database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-05 15:55:57 +03:00
Code Activity

Earlier detections of errors in the byte-offset-to-cell-content integer at

Browse Source 
offset 5 in the header of a btree page.

FossilOrigin-Name: a0819086a521fb0ca4ffd12f959b168a89ea2e30a2844bbbd39831b2b9ecf29b
This commit is contained in:
drh
2019-05-08 00:17:45 +00:00
parent 2c45b67711
commit dfcecdfea8
4 changed files with 12 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/btree.c
View File

@@ -1628,9 +1628,9 @@ static int allocateSpace(MemPage *pPage, int nByte, int *pIdx){
** However, that integer is too large to be stored in a 2-byte unsigned
** integer, so a value of 0 is used in its place. */
top = get2byte(&data[hdr+5]);
assert( top<=(int)pPage->pBt->usableSize ); /* Prevent by getAndInitPage() */
assert( top<=(int)pPage->pBt->usableSize ); /* by btreeComputeFreeSpace() */
if( gap>top ){
if( top==0 && pPage->pBt->usableSize==65536 ){
if( top==0 && ALWAYS(pPage->pBt->usableSize==65536) ){
top = 65536;
}else{
return SQLITE_CORRUPT_PAGE(pPage);
@@ -1925,7 +1925,7 @@ static int btreeComputeFreeSpace(MemPage *pPage){
** serves to verify that the offset to the start of the cell-content
** area, according to the page header, lies within the page.
*/
if( nFree>usableSize ){
if( nFree>usableSize || nFree<iCellFirst ){
return SQLITE_CORRUPT_PAGE(pPage);
}
pPage->nFree = (u16)(nFree - iCellFirst);
@@ -8068,7 +8068,7 @@ static int balance_nonroot(
assert( sz<=pBt->maxLocal+23 );
assert( iOvflSpace <= (int)pBt->pageSize );
insertCell(pParent, nxDiv+i, pCell, sz, pTemp, pNew->pgno, &rc);
if( rc!=SQLITE_OK ) goto balance_cleanup;
if( NEVER(rc!=SQLITE_OK) ) goto balance_cleanup;
assert( sqlite3PagerIswriteable(pParent->pDbPage) );
}