SQLite

Check-in [5b9ae69312]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an issue introduced by check-in [4cd2a9672c59] (2017-03-03) that could allow a negative value in the 3rd parameter to memmove() when defragmentPage() is called on a btree page with a corrupted freeblock list. The corruption is now detected early and results in an SQLITE_CORRUPT return before the memmove() is reached.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 5b9ae693120fe4f7bc3b6270f35d773876f6cc8f5990e05cce0d255c54b36ae7
User & Date: drh 2017-09-28 13:47:35.240
Context
2017-09-28
16:56
Fix over-length source code lines in select.c. No logic changes. (check-in: fd3267ef92 user: drh tags: trunk)
13:47
Fix an issue introduced by check-in [4cd2a9672c59] (2017-03-03) that could allow a negative value in the 3rd parameter to memmove() when defragmentPage() is called on a btree page with a corrupted freeblock list. The corruption is now detected early and results in an SQLITE_CORRUPT return before the memmove() is reached. (check-in: 5b9ae69312 user: drh tags: trunk)
01:58
Add new routines to simplify dealing with collating sequences in expressions: sqlite3ExprNNCollSeq() and sqlite3ExprCollSeqMatch(). (check-in: 490e488ea9 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/btree.c. 
1395
1396
1397
1398
1399
1400
1401



1402
1403
1404
1405
1406
1407
1408


      if( 0==iFree2 || (data[iFree2]==0 && data[iFree2+1]==0) ){
        u8 *pEnd = &data[cellOffset + nCell*2];
        u8 *pAddr;
        int sz2 = 0;
        int sz = get2byte(&data[iFree+2]);
        int top = get2byte(&data[hdr+5]);



        if( iFree2 ){
          assert( iFree+sz<=iFree2 ); /* Verified by pageFindSlot() */
          sz2 = get2byte(&data[iFree2+2]);
          assert( iFree+sz+sz2+iFree2-(iFree+sz) <= usableSize );
          memmove(&data[iFree+sz+sz2], &data[iFree+sz], iFree2-(iFree+sz));
          sz += sz2;
        }








>
>
>








1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411


      if( 0==iFree2 || (data[iFree2]==0 && data[iFree2+1]==0) ){
        u8 *pEnd = &data[cellOffset + nCell*2];
        u8 *pAddr;
        int sz2 = 0;
        int sz = get2byte(&data[iFree+2]);
        int top = get2byte(&data[hdr+5]);
        if( top>=iFree ){
          return SQLITE_CORRUPT_PGNO(pPage->pgno);
        }
        if( iFree2 ){
          assert( iFree+sz<=iFree2 ); /* Verified by pageFindSlot() */
          sz2 = get2byte(&data[iFree2+2]);
          assert( iFree+sz+sz2+iFree2-(iFree+sz) <= usableSize );
          memmove(&data[iFree+sz+sz2], &data[iFree+sz], iFree2-(iFree+sz));
          sz += sz2;
        }