Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Earlier detection of corruption in sqlite3VdbeRecordCompare() in order to avoid a potential buffer overread. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
28ddecff044dbc2dff50a7d8406ab67d |
User & Date: | drh 2014-03-26 14:51:07.017 |
References
2014-03-26
| ||
15:14 | Add an extra test case for the potential buffer overread patched by [28ddecff04]. (check-in: f585f5d7a0 user: dan tags: trunk) | |
Context
2014-03-26
| ||
16:22 | Fix a potential buffer overread that could have occurred when searching a corrupt database file. (check-in: db2935473e user: drh tags: branch-3.8.4) | |
15:05 | Add a test case to verify that the previous change avoids excess buffer overread in sqlite3VdbeRecordCompare(). (check-in: 2b28e8d582 user: drh tags: trunk) | |
14:51 | Earlier detection of corruption in sqlite3VdbeRecordCompare() in order to avoid a potential buffer overread. (check-in: 28ddecff04 user: drh tags: trunk) | |
12:02 | Add an assert() and a comment to clarify the operation of the vdbeRecordCompareInt() routine. (check-in: 851abdb8fd user: drh tags: trunk) | |
Changes
Changes to src/vdbeaux.c.
︙ | ︙ | |||
3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 3443 | szHdr1 = aKey1[0]; d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1); i = 1; pRhs++; }else{ idx1 = getVarint32(aKey1, szHdr1); d1 = szHdr1; i = 0; } VVA_ONLY( mem1.zMalloc = 0; ) /* Only needed by assert() statements */ assert( pPKey2->pKeyInfo->nField+pPKey2->pKeyInfo->nXField>=pPKey2->nField || CORRUPT_DB ); assert( pPKey2->pKeyInfo->aSortOrder!=0 ); | > | 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 3443 3444 | szHdr1 = aKey1[0]; d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1); i = 1; pRhs++; }else{ idx1 = getVarint32(aKey1, szHdr1); d1 = szHdr1; if( d1>(unsigned)nKey1 ) return 1; /* Corruption */ i = 0; } VVA_ONLY( mem1.zMalloc = 0; ) /* Only needed by assert() statements */ assert( pPKey2->pKeyInfo->nField+pPKey2->pKeyInfo->nXField>=pPKey2->nField || CORRUPT_DB ); assert( pPKey2->pKeyInfo->aSortOrder!=0 ); |
︙ | ︙ |
Changes to test/corruptI.test.
︙ | ︙ | |||
36 37 38 39 40 41 42 | } {} db close do_test 1.2 { set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]] set off [expr 2*1024 + $offset + 1] hexio_write test.db $off FF06 | < < < | < | 36 37 38 39 40 41 42 43 44 45 46 47 48 | } {} db close do_test 1.2 { set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]] set off [expr 2*1024 + $offset + 1] hexio_write test.db $off FF06 sqlite3 db test.db catchsql { SELECT * FROM t1 WHERE a = 10 } } {0 {}} finish_test |