SQLite

Check-in [9191ff670c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a slightly incorrect corruption detection branch in the btree logic.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 9191ff670cb7f36e0b2dac4a22888679b639845687aef8edcc3c05e35ba71eda
User & Date: drh 2018-05-05 01:23:28.506
Context
2018-05-05
16:50
In an ORDER BY LIMIT, make sure the ORDER BY expression evaluator does not try to reuse values from the result set if the result set has not yet be computed. This fixes a bug in the recent deferred-row loading optimization, check-in [c381f0ea57002a264fd958b28e]. OSSFuzz discovered the problem. (check-in: 5d61e75f32 user: drh tags: trunk)
01:23
Fix a slightly incorrect corruption detection branch in the btree logic. (check-in: 9191ff670c user: drh tags: trunk)
2018-05-04
18:32
Fix requirements marks. No code changes. (check-in: 7fdad122a2 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/btree.c.
6222
6223
6224
6225
6226
6227
6228

6229

6230
6231
6232
6233
6234
6235
6236
  u32 ovflPageSize;

  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  pPage->xParseCell(pPage, pCell, pInfo);
  if( pInfo->nLocal==pInfo->nPayload ){
    return SQLITE_OK;  /* No overflow pages. Return without doing anything */
  }

  if( pCell+pInfo->nSize-1 > pPage->aData+pPage->maskPage ){

    /* Cell extends past end of page */
    return SQLITE_CORRUPT_PAGE(pPage);
  }
  ovflPgno = get4byte(pCell + pInfo->nSize - 4);
  pBt = pPage->pBt;
  assert( pBt->usableSize > 4 );
  ovflPageSize = pBt->usableSize - 4;







>
|
>







6222
6223
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234
6235
6236
6237
6238
  u32 ovflPageSize;

  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  pPage->xParseCell(pPage, pCell, pInfo);
  if( pInfo->nLocal==pInfo->nPayload ){
    return SQLITE_OK;  /* No overflow pages. Return without doing anything */
  }
  testcase( pCell + pInfo->nSize == pPage->aDataEnd );
  testcase( pCell + (pInfo->nSize-1) == pPage->aDataEnd );
  if( pCell + pInfo->nSize > pPage->aDataEnd ){
    /* Cell extends past end of page */
    return SQLITE_CORRUPT_PAGE(pPage);
  }
  ovflPgno = get4byte(pCell + pInfo->nSize - 4);
  pBt = pPage->pBt;
  assert( pBt->usableSize > 4 );
  ovflPageSize = pBt->usableSize - 4;