database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-04 04:42:17 +03:00
Code Activity

Ensure that database corruption does not cause the cursor passed into

Browse Source 
sqlite3BtreeDelete() to be invalid.
dbsqlfuzz 209bf3de9ee11ae440848ab9bc9c13858f9be2e4.

FossilOrigin-Name: a85126f96614c53b030c6e6c43ff239eae458048597a10e9a0361fcec8628ecf
This commit is contained in:
drh
2022-03-22 23:33:20 +00:00
parent 56d88aad29
commit 500d7e542c
3 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/btree.c
View File

@@ -9430,12 +9430,16 @@ int sqlite3BtreeDelete(BtCursor *pCur, u8 flags){
assert( hasSharedCacheTableLock(p, pCur->pgnoRoot, pCur->pKeyInfo!=0, 2) );
assert( !hasReadConflicts(p, pCur->pgnoRoot) );
assert( (flags & ~(BTREE_SAVEPOSITION | BTREE_AUXDELETE))==0 );
if( pCur->eState==CURSOR_REQUIRESEEK ){
rc = btreeRestoreCursorPosition(pCur);
assert( rc!=SQLITE_OK || CORRUPT_DB || pCur->eState==CURSOR_VALID );
if( rc || pCur->eState!=CURSOR_VALID ) return rc;
if( pCur->eState!=CURSOR_VALID ){
if( pCur->eState>=CURSOR_REQUIRESEEK ){
rc = btreeRestoreCursorPosition(pCur);
assert( rc!=SQLITE_OK || CORRUPT_DB || pCur->eState==CURSOR_VALID );
if( rc || pCur->eState!=CURSOR_VALID ) return rc;
}else{
return SQLITE_CORRUPT_BKPT;
}
}
assert( CORRUPT_DB || pCur->eState==CURSOR_VALID );
assert( pCur->eState==CURSOR_VALID );
iCellDepth = pCur->iPage;
iCellIdx = pCur->ix;
@@ -9467,7 +9471,8 @@ int sqlite3BtreeDelete(BtCursor *pCur, u8 flags){
bPreserve = (flags & BTREE_SAVEPOSITION)!=0;
if( bPreserve ){
if( !pPage->leaf
|| (pPage->nFree+pPage->xCellSize(pPage,pCell)+2)>(int)(pBt->usableSize*2/3)
|| (pPage->nFree+pPage->xCellSize(pPage,pCell)+2) >
(int)(pBt->usableSize*2/3)
|| pPage->nCell==1 /* See dbfuzz001.test for a test case */
){
/* A b-tree rebalance will be required after deleting this entry.