Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix a potential buffer overread that could have occurred when searching a corrupt database file. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | branch-3.8.4 |
Files: | files | file ages | folders |
SHA1: |
db2935473eab91cde3c01353ae29e112 |
User & Date: | drh 2014-03-26 16:22:38.603 |
Context
2014-03-26
| ||
16:25 | Increase the version number to 3.8.4.2. (check-in: 59978a2e42 user: drh tags: branch-3.8.4) | |
16:22 | Fix a potential buffer overread that could have occurred when searching a corrupt database file. (check-in: db2935473e user: drh tags: branch-3.8.4) | |
15:14 | Add an extra test case for the potential buffer overread patched by [28ddecff04]. (check-in: f585f5d7a0 user: dan tags: trunk) | |
15:05 | Add a test case to verify that the previous change avoids excess buffer overread in sqlite3VdbeRecordCompare(). (check-in: 2b28e8d582 user: drh tags: trunk) | |
14:51 | Earlier detection of corruption in sqlite3VdbeRecordCompare() in order to avoid a potential buffer overread. (check-in: 28ddecff04 user: drh tags: trunk) | |
2014-03-11
| ||
15:27 | Version 3.8.4.1 (check-in: 018d317b12 user: drh tags: trunk, release, version-3.8.4.1) | |
Changes
Changes to src/vdbeaux.c.
︙ | ︙ | |||
3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 | szHdr1 = aKey1[0]; d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1); i = 1; pRhs++; }else{ idx1 = getVarint32(aKey1, szHdr1); d1 = szHdr1; i = 0; } VVA_ONLY( mem1.zMalloc = 0; ) /* Only needed by assert() statements */ assert( pPKey2->pKeyInfo->nField+pPKey2->pKeyInfo->nXField>=pPKey2->nField || CORRUPT_DB ); assert( pPKey2->pKeyInfo->aSortOrder!=0 ); | > | 3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 | szHdr1 = aKey1[0]; d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1); i = 1; pRhs++; }else{ idx1 = getVarint32(aKey1, szHdr1); d1 = szHdr1; if( d1>(unsigned)nKey1 ) return 1; /* Corruption */ i = 0; } VVA_ONLY( mem1.zMalloc = 0; ) /* Only needed by assert() statements */ assert( pPKey2->pKeyInfo->nField+pPKey2->pKeyInfo->nXField>=pPKey2->nField || CORRUPT_DB ); assert( pPKey2->pKeyInfo->aSortOrder!=0 ); |
︙ | ︙ |
Changes to test/corruptI.test.
︙ | ︙ | |||
28 29 30 31 32 33 34 | # Initialize the database. # do_execsql_test 1.1 { PRAGMA page_size=1024; PRAGMA auto_vacuum=0; CREATE TABLE t1(a); CREATE INDEX i1 ON t1(a); | | | > > > > > > > > > > > | > > > > > | > > > > > > > > > > > > | < | 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | # Initialize the database. # do_execsql_test 1.1 { PRAGMA page_size=1024; PRAGMA auto_vacuum=0; CREATE TABLE t1(a); CREATE INDEX i1 ON t1(a); INSERT INTO t1 VALUES('abcdefghijklmnop'); } {} db close do_test 1.2 { set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]] set off [expr 2*1024 + $offset + 1] hexio_write test.db $off 7f06 sqlite3 db test.db catchsql { SELECT * FROM t1 WHERE a = 10 } } {0 {}} do_test 1.3 { db close set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]] set off [expr 2*1024 + $offset + 1] hexio_write test.db $off FFFF7f02 sqlite3 db test.db catchsql { SELECT * FROM t1 WHERE a = 10 } } {0 {}} do_test 2.0 { execsql { CREATE TABLE r(x); INSERT INTO r VALUES('ABCDEFGHIJK'); CREATE INDEX r1 ON r(x); } set pg [db one {SELECT rootpage FROM sqlite_master WHERE name = 'r1'}] } {5} do_test 2.1 { db close set offset [hexio_get_int [hexio_read test.db [expr (5-1)*1024 + 8] 2]] set off [expr (5-1)*1024 + $offset + 1] hexio_write test.db $off FFFF0004 sqlite3 db test.db catchsql { SELECT * FROM r WHERE x >= 10.0 } } {1 {database disk image is malformed}} do_test 2.2 { catchsql { SELECT * FROM r WHERE x >= 10 } } {1 {database disk image is malformed}} finish_test |