Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Avoid a buffer overread in ptrmapPutOvflPtr() that can occurs in a corrupt database file that has large entries and uses autovacuum. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: | f8b781cf41800e9f61a1c5376404a97e |
| User & Date: | drh 2018-12-14 16:00:38 |
Context
|
2018-12-14
| ||
| 16:20 | Back out the expansion of the temporary buffer size from [32754ca6f86da816] and replace it with an explicit test for buffer overreads. check-in: 8ba3d9f3 user: drh tags: trunk | |
| 16:00 | Avoid a buffer overread in ptrmapPutOvflPtr() that can occurs in a corrupt database file that has large entries and uses autovacuum. check-in: f8b781cf user: drh tags: trunk | |
| 13:47 | Fix a harmless compiler warning in Sessions. check-in: fc9791ea user: drh tags: trunk | |
Changes
Changes to src/btree.c.
1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 |
*/
static void ptrmapPutOvflPtr(MemPage *pPage, u8 *pCell, int *pRC){
CellInfo info;
if( *pRC ) return;
assert( pCell!=0 );
pPage->xParseCell(pPage, pCell, &info);
if( info.nLocal<info.nPayload ){
Pgno ovfl = get4byte(&pCell[info.nSize-4]);
ptrmapPut(pPage->pBt, ovfl, PTRMAP_OVERFLOW1, pPage->pgno, pRC);
}
}
#endif
/*
|
> > > > > | |
1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 |
*/
static void ptrmapPutOvflPtr(MemPage *pPage, u8 *pCell, int *pRC){
CellInfo info;
if( *pRC ) return;
assert( pCell!=0 );
pPage->xParseCell(pPage, pCell, &info);
if( info.nLocal<info.nPayload ){
Pgno ovfl;
if( SQLITE_WITHIN(pPage->aDataEnd, pCell, pCell+info.nLocal) ){
*pRC = SQLITE_CORRUPT_BKPT;
return;
}
ovfl = get4byte(&pCell[info.nSize-4]);
ptrmapPut(pPage->pBt, ovfl, PTRMAP_OVERFLOW1, pPage->pgno, pRC);
}
}
#endif
/*
|