database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-07-29 08:01:23 +03:00
Code Activity

Fix a crash in the sqlite_dbdata module that could occur if a pointer within an overflow chain in a corrupt database pointed past the end of the db.

Browse Source 
FossilOrigin-Name: 3eae4e301e3e4bcf14e96066f77be1434c5d4b3daadb10153cd36382589ac128
This commit is contained in:
dan
2019-05-09 17:54:27 +00:00
parent 6bab6f2b4d
commit 4d2175613f
3 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ext/misc/dbdata.c
View File

@ -587,8 +587,9 @@ static int dbdataNext(sqlite3_vtab_cursor *pCursor){
int nOvfl = 0;
int nCopy;
rc = dbdataLoadPage(pCsr, pgnoOvfl, &aOvfl, &nOvfl);
assert( rc!=SQLITE_OK || nOvfl==pCsr->nPage );
assert( rc!=SQLITE_OK || aOvfl==0 || nOvfl==pCsr->nPage );
if( rc!=SQLITE_OK ) return rc;
if( aOvfl==0 ) break;
nCopy = U-4;
if( nCopy>nRem ) nCopy = nRem;