database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-05 15:55:57 +03:00
Code Activity

Fix an issue introduced by check-in [4cd2a9672c59] (2017-03-03) that could

Browse Source 
allow a negative value in the 3rd parameter to memmove() when
defragmentPage() is called on a btree page with a corrupted
freeblock list.  The corruption is now detected early and results in
an SQLITE_CORRUPT return before the memmove() is reached.

FossilOrigin-Name: 5b9ae693120fe4f7bc3b6270f35d773876f6cc8f5990e05cce0d255c54b36ae7
This commit is contained in:
drh
2017-09-28 13:47:35 +00:00
parent 70efa84da7
commit 4e6cec1ca0
3 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/btree.c
View File

@@ -1399,6 +1399,9 @@ static int defragmentPage(MemPage *pPage, int nMaxFrag){
int sz2 = 0;
int sz = get2byte(&data[iFree+2]);
int top = get2byte(&data[hdr+5]);
if( top>=iFree ){
return SQLITE_CORRUPT_PGNO(pPage->pgno);
}
if( iFree2 ){
assert( iFree+sz<=iFree2 ); /* Verified by pageFindSlot() */
sz2 = get2byte(&data[iFree2+2]);