/ Check-in [9386bfca]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add a four-byte prefix to the BtShared.pTmpSpace buffer to avoid reading before the beginning of an allocation.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:9386bfca128023583a24303e5f1d832987a49d43
User & Date: drh 2014-10-15 11:55:51
Context
2014-10-15
14:45
Fix a problem causing lock5.test to fail in mmap-mode. check-in: b3e7b446 user: dan tags: trunk
11:55
Add a four-byte prefix to the BtShared.pTmpSpace buffer to avoid reading before the beginning of an allocation. check-in: 9386bfca user: drh tags: trunk
11:31
Rearrange an expression in vdbemem.c to avoid a (harmless) reference to a possibly unitialized variable. check-in: 4a7b3fa0 user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

  2104   2104   #else
  2105   2105     return 1;
  2106   2106   #endif
  2107   2107   }
  2108   2108   
  2109   2109   /*
  2110   2110   ** Make sure pBt->pTmpSpace points to an allocation of 
  2111         -** MX_CELL_SIZE(pBt) bytes.
         2111  +** MX_CELL_SIZE(pBt) bytes with a 4-byte prefix for a left-child
         2112  +** pointer.
  2112   2113   */
  2113   2114   static void allocateTempSpace(BtShared *pBt){
  2114   2115     if( !pBt->pTmpSpace ){
  2115   2116       pBt->pTmpSpace = sqlite3PageMalloc( pBt->pageSize );
  2116   2117   
  2117   2118       /* One of the uses of pBt->pTmpSpace is to format cells before
  2118   2119       ** inserting them into a leaf page (function fillInCell()). If
................................................................................
  2119   2120       ** a cell is less than 4 bytes in size, it is rounded up to 4 bytes
  2120   2121       ** by the various routines that manipulate binary cells. Which
  2121   2122       ** can mean that fillInCell() only initializes the first 2 or 3
  2122   2123       ** bytes of pTmpSpace, but that the first 4 bytes are copied from
  2123   2124       ** it into a database page. This is not actually a problem, but it
  2124   2125       ** does cause a valgrind error when the 1 or 2 bytes of unitialized 
  2125   2126       ** data is passed to system call write(). So to avoid this error,
  2126         -    ** zero the first 4 bytes of temp space here.  */
  2127         -    if( pBt->pTmpSpace ) memset(pBt->pTmpSpace, 0, 4);
         2127  +    ** zero the first 4 bytes of temp space here.
         2128  +    **
         2129  +    ** Also:  Provide four bytes of initialized space before the
         2130  +    ** beginning of pTmpSpace as an area available to prepend the
         2131  +    ** left-child pointer to the beginning of a cell.
         2132  +    */
         2133  +    if( pBt->pTmpSpace ){
         2134  +      memset(pBt->pTmpSpace, 0, 8);
         2135  +      pBt->pTmpSpace += 4;
         2136  +    }
  2128   2137     }
  2129   2138   }
  2130   2139   
  2131   2140   /*
  2132   2141   ** Free the pBt->pTmpSpace allocation
  2133   2142   */
  2134   2143   static void freeTempSpace(BtShared *pBt){
  2135         -  sqlite3PageFree( pBt->pTmpSpace);
  2136         -  pBt->pTmpSpace = 0;
         2144  +  if( pBt->pTmpSpace ){
         2145  +    pBt->pTmpSpace -= 4;
         2146  +    sqlite3PageFree(pBt->pTmpSpace);
         2147  +    pBt->pTmpSpace = 0;
         2148  +  }
  2137   2149   }
  2138   2150   
  2139   2151   /*
  2140   2152   ** Close an open database and invalidate all cursors.
  2141   2153   */
  2142   2154   int sqlite3BtreeClose(Btree *p){
  2143   2155     BtShared *pBt = p->pBt;

Changes to src/btreeInt.h.

   432    432     Bitvec *pHasContent;  /* Set of pages moved to free-list this transaction */
   433    433   #ifndef SQLITE_OMIT_SHARED_CACHE
   434    434     int nRef;             /* Number of references to this structure */
   435    435     BtShared *pNext;      /* Next on a list of sharable BtShared structs */
   436    436     BtLock *pLock;        /* List of locks held on this shared-btree struct */
   437    437     Btree *pWriter;       /* Btree with currently open write transaction */
   438    438   #endif
   439         -  u8 *pTmpSpace;        /* BtShared.pageSize bytes of space for tmp use */
          439  +  u8 *pTmpSpace;        /* Temp space sufficient to hold a single cell */
   440    440   };
   441    441   
   442    442   /*
   443    443   ** Allowed values for BtShared.btsFlags
   444    444   */
   445    445   #define BTS_READ_ONLY        0x0001   /* Underlying file is readonly */
   446    446   #define BTS_PAGESIZE_FIXED   0x0002   /* Page size can no longer be changed */