Fix corner cases involving corrupt varint values in record headers.

FossilOrigin-Name: 3189116b42c5ecef5e30c8b317f4458bbf8b9086
2025-08-07 02:42:48 +03:00 · 2015-06-19 20:08:39 +00:00
parent 56cb04efc8
commit eeab2c63a9
4 changed files with 12 additions and 15 deletions
--- a/src/btree.c
+++ b/src/btree.c
@@ -1072,7 +1072,7 @@ static void btreeParseCellPtr(
  */
  nPayload = *pIter;
  if( nPayload>=0x80 ){
-    u8 *pEnd = &pIter[9];
+    u8 *pEnd = &pIter[8];
    nPayload &= 0x7f;
    do{
      nPayload = (nPayload<<7) | (*++pIter & 0x7f);
@@ -1133,7 +1133,7 @@ static void btreeParseCellPtrIndex(
  pIter = pCell + pPage->childPtrSize;
  nPayload = *pIter;
  if( nPayload>=0x80 ){
-    u8 *pEnd = &pIter[9];
+    u8 *pEnd = &pIter[8];
    nPayload &= 0x7f;
    do{
      nPayload = (nPayload<<7) | (*++pIter & 0x7f);
@@ -1194,7 +1194,7 @@ static u16 cellSizePtr(MemPage *pPage, u8 *pCell){
  assert( pPage->noPayload==0 );
  nSize = *pIter;
  if( nSize>=0x80 ){
-    pEnd = &pIter[9];
+    pEnd = &pIter[8];
    nSize &= 0x7f;
    do{
      nSize = (nSize<<7) | (*++pIter & 0x7f);