database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-07 02:42:48 +03:00
Code Activity

Avoid a buffer overwrite that can occur with a corrupt database if secure-delete is enabled.

Browse Source 
FossilOrigin-Name: 7bdb1e05faceddbb0b8e3efee7d070ad8c4611a3
This commit is contained in:
dan
2010-02-26 15:09:19 +00:00
parent 383d30f483
commit 2ed11e7b18
4 changed files with 38 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/btree.c
View File

@@ -5815,8 +5815,15 @@ static int balance_nonroot(
** buffer. It will be copied out again as soon as the aSpace[] buffer
** is allocated. */
if( pBt->secureDelete ){
memcpy(&aOvflSpace[apDiv[i]-pParent->aData], apDiv[i], szNew[i]);
apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData];
int iOff = apDiv[i] - pParent->aData;
if( (iOff+szNew[i])>pBt->usableSize ){
rc = SQLITE_CORRUPT_BKPT;
memset(apOld, 0, (i+1)*sizeof(MemPage*));
goto balance_cleanup;
}else{
memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]);
apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData];
}
}
dropCell(pParent, i+nxDiv-pParent->nOverflow, szNew[i], &rc);
}