifndef SQLITE_OMIT_AUTOVACUUM
 /*
-** If the cell with index iCell on page pPage contains a pointer
+** If the cell pCell, part of page pPage contains a pointer
 ** to an overflow page, insert an entry into the pointer-map
 ** for the overflow page.
 */
-static int ptrmapPutOvfl(MemPage *pPage, int iCell){
-  u8 *pCell;
-  pCell = findOverflowCell(pPage, iCell);
+static int ptrmapPutOvflPtr(MemPage *pPage, u8 *pCell){
   if( pCell ){
     CellInfo info;
     parseCellPtr(pPage, pCell, &info);
@@ -681,6 +679,16 @@ static int ptrmapPutOvfl(MemPage *pPage, int iCell){
   }
   return SQLITE_OK;
 }
+/*
+** If the cell with index iCell on page pPage contains a pointer
+** to an overflow page, insert an entry into the pointer-map
+** for the overflow page.
+*/
+static int ptrmapPutOvfl(MemPage *pPage, int iCell){
+  u8 *pCell;
+  pCell = findOverflowCell(pPage, iCell);
+  return ptrmapPutOvflPtr(pPage, pCell);
+}
 #endif
 
 
@@ -1604,12 +1612,11 @@ static int setChildPtrmaps(MemPage *pPage){
     CellInfo info;
     u8 *pCell = findCell(pPage, i);
 
-    parseCellPtr(pPage, pCell, &info);
-    if( info.iOverflow ){
-      Pgno ovflPgno = get4byte(&pCell[info.iOverflow]);
-      rc = ptrmapPut(pBt, ovflPgno, PTRMAP_OVERFLOW1, pgno);
-      if( rc!=SQLITE_OK ) goto set_child_ptrmaps_out;
+    rc = ptrmapPutOvflPtr(pPage, pCell);
+    if( rc!=SQLITE_OK ){
+      goto set_child_ptrmaps_out;
     }
+
     if( !pPage->leaf ){
       Pgno childPgno = get4byte(pCell);
       rc = ptrmapPut(pBt, childPgno, PTRMAP_BTREE, pgno);
diff --git a/src/pager.c b/src/pager.c
index 945475f1ce..aaa9d3c7b8 100644
--- a/src/pager.c
+++ b/src/pager.c
@@ -18,7 +18,7 @@
 ** file simultaneously, or one process from reading the database while
 ** another is writing.
 **
-** @(#) $Id: pager.c,v 1.182 2005/01/13 11:07:53 danielk1977 Exp $
+** @(#) $Id: pager.c,v 1.183 2005/01/17 01:33:14 danielk1977 Exp $
 */
 #include "sqliteInt.h"
 #include "os.h"
@@ -355,6 +355,11 @@ static const unsigned char aJournalMagic[] = {
 /* #define PAGER_MJ_PGNO(x) (PENDING_BYTE/((x)->pageSize)) */
 #define PAGER_MJ_PGNO(x) ((PENDING_BYTE/((x)->pageSize))+1)
 
+/*
+** The maximum legal page number is (2^31 - 1).
+*/
+#define PAGER_MAX_PGNO 2147483647
+
 /*
 ** Enable reference count tracking (for debugging) here:
 */
@@ -2124,10 +2129,16 @@ int sqlite3pager_get(Pager *pPager, Pgno pgno, void **ppPage){
   PgHdr *pPg;
   int rc;
 
+  /* The maximum page number is 2^31. Return SQLITE_CORRUPT if a page
+  ** number greater than this, or zero, is requested.
+  */
+  if( pgno>PAGER_MAX_PGNO || pgno==0 ){
+    return SQLITE_CORRUPT;
+  }
+
   /* Make sure we have not hit any critical errors.
   */ 
   assert( pPager!=0 );
-  assert( pgno!=0 );
   *ppPage = 0;
   if( pPager->errMask & ~(PAGER_ERR_FULL) ){
     return pager_errcode(pPager);
diff --git a/test/all.test b/test/all.test
index 0c73c39860..e7739222c9 100644
--- a/test/all.test
+++ b/test/all.test
@@ -10,7 +10,7 @@
 #***********************************************************************
 # This file runs all tests.
 #
-# $Id: all.test,v 1.28 2005/01/16 11:07:07 danielk1977 Exp $
+# $Id: all.test,v 1.29 2005/01/17 01:33:14 danielk1977 Exp $
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
@@ -67,7 +67,6 @@ set EXCLUDE {
 ifcapable default_autovacuum {
   lappend EXCLUDE btree2.test
   lappend EXCLUDE btree4.test
-  lappend EXCLUDE corrupt.test
 }
 
 for {set Counter 0} {$Counter<$COUNT && $nErr==0} {incr Counter} {