Back out the expansion of the temporary buffer size from

[32754ca6f86da816] and replace it with an explicit test for buffer overreads. FossilOrigin-Name: 8ba3d9f38090c4bbbcffba1930e5c26f69ff61f49b72a4a5a59253d37341380f
2025-08-08 14:02:16 +03:00 · 2018-12-14 16:20:54 +00:00
parent e7acce66b2
commit d7a5e49840
4 changed files with 10 additions and 9 deletions
--- a/src/btree.c
+++ b/src/btree.c
@@ -6762,6 +6762,7 @@ static int rebuildPage(
  for(i=0; i<nCell; i++){
    u8 *pCell = apCell[i];
    if( SQLITE_WITHIN(pCell,aData,pEnd) ){
+      if( ((uptr)(pCell+szCell[i]))>(uptr)pEnd ) return SQLITE_CORRUPT_BKPT;
      pCell = &pTmp[pCell - aData];
    }
    pData -= szCell[i];