SQLite: Check-in [3eae4e30]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Fix a crash in the sqlite_dbdata module that could occur if a pointer within an overflow chain in a corrupt database pointed past the end of the db.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA3-256:	3eae4e301e3e4bcf14e96066f77be1434c5d4b3daadb10153cd36382589ac128
User & Date:	dan 2019-05-09 17:54:27

Context

2019-05-09
18:13		Make the ".schema" command in the CLI resistant to corrupt database files. check-in: f22c7e22 user: drh tags: trunk
17:54		Fix a crash in the sqlite_dbdata module that could occur if a pointer within an overflow chain in a corrupt database pointed past the end of the db. check-in: 3eae4e30 user: dan tags: trunk
17:10		Disable the optimization where a REAL value with no fractional part is stored as an INTEGER when the integer uses as much space as the real value it proposes to stand in for (8 bytes). This avoids corner cases of comparing integers against real values that are beyond the resolution of an IEEE 754 double. Fix for ticket [6c1d3febc00b22d457c78c2] check-in: 9b091527 user: drh tags: trunk

Changes

Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/misc/dbdata.c.

              sqlite3_int64 nRem = nPayload - nLocal;
              unsigned int pgnoOvfl = get_uint32(&pCsr->aPage[iOff]);
              while( nRem>0 ){
                u8 *aOvfl = 0;
                int nOvfl = 0;
                int nCopy;
                rc = dbdataLoadPage(pCsr, pgnoOvfl, &aOvfl, &nOvfl);
                assert( rc!=SQLITE_OK || nOvfl==pCsr->nPage );
                if( rc!=SQLITE_OK ) return rc;


                nCopy = U-4;
                if( nCopy>nRem ) nCopy = nRem;
                memcpy(&pCsr->pRec[nPayload-nRem], &aOvfl[4], nCopy);
                nRem -= nCopy;

                pgnoOvfl = get_uint32(aOvfl);








|

>

              sqlite3_int64 nRem = nPayload - nLocal;
              unsigned int pgnoOvfl = get_uint32(&pCsr->aPage[iOff]);
              while( nRem>0 ){
                u8 *aOvfl = 0;
                int nOvfl = 0;
                int nCopy;
                rc = dbdataLoadPage(pCsr, pgnoOvfl, &aOvfl, &nOvfl);
                assert( rc!=SQLITE_OK || aOvfl==0 || nOvfl==pCsr->nPage );
                if( rc!=SQLITE_OK ) return rc;
                if( aOvfl==0 ) break;

                nCopy = U-4;
                if( nCopy>nRem ) nCopy = nRem;
                memcpy(&pCsr->pRec[nPayload-nRem], &aOvfl[4], nCopy);
                nRem -= nCopy;

                pgnoOvfl = get_uint32(aOvfl);