Avoid decrementing a pointer off the front end of the buffer in OP_MakeRecord.

FossilOrigin-Name: 153135bfb3b8f7c407ccf36571e2d4d5afe28ea3
2025-08-08 14:02:16 +03:00 · 2016-04-07 14:16:16 +00:00
parent be5000d6bf
commit 45c3c66385
3 changed files with 10 additions and 8 deletions
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -2755,7 +2755,9 @@ case OP_MakeRecord: {
    testcase( serial_type==127 );
    testcase( serial_type==128 );
    nHdr += serial_type<=127 ? 1 : sqlite3VarintLen(serial_type);
-  }while( (--pRec)>=pData0 );
+    if( pRec==pData0 ) break;
+    pRec--;
+  }while(1);

  /* EVIDENCE-OF: R-22564-11647 The header begins with a single varint
  ** which determines the total number of bytes in the header. The varint