/ Check-in [32754ca6]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Expand the size of the temporary page used during btree rebalancing by a few bytes, to avoid problems with small buffer overreads that can occur on corrupted database files.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 32754ca6f86da8165e274f98f35fc3df3aebd273e9da08387e2d0c3c89abda0f
User & Date: drh 2018-12-14 13:35:48
References
2018-12-14
16:20
Back out the expansion of the temporary buffer size from [32754ca6f86da816] and replace it with an explicit test for buffer overreads. check-in: 8ba3d9f3 user: drh tags: trunk
Context
2018-12-14
13:47
Fix a harmless compiler warning in Sessions. check-in: fc9791ea user: drh tags: trunk
13:35
Expand the size of the temporary page used during btree rebalancing by a few bytes, to avoid problems with small buffer overreads that can occur on corrupted database files. check-in: 32754ca6 user: drh tags: trunk
13:18
When saving the position of a cursor at the b-tree layer, allocate a few extra bytes at the end of the buffer used to save the key. Otherwise, if the key is corrupt, the code that restores the cursor position may overread the buffer by a little. check-in: 160b1e31 user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/pcache1.c.

   473    473   
   474    474   /*
   475    475   ** Malloc function used by SQLite to obtain space from the buffer configured
   476    476   ** using sqlite3_config(SQLITE_CONFIG_PAGECACHE) option. If no such buffer
   477    477   ** exists, this function falls back to sqlite3Malloc().
   478    478   */
   479    479   void *sqlite3PageMalloc(int sz){
   480         -  return pcache1Alloc(sz);
          480  +  /* During rebalance operations on a corrupt database file, it is sometimes
          481  +  ** (rarely) possible to overread the temporary page buffer by a few bytes.
          482  +  ** Enlarge the allocation slightly so that this does not cause problems. */
          483  +  return pcache1Alloc(sz + 32);
   481    484   }
   482    485   
   483    486   /*
   484    487   ** Free an allocated buffer obtained from sqlite3PageMalloc().
   485    488   */
   486    489   void sqlite3PageFree(void *p){
   487    490     pcache1Free(p);