database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-08 14:02:16 +03:00
Code Activity

Avoid a buffer overread in ptrmapPutOvflPtr() that can occurs in a

Browse Source 
corrupt database file that has large entries and uses autovacuum.

FossilOrigin-Name: f8b781cf41800e9f61a1c5376404a97e76a2bbbcaa17396d42be62f731363947
This commit is contained in:
drh
2018-12-14 16:00:38 +00:00
parent fa94d492c8
commit e7acce66b2
3 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
manifest
View File

@@ -1,5 +1,5 @@
C Fix\sa\sharmless\scompiler\swarning\sin\sSessions. C Avoid\sa\sbuffer\soverread\sin\sptrmapPutOvflPtr()\sthat\scan\soccurs\sin\sa\ncorrupt\sdatabase\sfile\sthat\shas\slarge\sentries\sand\suses\sautovacuum.
D 2018-12-14T13:47:17.713 D 2018-12-14T16:00:38.064
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F Makefile.in d8b254f8bb81bab43c340d70d17dc3babab40fcc8a348c8255881f780a45fee6 F Makefile.in d8b254f8bb81bab43c340d70d17dc3babab40fcc8a348c8255881f780a45fee6
@@ -448,7 +448,7 @@ F src/auth.c 0fac71038875693a937e506bceb492c5f136dd7b1249fbd4ae70b4e8da14f9df
F src/backup.c 78d3cecfbe28230a3a9a1793e2ead609f469be43e8f486ca996006be551857ab F src/backup.c 78d3cecfbe28230a3a9a1793e2ead609f469be43e8f486ca996006be551857ab
F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33 F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
F src/btree.c 89e9abe6a3f7461c8c5d44314b261e1dd29a31557d1dd91c72378bc0976fc1f6 F src/btree.c af1055a0a69a4a299d0095a0e0b3386c942ddf9b158098c6d64fe1c93adbeb82
F src/btree.h febb2e817be499570b7a2e32a9bbb4b607a9234f6b84bb9ae84916d4806e96f2 F src/btree.h febb2e817be499570b7a2e32a9bbb4b607a9234f6b84bb9ae84916d4806e96f2
F src/btreeInt.h 620ab4c7235f43572cf3ac2ac8723cbdf68073be4d29da24897c7b77dda5fd96 F src/btreeInt.h 620ab4c7235f43572cf3ac2ac8723cbdf68073be4d29da24897c7b77dda5fd96
F src/build.c ef9d7dc73e40dd9d10c28848343e21e8bc1baaab92cfb75eda893fff4fbf6b55 F src/build.c ef9d7dc73e40dd9d10c28848343e21e8bc1baaab92cfb75eda893fff4fbf6b55
@@ -1787,7 +1787,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
P 32754ca6f86da8165e274f98f35fc3df3aebd273e9da08387e2d0c3c89abda0f P fc9791ea987352e3e1322fbb7f833c23b402432af8249f9d397c6f7456788637
R 3d9fe236acd328f6aafabdc7e0f6bbfc R f5743306f54d784293952b3602df596c
U drh U drh
Z ea9bbe01e8202c5233345adba0cefb74 Z 6e0967960c2e7605bd0b191a56849a10

2
manifest.uuid
View File

@@ -1 +1 @@
fc9791ea987352e3e1322fbb7f833c23b402432af8249f9d397c6f7456788637 f8b781cf41800e9f61a1c5376404a97e76a2bbbcaa17396d42be62f731363947

7
src/btree.c
View File

@@ -1369,7 +1369,12 @@ static void ptrmapPutOvflPtr(MemPage *pPage, u8 *pCell, int *pRC){
assert( pCell!=0 ); assert( pCell!=0 );
pPage->xParseCell(pPage, pCell, &info); pPage->xParseCell(pPage, pCell, &info);
if( info.nLocal<info.nPayload ){ if( info.nLocal<info.nPayload ){
Pgno ovfl = get4byte(&pCell[info.nSize-4]); Pgno ovfl;
if( SQLITE_WITHIN(pPage->aDataEnd, pCell, pCell+info.nLocal) ){
*pRC = SQLITE_CORRUPT_BKPT;
return;
}
ovfl = get4byte(&pCell[info.nSize-4]);
ptrmapPut(pPage->pBt, ovfl, PTRMAP_OVERFLOW1, pPage->pgno, pRC); ptrmapPut(pPage->pBt, ovfl, PTRMAP_OVERFLOW1, pPage->pgno, pRC);
} }
} }