database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-11-12 13:01:09 +03:00
Code Activity

Fix a potential buffer overread in the dbstat virtual table when processing

Browse Source 
a corrupt database file.

FossilOrigin-Name: a62e6b593b59eae44d299842a4d02b9346a0c72a3e1206882f304ab40f2cd5c5
This commit is contained in:
drh
2018-11-13 20:21:52 +00:00
parent 91a21f4d08
commit f9dc5f7726
3 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
manifest
View File

@@ -1,5 +1,5 @@
C Turn\son\sASAN\sfor\sthe\sdbfuzz2\sutility.\s\sFix\sa\sbuffer\soverread\sassociated\nwith\ssqlite3_deserialize(). C Fix\sa\spotential\sbuffer\soverread\sin\sthe\sdbstat\svirtual\stable\swhen\sprocessing\na\scorrupt\sdatabase\sfile.
D 2018-11-13T19:51:41.357 D 2018-11-13T20:21:52.241
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F Makefile.in b730006b54c990461d864c5387f2e6f13aadb0236804555fb010ed6865a5f058 F Makefile.in b730006b54c990461d864c5387f2e6f13aadb0236804555fb010ed6865a5f058
@@ -456,7 +456,7 @@ F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e
F src/ctime.c 109e58d00f62e8e71ee1eb5944ac18b90171c928ab2e082e058056e1137cc20b F src/ctime.c 109e58d00f62e8e71ee1eb5944ac18b90171c928ab2e082e058056e1137cc20b
F src/date.c ebe1dc7c8a347117bb02570f1a931c62dd78f4a2b1b516f4837d45b7d6426957 F src/date.c ebe1dc7c8a347117bb02570f1a931c62dd78f4a2b1b516f4837d45b7d6426957
F src/dbpage.c cfa87c8a9e3b5267a72faa3a592a497cd3810146c056c53a3472caf763c8556b F src/dbpage.c cfa87c8a9e3b5267a72faa3a592a497cd3810146c056c53a3472caf763c8556b
F src/dbstat.c 9ad3f2d9d19a915d414870b9405b19493eed41975f3ad0d13f70fdd0831853b4 F src/dbstat.c d54c2449d03f7d8a2e11a18f50364520ae1e364457fddb5e4dd79450bad428a0
F src/delete.c cec65c0e74be7492cafba1b77580732b0b1a41a4dbc4ac70909ac44b65b2a20b F src/delete.c cec65c0e74be7492cafba1b77580732b0b1a41a4dbc4ac70909ac44b65b2a20b
F src/expr.c 9aacc0b72348ba90010b672dcbbbe2fa56e1182043bc917a3a147b2bc57a5497 F src/expr.c 9aacc0b72348ba90010b672dcbbbe2fa56e1182043bc917a3a147b2bc57a5497
F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
@@ -1778,7 +1778,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
P f9755f81b1c0fd29f242dce78a2fba570fa2714d76e93b8563f426a040352513 P 4e38f27b55030e908bd36f32101e26b30f10dbde67e12c8197d0363ee12aa06d
R 98a6d1adc30b12dd5c82022baece83c9 R a67b2811aa07e1e1e0992fd02687f209
U drh U drh
Z 74a6937661c8cfdeda0ca01cd02a14d0 Z 582daefcbaa8d9f654e4fc231aaea0cb

2
manifest.uuid
View File

@@ -1 +1 @@
4e38f27b55030e908bd36f32101e26b30f10dbde67e12c8197d0363ee12aa06d a62e6b593b59eae44d299842a4d02b9346a0c72a3e1206882f304ab40f2cd5c5

1
src/dbstat.c
View File

@@ -397,6 +397,7 @@ static int statDecodePage(Btree *pBt, StatPage *p){
if( nPayload>(u32)nLocal ){ if( nPayload>(u32)nLocal ){
int j; int j;
int nOvfl = ((nPayload - nLocal) + nUsable-4 - 1) / (nUsable - 4); int nOvfl = ((nPayload - nLocal) + nUsable-4 - 1) / (nUsable - 4);
if( iOff+nLocal>nUsable ) goto statPageIsCorrupt;
pCell->nLastOvfl = (nPayload-nLocal) - (nOvfl-1) * (nUsable-4); pCell->nLastOvfl = (nPayload-nLocal) - (nOvfl-1) * (nUsable-4);
pCell->nOvfl = nOvfl; pCell->nOvfl = nOvfl;
pCell->aOvfl = sqlite3_malloc64(sizeof(u32)*nOvfl); pCell->aOvfl = sqlite3_malloc64(sizeof(u32)*nOvfl);