database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-07 02:42:48 +03:00
Code Activity

Avoid exceeding array bounds when reading a corrupt database file in

Browse Source 
autovacuum mode.  Fixes a problem discovered by John Regehr and Peng Li
using a customized clang compiler.

FossilOrigin-Name: f7c525f5fc31e909721df2b1e66fc62dfb105718
This commit is contained in:
drh
2011-05-17 15:21:56 +00:00
parent 807d0fcaba
commit fc24373999
3 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/btree.c
View File

@@ -788,6 +788,7 @@ static void ptrmapPut(BtShared *pBt, Pgno key, u8 eType, Pgno parent, int *pRC){
*pRC = SQLITE_CORRUPT_BKPT;
goto ptrmap_exit;
}
assert( offset <= (int)pBt->usableSize-5 );
pPtrmap = (u8 *)sqlite3PagerGetData(pDbPage);
if( eType!=pPtrmap[offset] || get4byte(&pPtrmap[offset+1])!=parent ){
@@ -827,6 +828,11 @@ static int ptrmapGet(BtShared *pBt, Pgno key, u8 *pEType, Pgno *pPgno){
pPtrmap = (u8 *)sqlite3PagerGetData(pDbPage);
offset = PTRMAP_PTROFFSET(iPtrmap, key);
if( offset<0 ){
sqlite3PagerUnref(pDbPage);
return SQLITE_CORRUPT_BKPT;
}
assert( offset <= (int)pBt->usableSize-5 );
assert( pEType!=0 );
*pEType = pPtrmap[offset];
if( pPgno ) *pPgno = get4byte(&pPtrmap[offset+1]);