Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a potential buffer overread that could have occurred when searching a corrupt database file. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | branch-3.8.4 |
| Files: | files | file ages | folders |
| SHA1: |
db2935473eab91cde3c01353ae29e112 |
| User & Date: | drh 2014-03-26 16:22:38 |
Context
|
2014-03-26
| ||
| 16:25 | Increase the version number to 3.8.4.2. check-in: 59978a2e user: drh tags: branch-3.8.4 | |
| 16:22 | Fix a potential buffer overread that could have occurred when searching a corrupt database file. check-in: db293547 user: drh tags: branch-3.8.4 | |
| 15:14 | Add an extra test case for the potential buffer overread patched by [28ddecff04]. check-in: f585f5d7 user: dan tags: trunk | |
| 15:05 | Add a test case to verify that the previous change avoids excess buffer overread in sqlite3VdbeRecordCompare(). check-in: 2b28e8d5 user: drh tags: trunk | |
| 14:51 | Earlier detection of corruption in sqlite3VdbeRecordCompare() in order to avoid a potential buffer overread. check-in: 28ddecff user: drh tags: trunk | |
|
2014-03-11
| ||
| 15:27 | Version 3.8.4.1 check-in: 018d317b user: drh tags: trunk, release, version-3.8.4.1 | |
Changes
Changes to src/vdbeaux.c.
3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 |
szHdr1 = aKey1[0];
d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1);
i = 1;
pRhs++;
}else{
idx1 = getVarint32(aKey1, szHdr1);
d1 = szHdr1;
i = 0;
}
VVA_ONLY( mem1.zMalloc = 0; ) /* Only needed by assert() statements */
assert( pPKey2->pKeyInfo->nField+pPKey2->pKeyInfo->nXField>=pPKey2->nField
|| CORRUPT_DB );
assert( pPKey2->pKeyInfo->aSortOrder!=0 );
|
> |
3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 |
szHdr1 = aKey1[0];
d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1);
i = 1;
pRhs++;
}else{
idx1 = getVarint32(aKey1, szHdr1);
d1 = szHdr1;
if( d1>(unsigned)nKey1 ) return 1; /* Corruption */
i = 0;
}
VVA_ONLY( mem1.zMalloc = 0; ) /* Only needed by assert() statements */
assert( pPKey2->pKeyInfo->nField+pPKey2->pKeyInfo->nXField>=pPKey2->nField
|| CORRUPT_DB );
assert( pPKey2->pKeyInfo->aSortOrder!=0 );
|
Changes to test/corruptI.test.
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# Initialize the database.
#
do_execsql_test 1.1 {
PRAGMA page_size=1024;
PRAGMA auto_vacuum=0;
CREATE TABLE t1(a);
CREATE INDEX i1 ON t1(a);
INSERT INTO t1 VALUES('a');
} {}
db close
do_test 1.2 {
set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]]
set off [expr 2*1024 + $offset + 1]
hexio_write test.db $off FF06
breakpoint
sqlite3 db test.db
catchsql { SELECT * FROM t1 WHERE a = 10 }
} {1 {database disk image is malformed}}
finish_test
|
| > > > > > > > > > | > > > < > > > > > | > > > > > > > > > > > > | < |
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# Initialize the database.
#
do_execsql_test 1.1 {
PRAGMA page_size=1024;
PRAGMA auto_vacuum=0;
CREATE TABLE t1(a);
CREATE INDEX i1 ON t1(a);
INSERT INTO t1 VALUES('abcdefghijklmnop');
} {}
db close
do_test 1.2 {
set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]]
set off [expr 2*1024 + $offset + 1]
hexio_write test.db $off 7f06
sqlite3 db test.db
catchsql { SELECT * FROM t1 WHERE a = 10 }
} {0 {}}
do_test 1.3 {
db close
set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]]
set off [expr 2*1024 + $offset + 1]
hexio_write test.db $off FFFF7f02
sqlite3 db test.db
catchsql { SELECT * FROM t1 WHERE a = 10 }
} {0 {}}
do_test 2.0 {
execsql {
CREATE TABLE r(x);
INSERT INTO r VALUES('ABCDEFGHIJK');
CREATE INDEX r1 ON r(x);
}
set pg [db one {SELECT rootpage FROM sqlite_master WHERE name = 'r1'}]
} {5}
do_test 2.1 {
db close
set offset [hexio_get_int [hexio_read test.db [expr (5-1)*1024 + 8] 2]]
set off [expr (5-1)*1024 + $offset + 1]
hexio_write test.db $off FFFF0004
sqlite3 db test.db
catchsql { SELECT * FROM r WHERE x >= 10.0 }
} {1 {database disk image is malformed}}
do_test 2.2 {
catchsql { SELECT * FROM r WHERE x >= 10 }
} {1 {database disk image is malformed}}
finish_test
|