database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-05 15:55:57 +03:00
Code Activity

Fix an off-by-one error in tests for cells overflowing the end pages. The

Browse Source 
error is completely harmless for the default page cache, but might cause
problems for application-defined page caches that pack pages tightly
together.

FossilOrigin-Name: ce6793e954f291b6f5c29175baf730ce217328de1f0601b8935daac62af5f448
This commit is contained in:
drh
2023-07-13 14:49:39 +00:00
parent 81602595a0
commit bc6d949aa3
4 changed files with 35 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/btree.c
View File

@@ -1534,7 +1534,7 @@ static void ptrmapPutOvflPtr(MemPage *pPage, MemPage *pSrc, u8 *pCell,int *pRC){
pPage->xParseCell(pPage, pCell, &info);
if( info.nLocal<info.nPayload ){
Pgno ovfl;
if( SQLITE_WITHIN(pSrc->aDataEnd, pCell, pCell+info.nLocal) ){
if( SQLITE_OVERFLOW(pSrc->aDataEnd, pCell, pCell+info.nLocal) ){
testcase( pSrc!=pPage );
*pRC = SQLITE_CORRUPT_BKPT;
return;
@@ -8695,7 +8695,7 @@ static int balance_nonroot(
assert( iOvflSpace <= (int)pBt->pageSize );
for(k=0; ALWAYS(k<NB*2) && b.ixNx[k]<=j; k++){}
pSrcEnd = b.apEnd[k];
if( SQLITE_WITHIN(pSrcEnd, pCell, pCell+sz) ){
if( SQLITE_OVERFLOW(pSrcEnd, pCell, pCell+sz) ){
rc = SQLITE_CORRUPT_BKPT;
goto balance_cleanup;
}