/ Check-in [85b97931]
Login
Home Timeline Branches Tags Tickets Wiki More...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not allow pointer arithmetic to move a pointer across a memory allocation boundary.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:85b979319bcb8ec301ae39b36ad60348e4515be7
User & Date: drh 2016-04-05 13:19:19
Context
2016-04-05
13:35
Use SQLITE_WITHIN() for pointer range comparisons in some testing code. check-in: 7cacf4e9 user: drh tags: trunk
13:19
Do not allow pointer arithmetic to move a pointer across a memory allocation boundary. check-in: 85b97931 user: drh tags: trunk
2016-04-04
18:04
Fix documentation typos. Comment changes only. No changes to code. check-in: d5fc2f7f user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/btree.c. 

6541
6542
6543
6544
6545
6546
6547

6548
6549
6550
6551
6552
6553
6554
6555
6556

  int iEnd = iFirst + nCell;
  assert( CORRUPT_DB || pPg->hdrOffset==0 );    /* Never called on page 1 */
  for(i=iFirst; i<iEnd; i++){
    int sz, rc;
    u8 *pSlot;
    sz = cachedCellSize(pCArray, i);
    if( (aData[1]==0 && aData[2]==0) || (pSlot = pageFindSlot(pPg,sz,&rc))==0 ){

      pData -= sz;
      if( pData<pBegin ) return 1;
      pSlot = pData;
    }
    /* pSlot and pCArray->apCell[i] will never overlap on a well-formed
    ** database.  But they might for a corrupt database.  Hence use memmove()
    ** since memcpy() sends SIGABORT with overlapping buffers on OpenBSD */
    assert( (pSlot+sz)<=pCArray->apCell[i]
         || pSlot>=(pCArray->apCell[i]+sz)








>

<








6541
6542
6543
6544
6545
6546
6547
6548
6549

6550
6551
6552
6553
6554
6555
6556

  int iEnd = iFirst + nCell;
  assert( CORRUPT_DB || pPg->hdrOffset==0 );    /* Never called on page 1 */
  for(i=iFirst; i<iEnd; i++){
    int sz, rc;
    u8 *pSlot;
    sz = cachedCellSize(pCArray, i);
    if( (aData[1]==0 && aData[2]==0) || (pSlot = pageFindSlot(pPg,sz,&rc))==0 ){
      if( (pData - pBegin)<sz ) return 1;
      pData -= sz;

      pSlot = pData;
    }
    /* pSlot and pCArray->apCell[i] will never overlap on a well-formed
    ** database.  But they might for a corrupt database.  Hence use memmove()
    ** since memcpy() sends SIGABORT with overlapping buffers on OpenBSD */
    assert( (pSlot+sz)<=pCArray->apCell[i]
         || pSlot>=(pCArray->apCell[i]+sz)

This page was generated in about 0.015s by Fossil 2.8 [8cb1b231dc] 2019-01-17 00:20:20