Ensure that the cell array used in balance_nonroot() is always large enough, even if the pages being balanced are corrupt.

FossilOrigin-Name: 53f64e83b39cb56ac7211ffc80d06da13318e1da9dbca7b9123954f5be229a0d
2025-08-07 02:42:48 +03:00 · 2021-06-22 14:59:34 +00:00
parent 4d2c20331a
commit b9f8a187de
3 changed files with 9 additions and 9 deletions
--- a/src/btree.c
+++ b/src/btree.c
@@ -7757,6 +7757,7 @@ static int balance_nonroot(
        goto balance_cleanup;
      }
    }
+    nMaxCells += apOld[i]->nCell + ArraySize(pParent->apOvfl);
    if( (i--)==0 ) break;

    if( pParent->nOverflow && i+nxDiv==pParent->aiOvfl[0] ){
@@ -7798,7 +7799,6 @@ static int balance_nonroot(

  /* Make nMaxCells a multiple of 4 in order to preserve 8-byte
  ** alignment */
-  nMaxCells = nOld*(MX_CELL(pBt) + ArraySize(pParent->apOvfl));
  nMaxCells = (nMaxCells + 3)&~3;

  /*