mirror of
https://github.com/sqlite/sqlite.git
synced 2025-08-07 02:42:48 +03:00
When parsing the schema, detect out-of-bounds rootpage values and throw an
error. FossilOrigin-Name: 6c3a2727dc912ed800146e07db5d15d0f3468d13701165ba763c4b114c3e18e8
This commit is contained in:
drh
19
manifest
19
manifest
@@ -1,24 +1,27 @@
|
||||
B d2aac001204621062e6cb3230ce2ac1b4545cb83b3ebb6bfebccee4d51162e97
|
||||
C All\sTCL\stests\snow\spassing.
|
||||
D 2020-07-22T17:12:59.996
|
||||
C When\sparsing\sthe\sschema,\sdetect\sout-of-bounds\srootpage\svalues\sand\sthrow\san\nerror.
|
||||
D 2020-07-22T18:03:56.431
|
||||
F src/analyze.c 5cffff3d355858cd22bfc6e20ac7203510d2e1cc935086eb06f4abb2f579f628
|
||||
F src/btree.c a4720f51945a86379ecd962a715d6fe9de08651a67d1e6f7b4884612da83ceb5
|
||||
F src/btree.h 7af72bbb4863c331c8f6753277ab40ee67d2a2125a63256d5c25489722ec162b
|
||||
F src/btreeInt.h 83166f6daeb91062b6ae9ee6247b3ad07e40eba58f3c05ba9e8dedad4ab1ea38
|
||||
F src/build.c f2b73fbb2197fb6e6a35ff2e1750085f023dc50542185f1a2dfccd632223eb14
|
||||
F src/pager.c a5f65ff2cd73b8d381cc7b338cac382ca6978d578fa0b84fdaa11d3cdc3c3e18
|
||||
F src/prepare.c 26be4805d6b6185229221152d6d1ce10e2a6619a1afe0d8bf3c5a3c4bacf402a
|
||||
F src/prepare.c 752643468bab27081bee439a7a727b616db2997e2ecdae132e8c786f8e44bcec
|
||||
F src/select.c 0e75d64091200a2a8fdc02abafe176a0c2e9b2654c4cc34564f25f0b408e91de
|
||||
F src/sqliteInt.h eb4f7746ca2f90dfd5ccaa182960daafccd63f3f7be83589f4257b41e0e5f70f
|
||||
F src/sqliteInt.h ec260b2441d94ef0b5be424c323cf255ae30d23e2fb2bd1c42a3a59c2fbafedb
|
||||
F src/util.c 58bf59fb0923017619c9c53957a676ff2322314b2547f6a223e0707e7ba505de
|
||||
F src/vdbe.c 44ac1776fa89e54dd49e71838aed17ceb316d993378d0d71818f7e853e934d0e
|
||||
F src/vdbe.c 120fdb1add80309cf1b4d6cc88b7f4e0580e816ded743a8f495fff9ef35a4e0a
|
||||
F src/vdbe.h 83603854bfa5851af601fc0947671eb260f4363e62e960e8a994fb9bbcd2aaa1
|
||||
F src/vdbeInt.h 762abffb7709f19c2cb74af1bba73a900f762e64f80d69c31c9ae89ed1066b60
|
||||
F src/vdbeaux.c 1cbbbffdb874c6f3e7aab40f3deb48abac4a71df1043cd95bb0d652d4e053871
|
||||
F src/wherecode.c 8064fe5c042824853a9b1fda670054a51a49033a6c79059988c97751ccf8088e
|
||||
F test/corrupt3.test 2520432b1fbf99994841e69804a3c59fb828183f4d09b85a1631bc7adca17e31
|
||||
F tool/showdb.c 49e810f5c414c792b5bf38cd5557ca9639713ebfef32aaff32faf7cb7ccce513
|
||||
P 92e2ab38930c76811dbf5abfe6b9ea9e12562a4bb4bb06cdb0cf49ac30da0bc3
|
||||
R 9a8fcc1aa7a1542100ce070d51449c82
|
||||
P 4c5f3c6cacf84a36d0347790d98d82d1f584cd1537a13a2736348405c4d20367
|
||||
R ccc7b0ae4ada19d710420f989f7c9313
|
||||
