SQLite

Check-in [b3296267fb]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Avoid a (harmless) buffer overread that is possible on an OOM when MEMSYS5 is engaged.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: b3296267fb67b9f59719a37093253062edde3746
User & Date: drh 2014-03-31 13:42:42.977
Context
2014-04-03
00:32
In the command-line shell, run set writable_schema before running the ".clone" command. (check-in: 9d2ae6342c user: drh tags: trunk)
2014-03-31
22:03
Merge in the latest changes and fixes from trunk. (check-in: f6211540c9 user: drh tags: overflow-pgno-cache)
13:42
Avoid a (harmless) buffer overread that is possible on an OOM when MEMSYS5 is engaged. (check-in: b3296267fb user: drh tags: trunk)
2014-03-28
14:41
Disable the wal64k.test script for non-unix systems since it depends on unix-only features. (check-in: 27deb6e49b user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/mem5.c. 
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258

  /* Round nByte up to the next valid power of two */
  for(iFullSz=mem5.szAtom, iLogsize=0; iFullSz<nByte; iFullSz *= 2, iLogsize++){}

  /* Make sure mem5.aiFreelist[iLogsize] contains at least one free
  ** block.  If not, then split a block of the next larger power of
  ** two in order to create a new free block of size iLogsize.
  */
  for(iBin=iLogsize; mem5.aiFreelist[iBin]<0 && iBin<=LOGMAX; iBin++){}
  if( iBin>LOGMAX ){
    testcase( sqlite3GlobalConfig.xLog!=0 );
    sqlite3_log(SQLITE_NOMEM, "failed to allocate %u bytes", nByte);
    return 0;
  }
  i = mem5.aiFreelist[iBin];
  memsys5Unlink(i, iBin);








|








244
245
246
247
248
249
250
251
252
253
254
255
256
257
258

  /* Round nByte up to the next valid power of two */
  for(iFullSz=mem5.szAtom, iLogsize=0; iFullSz<nByte; iFullSz *= 2, iLogsize++){}

  /* Make sure mem5.aiFreelist[iLogsize] contains at least one free
  ** block.  If not, then split a block of the next larger power of
  ** two in order to create a new free block of size iLogsize.
  */
  for(iBin=iLogsize; iBin<=LOGMAX && mem5.aiFreelist[iBin]<0; iBin++){}
  if( iBin>LOGMAX ){
    testcase( sqlite3GlobalConfig.xLog!=0 );
    sqlite3_log(SQLITE_NOMEM, "failed to allocate %u bytes", nByte);
    return 0;
  }
  i = mem5.aiFreelist[iBin];
  memsys5Unlink(i, iBin);