database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-11-14 00:22:38 +03:00
Code Activity

Make sure signed integer overflow does not cause a segfault while attempting

Browse Source 
to read a corrupt database where the header size varint on a record is larger
than the maximum 32-bit signed integer.

FossilOrigin-Name: c3baca99f4580652afb2c3f73036ab83796a1557
This commit is contained in:
drh
2013-08-01 19:17:39 +00:00
parent 2acbc0dd78
commit df003d61ce
4 changed files with 67 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/vdbeaux.c
View File

@@ -2990,7 +2990,7 @@ int sqlite3VdbeRecordCompare(
int nKey1, const void *pKey1, /* Left key */
UnpackedRecord *pPKey2 /* Right key */
){
int d1; /* Offset into aKey[] of next data element */
u32 d1; /* Offset into aKey[] of next data element */
u32 idx1; /* Offset into aKey[] of next header element */
u32 szHdr1; /* Number of bytes in header */
int i = 0;
@@ -3024,7 +3024,7 @@ int sqlite3VdbeRecordCompare(
/* Read the serial types for the next element in each key. */
idx1 += getVarint32( aKey1+idx1, serial_type1 );
if( d1>=nKey1 && sqlite3VdbeSerialTypeLen(serial_type1)>0 ) break;
if( d1>=(u32)nKey1 && sqlite3VdbeSerialTypeLen(serial_type1)>0 ) break;
/* Extract the values to be compared.
*/