database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-08 14:02:16 +03:00
Code Activity

Stronger constraint checking in allocateSpace().

Browse Source 
dbsqlfuzz 93d4c9ff5ef7cd29f16e767af1ee71c29ec5a4c0

FossilOrigin-Name: 9e968f4fbce061190f10f31ce9d3eb4fce6706ea6b7e5011bfa1e893d37ca68d
This commit is contained in:
drh
2023-04-03 12:33:12 +00:00
parent 6455a7066e
commit d8c34e3311
3 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/btree.c
View File

@@ -1772,13 +1772,14 @@ static int allocateSpace(MemPage *pPage, int nByte, int *pIdx){
** integer, so a value of 0 is used in its place. */
pTmp = &data[hdr+5];
top = get2byte(pTmp);
assert( top<=(int)pPage->pBt->usableSize ); /* by btreeComputeFreeSpace() */
if( gap>top ){
if( top==0 && pPage->pBt->usableSize==65536 ){
top = 65536;
}else{
return SQLITE_CORRUPT_PAGE(pPage);
}
}else if( top>(int)pPage->pBt->usableSize ){
return SQLITE_CORRUPT_PAGE(pPage);
}
/* If there is enough space between gap and top for one more cell pointer,
@@ -7585,7 +7586,7 @@ static int editPage(
pData = &aData[get2byteNotZero(&aData[hdr+5])];
if( pData<pBegin ) goto editpage_fail;
if( pData>pPg->aDataEnd ) goto editpage_fail;
if( NEVER(pData>pPg->aDataEnd) ) goto editpage_fail;
/* Add cells to the start of the page */
if( iNew<iOld ){