All bytes of a page are initialized, even bytes that follow a 2-byte cell

on a malformed page. FossilOrigin-Name: 7373a004ed0e2781cda503c73e9a94f24350ef79
2025-08-07 02:42:48 +03:00 · 2015-05-27 18:13:35 +00:00
parent f9705d4b66
commit b52e9c89df
3 changed files with 9 additions and 10 deletions
--- a/src/btree.c
+++ b/src/btree.c
@@ -6897,13 +6897,13 @@ static int balance_nonroot(
        memcpy(apCell[nCell], &pOld->aData[8], 4);
      }else{
        assert( leafCorrection==4 );
-        if( szCell[nCell]<4 ){
+        while( szCell[nCell]<4 ){
          /* Do not allow any cells smaller than 4 bytes. If a smaller cell
          ** does exist, pad it with 0x00 bytes. */
          assert( szCell[nCell]==3 || CORRUPT_DB );
          assert( apCell[nCell]==&aSpace1[iSpace1-3] || CORRUPT_DB );
          aSpace1[iSpace1++] = 0x00;
-          szCell[nCell] = 4;
+          szCell[nCell]++;
        }
      }
      nCell++;