/ Check-in [58d14afe]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add more corruption checking to the cell overwrite logic.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | cell-overwrite-prototype
Files: files | file ages | folders
SHA3-256:58d14afe1e1288d114ea213458b3121e0a95670887861928858b7f143c76f789
User & Date: drh 2018-05-03 13:56:23
Context
2018-05-03
14:07
The BtCursor.info fields are only valid if info.nSize!=0. check-in: 54c537ee user: drh tags: cell-overwrite-prototype
13:56
Add more corruption checking to the cell overwrite logic. check-in: 58d14afe user: drh tags: cell-overwrite-prototype
12:57
Bug fixes in the overwrite optimization. check-in: 0cb6cd2a user: drh tags: cell-overwrite-prototype
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

  8197   8197     int nTotal = pX->nData + pX->nZero; /* Total bytes of to write */
  8198   8198     int rc;                             /* Return code */
  8199   8199     MemPage *pPage = pCur->pPage;       /* Page being written */
  8200   8200     BtShared *pBt;                      /* Btree */
  8201   8201     Pgno ovflPgno;                      /* Next overflow page to write */
  8202   8202     u32 ovflPageSize;                   /* Size to write on overflow page */
  8203   8203   
         8204  +  if( pCur->info.pPayload + pCur->info.nLocal > pPage->aDataEnd ){
         8205  +    return SQLITE_CORRUPT_BKPT;
         8206  +  }
  8204   8207     /* Overwrite the local portion first */
  8205   8208     rc = btreeOverwriteContent(pPage, pCur->info.pPayload, pX,
  8206   8209                                0, pCur->info.nLocal);
  8207   8210     if( rc ) return rc;
  8208   8211     if( pCur->info.nLocal==nTotal ) return SQLITE_OK;
  8209   8212   
  8210   8213     /* Now overwrite the overflow pages */
................................................................................
  8211   8214     iOffset = pCur->info.nLocal;
  8212   8215     ovflPgno = get4byte(pCur->info.pPayload + iOffset);
  8213   8216     pBt = pPage->pBt;
  8214   8217     ovflPageSize = pBt->usableSize - 4;
  8215   8218     do{
  8216   8219       rc = btreeGetPage(pBt, ovflPgno, &pPage, 0);
  8217   8220       if( rc ) return rc;
         8221  +    if( sqlite3PagerPageRefcount(pPage->pDbPage)!=1 ){
         8222  +      return SQLITE_CORRUPT_BKPT;
         8223  +    }
  8218   8224       if( iOffset+ovflPageSize<nTotal ){
  8219   8225         ovflPgno = get4byte(pPage->aData);
  8220   8226       }else{
  8221   8227         ovflPageSize = nTotal - iOffset;
  8222   8228       }
  8223   8229       rc = btreeOverwriteContent(pPage, pPage->aData+4, pX,
  8224   8230                                  iOffset, ovflPageSize);