/ Check-in [937b931a]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Take care to avoid a buffer over-read when adding a KEYINFO structure to the P4 parameter of an opcode.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 937b931a7cdad6874638158ed6a9ab6356b0bd0c
User & Date: drh 2010-04-02 12:55:39
Context
2010-04-02
13:25
Check for a failure in the call to sqlite3PagerPagecount() from within sqlite3PagerWrite(). (Error discovered by valgrind.) check-in: d64d181c user: drh tags: trunk
12:55
Take care to avoid a buffer over-read when adding a KEYINFO structure to the P4 parameter of an opcode. check-in: 937b931a user: drh tags: trunk
12:46
If the size of the database according to the header is larger than the actual database file size, report that the database is corrupt. check-in: 8eb1f244 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/vdbeaux.c.

739
740
741
742
743
744
745
746
747
748
749
750
751
752
753

    nField = ((KeyInfo*)zP4)->nField;
    nByte = sizeof(*pKeyInfo) + (nField-1)*sizeof(pKeyInfo->aColl[0]) + nField;
    pKeyInfo = sqlite3Malloc( nByte );
    pOp->p4.pKeyInfo = pKeyInfo;
    if( pKeyInfo ){
      u8 *aSortOrder;
      memcpy((char*)pKeyInfo, zP4, nByte);
      aSortOrder = pKeyInfo->aSortOrder;
      if( aSortOrder ){
        pKeyInfo->aSortOrder = (unsigned char*)&pKeyInfo->aColl[nField];
        memcpy(pKeyInfo->aSortOrder, aSortOrder, nField);
      }
      pOp->p4type = P4_KEYINFO;
    }else{







|







739
740
741
742
743
744
745
746
747
748
749
750
751
752
753

    nField = ((KeyInfo*)zP4)->nField;
    nByte = sizeof(*pKeyInfo) + (nField-1)*sizeof(pKeyInfo->aColl[0]) + nField;
    pKeyInfo = sqlite3Malloc( nByte );
    pOp->p4.pKeyInfo = pKeyInfo;
    if( pKeyInfo ){
      u8 *aSortOrder;
      memcpy((char*)pKeyInfo, zP4, nByte - nField);
      aSortOrder = pKeyInfo->aSortOrder;
      if( aSortOrder ){
        pKeyInfo->aSortOrder = (unsigned char*)&pKeyInfo->aColl[nField];
        memcpy(pKeyInfo->aSortOrder, aSortOrder, nField);
      }
      pOp->p4type = P4_KEYINFO;
    }else{