Allocate a few extra bytes for the pager temp page as an overrun buffer while

processing corrupt database files. FossilOrigin-Name: e7aca0714bc475e04b16e9db78722ce025d2a1382f80cfc0a49cff2af904eae5
2025-08-05 15:55:57 +03:00 · 2019-02-26 17:49:07 +00:00
parent eaac9996ed
commit 5cb1ffc1bd
3 changed files with 15 additions and 9 deletions
--- a/src/pager.c
+++ b/src/pager.c
@@ -3786,8 +3786,14 @@ int sqlite3PagerSetPagesize(Pager *pPager, u32 *pPageSize, int nReserve){
      rc = sqlite3OsFileSize(pPager->fd, &nByte);
    }
    if( rc==SQLITE_OK ){
-      pNew = (char *)sqlite3PageMalloc(pageSize);
-      if( !pNew ) rc = SQLITE_NOMEM_BKPT;
+      /* 8 bytes of zeroed overrun space is sufficient so that the b-tree
+      * cell header parser will never run off the end of the allocation */
+      pNew = (char *)sqlite3PageMalloc(pageSize+8);
+      if( !pNew ){
+        rc = SQLITE_NOMEM_BKPT;
+      }else{
+        memset(pNew+pageSize, 0, 8);
+      }
    }

    if( rc==SQLITE_OK ){