The out-of-bounds read on recovery fix of check-in [378afa16381a222a] caused

problems for some corner-case error conditions.  This alternative fix appears
to work better.

FossilOrigin-Name: 74f399d81fe250e09fde730ac0c17fe8b2b776ed32a3f576adaad56090f2b7fa

manifest

@@ -1,5 +1,5 @@
-C Fix\sthe\sCSV\svirtual\stable\sextension\sso\sthat\sit\sworks\swhen\sthe\sdefault\scharacter\nis\sunsigned.
+C The\sout-of-bounds\sread\son\srecovery\sfix\sof\scheck-in\s[378afa16381a222a]\scaused\nproblems\sfor\ssome\scorner-case\serror\sconditions.\s\sThis\salternative\sfix\sappears\nto\swork\sbetter.
-D 2017-09-18T00:18:31.200
+D 2017-09-18T09:40:46.165
 F Makefile.in c644bbe8ebe4aae82ad6783eae6b6beea4c727b99ff97568b847ced5e2ac7afb
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc 6a7a74bf60ad395098c0bd175ab054cd65ef85d7f034198d52bcc4d9e5fb4c6b
@@ -444,7 +444,7 @@ F src/os_setup.h 0dbaea40a7d36bf311613d31342e0b99e2536586
 F src/os_unix.c 3984fc069df59e26f000e30609611cecdb4e93293e6ee52313a473a7e874af1b
 F src/os_win.c 225432ab6512f63ab2f37eb76872f818b01f0483ba0bea04a7a1168be3070ea5
 F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a
-F src/pager.c 2a523bf8ec77678b35fe56b43ac24045d2f97ad44d58c6a0894c131feda3eeff
+F src/pager.c 2aa56a99bb13128d9102e84c7a9f835e546cbb58f0861d481bc3db32973b1628
 F src/pager.h 581698f2177e8bd4008fe4760898ce20b6133d1df22139b9101b5155f900df7a
 F src/parse.y 52ef3cecd0934e9da4a45b585883a03243ad615d338ad94f44501a05891dcdfa
 F src/pcache.c 4bada070456980c3c1f16d58ec2e64e389ad77b935e3d77e0c96e7bbd397289c
@@ -1654,7 +1654,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 29227d00a9999f0f28a0b55ef70183799a667c3b9d81d2e5ac0ab1840bef98b1
+P 42f07775556758754e92e29a759d200d0d81d16eee83ab982b840db11292f834
-R ccebe3b4b57d7dc8c5482ee2b9f63107
+R 243e075c375b949edc613e149835756a
 U drh
-Z a535a0ac2d4006e12331e0812c689362
+Z d7a1bb52fe8a802fdbcc937d885ced35

manifest.uuid

@@ -1 +1 @@
-42f07775556758754e92e29a759d200d0d81d16eee83ab982b840db11292f834
+74f399d81fe250e09fde730ac0c17fe8b2b776ed32a3f576adaad56090f2b7fa

src/pager.c

@@ -2807,6 +2807,7 @@ static int pager_playback(Pager *pPager, int isHot){
   char *zMaster = 0;       /* Name of master journal file if any */
   int needPagerReset;      /* True to reset page prior to first page rollback */
   int nPlayback = 0;       /* Total number of pages restored from journal */
+  u32 savedPageSize = pPager->pageSize;
 
   /* Figure out how many records are in the journal.  Abort early if
   ** the journal is empty.
@@ -2844,13 +2845,12 @@ static int pager_playback(Pager *pPager, int isHot){
   ** pager_playback_one_page() call returns SQLITE_DONE or an IO error 
   ** occurs. 
   */
-  do{
+  while( 1 ){
     /* Read the next journal header from the journal file.  If there are
     ** not enough bytes left in the journal file for a complete header, or
     ** it is corrupted, then a process must have failed while writing it.
     ** This indicates nothing more needs to be rolled back.
     */
-    u32 savedPageSize = pPager->pageSize;
     rc = readJournalHdr(pPager, isHot, szJ, &nRec, &mxPg);
     if( rc!=SQLITE_OK ){ 
       if( rc==SQLITE_DONE ){
@@ -2932,10 +2932,14 @@ static int pager_playback(Pager *pPager, int isHot){
         }
       }
     }
-    rc = sqlite3PagerSetPagesize(pPager, &savedPageSize, -1);
+  }
-  }while( rc==SQLITE_OK );
+  /*NOTREACHED*/
+  assert( 0 );
 
 end_playback:
+  if( rc==SQLITE_OK ){
+    rc = sqlite3PagerSetPagesize(pPager, &savedPageSize, -1);
+  }
   /* Following a rollback, the database file should be back in its original
   ** state prior to the start of the transaction, so invoke the
   ** SQLITE_FCNTL_DB_UNCHANGED file-control method to disable the