SQLite: Check-in [378afa16]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Avoid an out-of-bounds read on a recovery attempt using a carefully crafted database and rollback journal with mismatched page sizes. The test case for this is in TH3.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA3-256:	378afa16381a222aafa6009dbbbc92473a69683537f1c265694678b0595a42c8
User & Date:	drh 2017-09-14 02:36:27

References

2017-09-18
09:40		The out-of-bounds read on recovery fix of check-in [378afa16381a222a] caused problems for some corner-case error conditions. This alternative fix appears to work better. check-in: 74f399d8 user: drh tags: trunk

Context

2017-09-14
20:41		Avoid an out-of-bounds read that can be caused by a specially constructed journal file. check-in: cf5bf42c user: dan tags: trunk
02:36		Avoid an out-of-bounds read on a recovery attempt using a carefully crafted database and rollback journal with mismatched page sizes. The test case for this is in TH3. check-in: 378afa16 user: drh tags: trunk
2017-09-13
20:20		Test case update due to PRAGMA integrity_check enhancements in [8525c30c]. No changes to code. check-in: 43c6023b user: drh tags: trunk

Changes

Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/pager.c.

  2840   2840     pPager->journalOff = 0;
  2841   2841     needPagerReset = isHot;
  2842   2842   
  2843   2843     /* This loop terminates either when a readJournalHdr() or 
  2844   2844     ** pager_playback_one_page() call returns SQLITE_DONE or an IO error 
  2845   2845     ** occurs. 
  2846   2846     */
  2847         -  while( 1 ){
         2847  +  do{
  2848   2848       /* Read the next journal header from the journal file.  If there are
  2849   2849       ** not enough bytes left in the journal file for a complete header, or
  2850   2850       ** it is corrupted, then a process must have failed while writing it.
  2851   2851       ** This indicates nothing more needs to be rolled back.
  2852   2852       */
         2853  +    u32 savedPageSize = pPager->pageSize;
  2853   2854       rc = readJournalHdr(pPager, isHot, szJ, &nRec, &mxPg);
  2854   2855       if( rc!=SQLITE_OK ){ 
  2855   2856         if( rc==SQLITE_DONE ){
  2856   2857           rc = SQLITE_OK;
  2857   2858         }
  2858   2859         goto end_playback;
  2859   2860       }
................................................................................
  2927   2928             ** so that no further harm will be done.  Perhaps the next
  2928   2929             ** process to come along will be able to rollback the database.
  2929   2930             */
  2930   2931             goto end_playback;
  2931   2932           }
  2932   2933         }
  2933   2934       }
  2934         -  }
  2935         -  /*NOTREACHED*/
  2936         -  assert( 0 );
         2935  +    rc = sqlite3PagerSetPagesize(pPager, &savedPageSize, -1);
         2936  +  }while( rc==SQLITE_OK );
  2937   2937   
  2938   2938   end_playback:
  2939   2939     /* Following a rollback, the database file should be back in its original
  2940   2940     ** state prior to the start of the transaction, so invoke the
  2941   2941     ** SQLITE_FCNTL_DB_UNCHANGED file-control method to disable the
  2942   2942     ** assertion that the transaction counter was modified.
  2943   2943     */