/ Check-in [e7aca071]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Allocate a few extra bytes for the pager temp page as an overrun buffer while processing corrupt database files.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: e7aca0714bc475e04b16e9db78722ce025d2a1382f80cfc0a49cff2af904eae5
User & Date: drh 2019-02-26 17:49:07
Context
2019-02-26
17:52
New test cases added to test/fuzzdata8.db. check-in: 61fdfc57 user: drh tags: trunk
17:49
Allocate a few extra bytes for the pager temp page as an overrun buffer while processing corrupt database files. check-in: e7aca071 user: drh tags: trunk
16:17
Use unsigned integers to count the number of pages in a freelist during an integrity_check, to avoid any possibility of a signed integer overflow. check-in: 05b87e07 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/pager.c.

  3782   3782       char *pNew = NULL;             /* New temp space */
  3783   3783       i64 nByte = 0;
  3784   3784   
  3785   3785       if( pPager->eState>PAGER_OPEN && isOpen(pPager->fd) ){
  3786   3786         rc = sqlite3OsFileSize(pPager->fd, &nByte);
  3787   3787       }
  3788   3788       if( rc==SQLITE_OK ){
  3789         -      pNew = (char *)sqlite3PageMalloc(pageSize);
  3790         -      if( !pNew ) rc = SQLITE_NOMEM_BKPT;
         3789  +      /* 8 bytes of zeroed overrun space is sufficient so that the b-tree
         3790  +      * cell header parser will never run off the end of the allocation */
         3791  +      pNew = (char *)sqlite3PageMalloc(pageSize+8);
         3792  +      if( !pNew ){
         3793  +        rc = SQLITE_NOMEM_BKPT;
         3794  +      }else{
         3795  +        memset(pNew+pageSize, 0, 8);
         3796  +      }
  3791   3797       }
  3792   3798   
  3793   3799       if( rc==SQLITE_OK ){
  3794   3800         pager_reset(pPager);
  3795   3801         rc = sqlite3PcacheSetPageSize(pPager->pPCache, pageSize);
  3796   3802       }
  3797   3803       if( rc==SQLITE_OK ){