T *branch * rootpage-bounds-check
|
||||
T *sym-rootpage-bounds-check *
|
||||
T -sym-larger-databases *
|
||||
U drh
|
||||
Z 823bbfd3b3d1b49671a3ec5ee70353b6
|
||||
Z c08f65e2e744a2c088ae7728fbcd5c94
|
||||
|
||||
@@ -1 +1 @@
|
||||
4c5f3c6cacf84a36d0347790d98d82d1f584cd1537a13a2736348405c4d20367
|
||||
6c3a2727dc912ed800146e07db5d15d0f3468d13701165ba763c4b114c3e18e8
|
||||
@@ -116,6 +116,10 @@ int sqlite3InitCallback(void *pInit, int argc, char **argv, char **NotUsed){
|
||||
assert( db->init.busy );
|
||||
db->init.iDb = iDb;
|
||||
sqlite3GetUInt32(argv[3], &db->init.newTnum);
|
||||
if( db->init.newTnum>pData->mxPage && pData->mxPage!=0 ){
|
||||
corruptSchema(pData, argv[1], "invalid rootpage");
|
||||
return 0;
|
||||
}
|
||||
db->init.orphanTrigger = 0;
|
||||
db->init.azInit = argv;
|
||||
pStmt = 0;
|
||||
@@ -151,6 +155,7 @@ int sqlite3InitCallback(void *pInit, int argc, char **argv, char **NotUsed){
|
||||
if( pIndex==0
|
||||
|| sqlite3GetUInt32(argv[3],&pIndex->tnum)==0
|
||||
|| pIndex->tnum<2
|
||||
|| (pIndex->tnum>pData->mxPage && pData->mxPage!=0)
|
||||
|| sqlite3IndexHasDuplicateRootPage(pIndex)
|
||||
){
|
||||
corruptSchema(pData, argv[1], pIndex?"invalid rootpage":"orphan index");
|
||||
@@ -207,6 +212,7 @@ int sqlite3InitOne(sqlite3 *db, int iDb, char **pzErrMsg, u32 mFlags){
|
||||
initData.pzErrMsg = pzErrMsg;
|
||||
initData.mInitFlags = mFlags;
|
||||
initData.nInitRow = 0;
|
||||
initData.mxPage = 0;
|
||||
sqlite3InitCallback(&initData, 5, (char **)azArg, 0);
|
||||
db->mDbFlags &= mask;
|
||||
if( initData.rc ){
|
||||
@@ -329,6 +335,7 @@ int sqlite3InitOne(sqlite3 *db, int iDb, char **pzErrMsg, u32 mFlags){
|
||||
/* Read the schema information out of the schema tables
|
||||
*/
|
||||
assert( db->init.busy );
|
||||
initData.mxPage = sqlite3BtreeLastPage(pDb->pBt);
|
||||
{
|
||||
char *zSql;
|
||||
zSql = sqlite3MPrintf(db,
|
||||
|
||||
@@ -3629,6 +3629,7 @@ typedef struct {
|
||||
int rc; /* Result code stored here */
|
||||
u32 mInitFlags; /* Flags controlling error messages */
|
||||
u32 nInitRow; /* Number of rows processed */
|
||||
Pgno mxPage; /* Maximum page number. 0 for no limit. */
|
||||
} InitData;
|
||||
|
||||
/*
|
||||
|
||||
@@ -6122,6 +6122,7 @@ case OP_ParseSchema: {
|
||||
initData.iDb = iDb;
|
||||
initData.pzErrMsg = &p->zErrMsg;
|
||||
initData.mInitFlags = 0;
|
||||
initData.mxPage = sqlite3BtreeLastPage(db->aDb[iDb].pBt);
|
||||
zSql = sqlite3MPrintf(db,
|
||||
"SELECT*FROM\"%w\".%s WHERE %s ORDER BY rowid",
|
||||
db->aDb[iDb].zDbSName, zSchema, pOp->p4.z);
|
||||
|
||||
Reference in New Issue
Block a user