mirror of
https://github.com/sqlite/sqlite.git
synced 2025-08-08 14:02:16 +03:00
Return an SQLITE_CORRUPT error if the content size field of a table record
extends off the end of a page. FossilOrigin-Name: b48c4e402125fb8d2208d358f6e9bbc351f3a49d
This commit is contained in:
drh
12
manifest
12
manifest
@@ -1,5 +1,5 @@
|
|||||||
C Uses\sshifts\srather\sthan\sdivision\sfor\sarithmetic\son\sthe\scell\sindices,\ssince\nthose\sindices\sare\salways\snon-negative.
|
C Return\san\sSQLITE_CORRUPT\serror\sif\sthe\scontent\ssize\sfield\sof\sa\stable\srecord\nextends\soff\sthe\send\sof\sa\spage.
|
||||||
D 2013-11-25T17:38:26.358
|
D 2013-11-25T20:14:13.468
|
||||||
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
||||||
F Makefile.in e1a9b4258bbde53f5636f4e238c65b7e11459e2b
|
F Makefile.in e1a9b4258bbde53f5636f4e238c65b7e11459e2b
|
||||||
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
||||||
@@ -166,7 +166,7 @@ F src/auth.c 523da7fb4979469955d822ff9298352d6b31de34
|
|||||||
F src/backup.c 1809a7caa2504233bdddd12f5018422421789537
|
F src/backup.c 1809a7caa2504233bdddd12f5018422421789537
|
||||||
F src/bitvec.c 19a4ba637bd85f8f63fc8c9bae5ade9fb05ec1cb
|
F src/bitvec.c 19a4ba637bd85f8f63fc8c9bae5ade9fb05ec1cb
|
||||||
F src/btmutex.c 976f45a12e37293e32cae0281b15a21d48a8aaa7
|
F src/btmutex.c 976f45a12e37293e32cae0281b15a21d48a8aaa7
|
||||||
F src/btree.c f98e6ceada5953859d13848cb3139d248e0ad2e6
|
F src/btree.c c308e64d89de5ea87e5538f7380af4477892e067
|
||||||
F src/btree.h a61ddebc78c66795a2b93181321a116746302cc9
|
F src/btree.h a61ddebc78c66795a2b93181321a116746302cc9
|
||||||
F src/btreeInt.h f038e818bfadf75afbd09819ed93c26a333d39e0
|
F src/btreeInt.h f038e818bfadf75afbd09819ed93c26a333d39e0
|
||||||
F src/build.c 07054d45319953e54a89d726e589a423e9c1c590
|
F src/build.c 07054d45319953e54a89d726e589a423e9c1c590
|
||||||
@@ -1142,7 +1142,7 @@ F tool/vdbe-compress.tcl f12c884766bd14277f4fcedcae07078011717381
|
|||||||
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
|
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
|
||||||
F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
|
F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
|
||||||
F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
|
F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
|
||||||
P 55e5bfa231dd52a7cf9ec982967da4963867b9e5
|
P 5bf2a3feeb2c83671bf3edeb20a549239e6873bf
|
||||||
R 03a0908b80603703a94d0f74a79b1f34
|
R 5bcbc7e134df92bc8848f497a4ca3642
|
||||||
U drh
|
U drh
|
||||||
Z 8e81fe7c02afd074478ec63871f47a2f
|
Z d267e18bd1e4ed89c545a37f1e6bffd5
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
5bf2a3feeb2c83671bf3edeb20a549239e6873bf
|
b48c4e402125fb8d2208d358f6e9bbc351f3a49d
|
||||||
@@ -4219,7 +4219,7 @@ static const unsigned char *fetchPayload(
|
|||||||
assert( cursorHoldsMutex(pCur) );
|
assert( cursorHoldsMutex(pCur) );
|
||||||
pPage = pCur->apPage[pCur->iPage];
|
pPage = pCur->apPage[pCur->iPage];
|
||||||
assert( pCur->aiIdx[pCur->iPage]<pPage->nCell );
|
assert( pCur->aiIdx[pCur->iPage]<pPage->nCell );
|
||||||
if( pCur->info.nSize==0 ){
|
if( NEVER(pCur->info.nSize==0) ){
|
||||||
btreeParseCell(pCur->apPage[pCur->iPage], pCur->aiIdx[pCur->iPage],
|
btreeParseCell(pCur->apPage[pCur->iPage], pCur->aiIdx[pCur->iPage],
|
||||||
&pCur->info);
|
&pCur->info);
|
||||||
}
|
}
|
||||||
@@ -4670,7 +4670,9 @@ int sqlite3BtreeMovetoUnpacked(
|
|||||||
i64 nCellKey;
|
i64 nCellKey;
|
||||||
pCell = findCell(pPage, idx) + pPage->childPtrSize;
|
pCell = findCell(pPage, idx) + pPage->childPtrSize;
|
||||||
if( pPage->hasData ){
|
if( pPage->hasData ){
|
||||||
while( 0x80 <= *(pCell++) && pCell<pPage->aDataEnd ){}
|
while( 0x80 <= *(pCell++) ){
|
||||||
|
if( pCell>=pPage->aDataEnd ) return SQLITE_CORRUPT_BKPT;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
getVarint(pCell, (u64*)&nCellKey);
|
getVarint(pCell, (u64*)&nCellKey);
|
||||||
if( nCellKey<intKey ){
|
if( nCellKey<intKey ){
|
||||||
|
|||||||
Reference in New Issue
Block a user