SQLite

Check-in [3eae4e301e]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a crash in the sqlite_dbdata module that could occur if a pointer within an overflow chain in a corrupt database pointed past the end of the db.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 3eae4e301e3e4bcf14e96066f77be1434c5d4b3daadb10153cd36382589ac128
User & Date: dan 2019-05-09 17:54:27.219
Context
2019-05-09
18:13
Make the ".schema" command in the CLI resistant to corrupt database files. (check-in: f22c7e229e user: drh tags: trunk)
17:54
Fix a crash in the sqlite_dbdata module that could occur if a pointer within an overflow chain in a corrupt database pointed past the end of the db. (check-in: 3eae4e301e user: dan tags: trunk)
17:10
Disable the optimization where a REAL value with no fractional part is stored as an INTEGER when the integer uses as much space as the real value it proposes to stand in for (8 bytes). This avoids corner cases of comparing integers against real values that are beyond the resolution of an IEEE 754 double. Fix for ticket [6c1d3febc00b22d457c78c2] (check-in: 9b0915272f user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to ext/misc/dbdata.c.
583
584
585
586
587
588
589
590
591

592
593
594
595
596
597
598
              sqlite3_int64 nRem = nPayload - nLocal;
              unsigned int pgnoOvfl = get_uint32(&pCsr->aPage[iOff]);
              while( nRem>0 ){
                u8 *aOvfl = 0;
                int nOvfl = 0;
                int nCopy;
                rc = dbdataLoadPage(pCsr, pgnoOvfl, &aOvfl, &nOvfl);
                assert( rc!=SQLITE_OK || nOvfl==pCsr->nPage );
                if( rc!=SQLITE_OK ) return rc;


                nCopy = U-4;
                if( nCopy>nRem ) nCopy = nRem;
                memcpy(&pCsr->pRec[nPayload-nRem], &aOvfl[4], nCopy);
                nRem -= nCopy;

                pgnoOvfl = get_uint32(aOvfl);







|

>







583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
              sqlite3_int64 nRem = nPayload - nLocal;
              unsigned int pgnoOvfl = get_uint32(&pCsr->aPage[iOff]);
              while( nRem>0 ){
                u8 *aOvfl = 0;
                int nOvfl = 0;
                int nCopy;
                rc = dbdataLoadPage(pCsr, pgnoOvfl, &aOvfl, &nOvfl);
                assert( rc!=SQLITE_OK || aOvfl==0 || nOvfl==pCsr->nPage );
                if( rc!=SQLITE_OK ) return rc;
                if( aOvfl==0 ) break;

                nCopy = U-4;
                if( nCopy>nRem ) nCopy = nRem;
                memcpy(&pCsr->pRec[nPayload-nRem], &aOvfl[4], nCopy);
                nRem -= nCopy;

                pgnoOvfl = get_uint32(aOvfl);