From 98c58356aebe4447a43d3c4c17beabbd300b0fdc Mon Sep 17 00:00:00 2001 From: drh Date: Fri, 7 Nov 2008 00:24:53 +0000 Subject: [PATCH] Prevent a rollback from crashing if the sector-size field of the rollback journal is corrupted. (CVS 5868) FossilOrigin-Name: cf9d1d933f6b6713018928d9a7680ae63e8edcd0 --- manifest | 12 ++++++------ manifest.uuid | 2 +- src/pager.c | 10 +++++++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/manifest b/manifest index d27c9398d7..236af11056 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\sdocumentation\sto\smake\sit\sclear\sthat\sshort\sreads\sfrom\sxRead\sin\sthe\sVFS\nmust\sbe\szero-filled.\s(CVS\s5867) -D 2008-11-07T00:06:18 +C Prevent\sa\srollback\sfrom\scrashing\sif\sthe\ssector-size\sfield\sof\sthe\nrollback\sjournal\sis\scorrupted.\s(CVS\s5868) +D 2008-11-07T00:24:54 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0 F Makefile.in 48172b58e444a9725ec482e0c022a564749acab4 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -138,7 +138,7 @@ F src/os_common.h 24525d8b7bce66c374dfc1810a6c9043f3359b60 F src/os_os2.c 63be0987dbeb42e9b08c831863d2a315953b86e1 F src/os_unix.c d17f694eda9d583676bcab87109efad42dd2abe1 F src/os_win.c e208cbbceac63c1dd881d0909de5a4679a2c6992 -F src/pager.c e9103fc8ef7439db804425811a8d2b31fe3879b3 +F src/pager.c 6b6f8eb4938d184d6612ea89631185dbace246b3 F src/pager.h 4a57b219c0765fe1870238064e3f46e4eb2cf5af F src/parse.y 2c4758b4c5ead6de8cf7112f5a7cce7561d313fe F src/pcache.c 5b80676e664019c1ebc8356cc25332dd69da6269 @@ -654,7 +654,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e -P 1b6a5140446da896f69fddc8d1ea076815bb45e3 -R 08ee53a11b68016faeed82f91090e413 +P fb311d6f4098a08f05b3fac9a2a7e2a53c38bb5f +R f50c7a2e7dd00ab08ec53c3aea49aa7d U drh -Z 5e998c6356f65705edd280b38e19632c +Z f1bbebd3f9bc0e31bb789450c23f8559 diff --git a/manifest.uuid b/manifest.uuid index e2cd87bdd1..6a1ab644b1 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -fb311d6f4098a08f05b3fac9a2a7e2a53c38bb5f \ No newline at end of file +cf9d1d933f6b6713018928d9a7680ae63e8edcd0 \ No newline at end of file diff --git a/src/pager.c b/src/pager.c index ca4716e6ec..4d24a36eab 100644 --- a/src/pager.c +++ b/src/pager.c @@ -18,7 +18,7 @@ ** file simultaneously, or one process from reading the database while ** another is writing. ** -** @(#) $Id: pager.c,v 1.501 2008/11/03 20:55:07 drh Exp $ +** @(#) $Id: pager.c,v 1.502 2008/11/07 00:24:54 drh Exp $ */ #ifndef SQLITE_OMIT_DISKIO #include "sqliteInt.h" @@ -203,7 +203,7 @@ struct Pager { i64 stmtHdrOff; /* First journal header written this statement */ i64 stmtCksum; /* cksumInit when statement was started */ i64 stmtJSize; /* Size of journal at stmt_begin() */ - int sectorSize; /* Assumed sector size during rollback */ + u32 sectorSize; /* Assumed sector size during rollback */ #ifdef SQLITE_TEST int nHit, nMiss; /* Cache hits and missing */ int nRead, nWrite; /* Database pages read/written */ @@ -756,8 +756,12 @@ static int readJournalHdr( ** is being called from within pager_playback(). The local value ** of Pager.sectorSize is restored at the end of that routine. */ - rc = read32bits(pPager->jfd, jrnlOff+12, (u32 *)&pPager->sectorSize); + rc = read32bits(pPager->jfd, jrnlOff+12, &pPager->sectorSize); if( rc ) return rc; + if( (pPager->sectorSize & (pPager->sectorSize-1))!=0 + || pPager->sectorSize>0x1000000 ){ + return SQLITE_DONE; + } pPager->journalOff += JOURNAL_HDR_SZ(pPager); return SQLITE_OK;