Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Earlier detection of corruption in sqlite3VdbeRecordCompare() in order to avoid a potential buffer overread. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
28ddecff044dbc2dff50a7d8406ab67d |
| User & Date: | drh 2014-03-26 14:51:07 |
References
|
2014-03-26
| ||
| 15:14 | Add an extra test case for the potential buffer overread patched by [28ddecff04]. check-in: f585f5d7 user: dan tags: trunk | |
Context
|
2014-03-26
| ||
| 16:22 | Fix a potential buffer overread that could have occurred when searching a corrupt database file. check-in: db293547 user: drh tags: branch-3.8.4 | |
| 15:05 | Add a test case to verify that the previous change avoids excess buffer overread in sqlite3VdbeRecordCompare(). check-in: 2b28e8d5 user: drh tags: trunk | |
| 14:51 | Earlier detection of corruption in sqlite3VdbeRecordCompare() in order to avoid a potential buffer overread. check-in: 28ddecff user: drh tags: trunk | |
| 12:02 | Add an assert() and a comment to clarify the operation of the vdbeRecordCompareInt() routine. check-in: 851abdb8 user: drh tags: trunk | |
Changes
Changes to src/vdbeaux.c.
3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 3443 |
szHdr1 = aKey1[0];
d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1);
i = 1;
pRhs++;
}else{
idx1 = getVarint32(aKey1, szHdr1);
d1 = szHdr1;
i = 0;
}
VVA_ONLY( mem1.zMalloc = 0; ) /* Only needed by assert() statements */
assert( pPKey2->pKeyInfo->nField+pPKey2->pKeyInfo->nXField>=pPKey2->nField
|| CORRUPT_DB );
assert( pPKey2->pKeyInfo->aSortOrder!=0 );
|
> |
3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 3443 3444 |
szHdr1 = aKey1[0];
d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1);
i = 1;
pRhs++;
}else{
idx1 = getVarint32(aKey1, szHdr1);
d1 = szHdr1;
if( d1>(unsigned)nKey1 ) return 1; /* Corruption */
i = 0;
}
VVA_ONLY( mem1.zMalloc = 0; ) /* Only needed by assert() statements */
assert( pPKey2->pKeyInfo->nField+pPKey2->pKeyInfo->nXField>=pPKey2->nField
|| CORRUPT_DB );
assert( pPKey2->pKeyInfo->aSortOrder!=0 );
|
Changes to test/corruptI.test.
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
} {}
db close
do_test 1.2 {
set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]]
set off [expr 2*1024 + $offset + 1]
hexio_write test.db $off FF06
breakpoint
sqlite3 db test.db
catchsql { SELECT * FROM t1 WHERE a = 10 }
} {1 {database disk image is malformed}}
finish_test
|
< < < < > < |
36 37 38 39 40 41 42 43 44 45 46 47 48 |
} {}
db close
do_test 1.2 {
set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]]
set off [expr 2*1024 + $offset + 1]
hexio_write test.db $off FF06
sqlite3 db test.db
catchsql { SELECT * FROM t1 WHERE a = 10 }
} {0 {}}
finish_test
|