database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-07 02:42:48 +03:00
Code Activity

Add checks to make sure cells in corrupt database files

Browse Source 
do not overflow a page when doing autovacuum.
Problem detected by valgrind.

FossilOrigin-Name: d0b347b412376d22e9f0770ac083dafb5e480dd0
This commit is contained in:
drh
2011-08-31 13:27:19 +00:00
parent 0ee469c9a8
commit e42a9b431b
3 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/btree.c
View File

@@ -2754,11 +2754,12 @@ static int modifyPagePointer(MemPage *pPage, Pgno iFrom, Pgno iTo, u8 eType){
if( eType==PTRMAP_OVERFLOW1 ){
CellInfo info;
btreeParseCellPtr(pPage, pCell, &info);
if( info.iOverflow ){
if( iFrom==get4byte(&pCell[info.iOverflow]) ){
put4byte(&pCell[info.iOverflow], iTo);
break;
}
if( info.iOverflow
&& pCell+info.iOverflow+3<=pPage->aData+pPage->maskPage
&& iFrom==get4byte(&pCell[info.iOverflow])
){
put4byte(&pCell[info.iOverflow], iTo);
break;
}
}else{
if( get4byte(pCell)==iFrom ){
@@ -5190,6 +5191,9 @@ static int clearCell(MemPage *pPage, unsigned char *pCell){
if( info.iOverflow==0 ){
return SQLITE_OK; /* No overflow pages. Return without doing anything */
}
if( pCell+info.iOverflow+3 > pPage->aData+pPage->maskPage ){
return SQLITE_CORRUPT; /* Cell extends past end of page */
}
ovflPgno = get4byte(&pCell[info.iOverflow]);
assert( pBt->usableSize > 4 );
ovflPageSize = pBt->usableSize - 4;