/ Check-in [8eb1f244]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:If the size of the database according to the header is larger than the actual database file size, report that the database is corrupt.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 8eb1f2443f2712920452b7ed3fb835c7f3221191
User & Date: drh 2010-04-02 12:46:46
Context
2010-04-02
12:55
Take care to avoid a buffer over-read when adding a KEYINFO structure to the P4 parameter of an opcode. check-in: 937b931a user: drh tags: trunk
12:46
If the size of the database according to the header is larger than the actual database file size, report that the database is corrupt. check-in: 8eb1f244 user: drh tags: trunk
03:39
Pager changes for code coverage testing. check-in: b04a45ea user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

  2226   2226   **
  2227   2227   ** SQLITE_OK is returned on success.  If the file is not a
  2228   2228   ** well-formed database file, then SQLITE_CORRUPT is returned.
  2229   2229   ** SQLITE_BUSY is returned if the database is locked.  SQLITE_NOMEM
  2230   2230   ** is returned if we run out of memory. 
  2231   2231   */
  2232   2232   static int lockBtree(BtShared *pBt){
  2233         -  int rc;
  2234         -  MemPage *pPage1;
  2235         -  int nPage;
         2233  +  int rc;              /* Result code from subfunctions */
         2234  +  MemPage *pPage1;     /* Page 1 of the database file */
         2235  +  int nPage;           /* Number of pages in the database */
         2236  +  int nPageFile = 0;   /* Number of pages in the database file */
         2237  +  int nPageHeader;     /* Number of pages in the database according to hdr */
  2236   2238   
  2237   2239     assert( sqlite3_mutex_held(pBt->mutex) );
  2238   2240     assert( pBt->pPage1==0 );
  2239   2241     rc = sqlite3PagerSharedLock(pBt->pPager);
  2240   2242     if( rc!=SQLITE_OK ) return rc;
  2241   2243     rc = btreeGetPage(pBt, 1, &pPage1, 0);
  2242   2244     if( rc!=SQLITE_OK ) return rc;
  2243   2245   
  2244   2246     /* Do some checking to help insure the file we opened really is
  2245   2247     ** a valid database file. 
  2246   2248     */
  2247         -  nPage = get4byte(28+(u8*)pPage1->aData);
         2249  +  nPage = nPageHeader = get4byte(28+(u8*)pPage1->aData);
         2250  +  if( (rc = sqlite3PagerPagecount(pBt->pPager, &nPageFile))!=SQLITE_OK ){;
         2251  +    goto page1_init_failed;
         2252  +  }
  2248   2253     if( nPage==0 ){
  2249         -    rc = sqlite3PagerPagecount(pBt->pPager, &nPage);
  2250         -    /* The sqlite3PagerSharedLock() call above has already determined
  2251         -    ** the database file size, so this call to sqlite3PagerPagecount()
  2252         -    ** cannot fail. */
  2253         -    if( NEVER(rc) ) goto page1_init_failed;
         2254  +    nPage = nPageFile;
  2254   2255     }
  2255   2256     if( nPage>0 ){
  2256   2257       int pageSize;
  2257   2258       int usableSize;
  2258   2259       u8 *page1 = pPage1->aData;
  2259   2260       rc = SQLITE_NOTADB;
  2260   2261       if( memcmp(page1, zMagicHeader, 16)!=0 ){
................................................................................
  2293   2294         releasePage(pPage1);
  2294   2295         pBt->usableSize = (u16)usableSize;
  2295   2296         pBt->pageSize = (u16)pageSize;
  2296   2297         freeTempSpace(pBt);
  2297   2298         rc = sqlite3PagerSetPagesize(pBt->pPager, &pBt->pageSize,
  2298   2299                                      pageSize-usableSize);
  2299   2300         return rc;
         2301  +    }
         2302  +    if( nPageHeader>nPageFile ){
         2303  +      rc = SQLITE_CORRUPT_BKPT;
         2304  +      goto page1_init_failed;
  2300   2305       }
  2301   2306       if( usableSize<480 ){
  2302   2307         goto page1_init_failed;
  2303   2308       }
  2304   2309       pBt->pageSize = (u16)pageSize;
  2305   2310       pBt->usableSize = (u16)usableSize;
  2306   2311   #ifndef SQLITE_OMIT_AUTOVACUUM