Initialize the 18-byte overrun area on the buffer used to reconstruct

overflow btree cells during a btree search, to avoid a harmless jump-depends-on-uninit-values warning. FossilOrigin-Name: 4b05caeb1b9767ba58cb4261ecc22cdd495216b3258d45f2165cdbd3ea079495
2025-08-08 14:02:16 +03:00 · 2019-05-16 20:36:07 +00:00
parent 0971ef45ab
commit 5c2f2206b6
3 changed files with 11 additions and 9 deletions
--- a/src/btree.c
+++ b/src/btree.c
@@ -5524,6 +5524,7 @@ int sqlite3BtreeMovetoUnpacked(
          ** case this happens.  */
          void *pCellKey;
          u8 * const pCellBody = pCell - pPage->childPtrSize;
+          const int nOverrun = 18;  /* Size of the overrun padding */
          pPage->xParseCell(pPage, pCellBody, &pCur->info);
          nCell = (int)pCur->info.nKey;
          testcase( nCell<0 );   /* True if key size is 2^32 or more */
@@ -5534,13 +5535,14 @@ int sqlite3BtreeMovetoUnpacked(
            rc = SQLITE_CORRUPT_PAGE(pPage);
            goto moveto_finish;
          }
-          pCellKey = sqlite3Malloc( nCell+18 );
+          pCellKey = sqlite3Malloc( nCell+nOverrun );
          if( pCellKey==0 ){
            rc = SQLITE_NOMEM_BKPT;
            goto moveto_finish;
          }
          pCur->ix = (u16)idx;
          rc = accessPayload(pCur, 0, nCell, (unsigned char*)pCellKey, 0);
+          memset(((u8*)pCellKey)+nCell,0,nOverrun); /* Fix uninit warnings */
          pCur->curFlags &= ~BTCF_ValidOvfl;
          if( rc ){
            sqlite3_free(pCellKey);