Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Store the MemPage structure in memory following, instead of preceding, the page data for cached pages. This reduces the likelihood of a corrupt database page image causing SQLite to read past the end of a buffer. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
0ce42e76654d9ba52dac74c940d38b17 |
User & Date: | dan 2010-06-10 06:53:27.000 |
Context
2010-06-10
| ||
10:51 | Update the test VFS in test_journal.c so that it implements the xCurrentTimeInt64 method. (check-in: ec3b4a7e5d user: drh tags: trunk) | |
06:53 | Store the MemPage structure in memory following, instead of preceding, the page data for cached pages. This reduces the likelihood of a corrupt database page image causing SQLite to read past the end of a buffer. (check-in: 0ce42e7665 user: dan tags: trunk) | |
01:07 | Remove a condition that must always be true. Replace it with an assert(). (check-in: 7abcd54ec0 user: drh tags: trunk) | |
Changes
Changes to src/pcache.c.
︙ | ︙ | |||
256 257 258 259 260 261 262 | } pPage = sqlite3GlobalConfig.pcache.xFetch(pCache->pCache, pgno, 2); } if( pPage ){ if( !pPage->pData ){ | | > | | > | | 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 | } pPage = sqlite3GlobalConfig.pcache.xFetch(pCache->pCache, pgno, 2); } if( pPage ){ if( !pPage->pData ){ memset(pPage, 0, sizeof(PgHdr)); pPage->pData = (void *)&pPage[1]; pPage->pExtra = (void*)&((char *)pPage->pData)[pCache->szPage]; memset(pPage->pExtra, 0, pCache->szExtra); pPage->pCache = pCache; pPage->pgno = pgno; } assert( pPage->pCache==pCache ); assert( pPage->pgno==pgno ); assert( pPage->pData==(void *)&pPage[1] ); assert( pPage->pExtra==(void *)&((char *)&pPage[1])[pCache->szPage] ); if( 0==pPage->nRef ){ pCache->nRef++; } pPage->nRef++; if( pgno==1 ){ pCache->pPage1 = pPage; |
︙ | ︙ |
Changes to test/corruptC.test.
︙ | ︙ | |||
271 272 273 274 275 276 277 278 279 280 281 282 283 284 | execsql { INSERT INTO t1 VALUES (1, $blob) } sqlite3 db test.db set filesize [file size test.db] hexio_write test.db [expr $filesize-2048] 00000001 catchsql {DELETE FROM t1 WHERE rowid = (SELECT max(rowid) FROM t1)} } {1 {database disk image is malformed}} # # Now test for a series of quasi-random seeds. # We loop over the entire file size and touch # each byte at least once. for {set tn 0} {$tn<$fsize} {incr tn 1} { | > > > > > > > > > > > | 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 | execsql { INSERT INTO t1 VALUES (1, $blob) } sqlite3 db test.db set filesize [file size test.db] hexio_write test.db [expr $filesize-2048] 00000001 catchsql {DELETE FROM t1 WHERE rowid = (SELECT max(rowid) FROM t1)} } {1 {database disk image is malformed}} # At one point this particular corrupt database was causing a buffer # overread. Which caused a crash in a run of all.test once. # do_test corruptC-2.15 { db close copy_file test.bu test.db hexio_write test.db 986 b9 sqlite3 db test.db catchsql {SELECT count(*) FROM sqlite_master;} } {1 {malformed database schema (t1i1) - no such table: main.t1}} # # Now test for a series of quasi-random seeds. # We loop over the entire file size and touch # each byte at least once. for {set tn 0} {$tn<$fsize} {incr tn 1} { |
︙ | ︙ |