/ Check-in [b48c4e40]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Return an SQLITE_CORRUPT error if the content size field of a table record extends off the end of a page.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | btree-optimization
Files: files | file ages | folders
SHA1:b48c4e402125fb8d2208d358f6e9bbc351f3a49d
User & Date: drh 2013-11-25 20:14:13
Context
2013-11-25
20:50
Optimizations to the sqlite3BtreeMovetoUnpacked() routine in storage engine making it about 17.8% faster, which in turn makes SQLite over 1.2% faster overall. check-in: 032e8993 user: drh tags: trunk
20:14
Return an SQLITE_CORRUPT error if the content size field of a table record extends off the end of a page. Closed-Leaf check-in: b48c4e40 user: drh tags: btree-optimization
17:38
Uses shifts rather than division for arithmetic on the cell indices, since those indices are always non-negative. check-in: 5bf2a3fe user: drh tags: btree-optimization
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

  4215   4215     u32 nLocal;
  4216   4216   
  4217   4217     assert( pCur!=0 && pCur->iPage>=0 && pCur->apPage[pCur->iPage]);
  4218   4218     assert( pCur->eState==CURSOR_VALID );
  4219   4219     assert( cursorHoldsMutex(pCur) );
  4220   4220     pPage = pCur->apPage[pCur->iPage];
  4221   4221     assert( pCur->aiIdx[pCur->iPage]<pPage->nCell );
  4222         -  if( pCur->info.nSize==0 ){
         4222  +  if( NEVER(pCur->info.nSize==0) ){
  4223   4223       btreeParseCell(pCur->apPage[pCur->iPage], pCur->aiIdx[pCur->iPage],
  4224   4224                      &pCur->info);
  4225   4225     }
  4226   4226     aPayload = pCur->info.pCell;
  4227   4227     aPayload += pCur->info.nHeader;
  4228   4228     if( pPage->intKey ){
  4229   4229       nKey = 0;
................................................................................
  4666   4666       idx = upr>>(1-biasRight); /* idx = biasRight ? upr : (lwr+upr)/2; */
  4667   4667       pCur->aiIdx[pCur->iPage] = (u16)idx;
  4668   4668       if( pPage->intKey ){
  4669   4669         for(;;){
  4670   4670           i64 nCellKey;
  4671   4671           pCell = findCell(pPage, idx) + pPage->childPtrSize;
  4672   4672           if( pPage->hasData ){
  4673         -          while( 0x80 <= *(pCell++) && pCell<pPage->aDataEnd ){}
         4673  +          while( 0x80 <= *(pCell++) ){
         4674  +            if( pCell>=pPage->aDataEnd ) return SQLITE_CORRUPT_BKPT;
         4675  +          }
  4674   4676           }
  4675   4677           getVarint(pCell, (u64*)&nCellKey);
  4676   4678           if( nCellKey<intKey ){
  4677   4679             lwr = idx+1;
  4678   4680             if( lwr>upr ){ c = -1; break; }
  4679   4681           }else if( nCellKey>intKey ){
  4680   4682             upr = idx-1;