/ Check-in [cc9430e3]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add a NEVER() on an always-false conditional in pager.c. Make sure the text of the master journal file is zero-terminated before trying to process it - to prevent a buffer overrun in strlen(). (CVS 6937)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: cc9430e334fe98e1c35d408f81a2d8953377cda6
User & Date: drh 2009-07-25 14:18:57
Context
2009-07-25
15:24
Simplifications and comment improvements to pager.c in support of coverage testing. (CVS 6938) check-in: 5b70b5c1 user: drh tags: trunk
14:18
Add a NEVER() on an always-false conditional in pager.c. Make sure the text of the master journal file is zero-terminated before trying to process it - to prevent a buffer overrun in strlen(). (CVS 6937) check-in: cc9430e3 user: drh tags: trunk
13:42
Remove the "proc zeroblob" implementation from incrvacuum2.test. It is no longer required as of (6906) and, as #3988 points out, unreliable. (CVS 6936) check-in: 03153831 user: danielk1977 tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/pager.c.

    14     14   ** The pager is used to access a database disk file.  It implements
    15     15   ** atomic commit and rollback through the use of a journal file that
    16     16   ** is separate from the database file.  The pager also implements file
    17     17   ** locking to prevent two processes from writing the same database
    18     18   ** file simultaneously, or one process from reading the database while
    19     19   ** another is writing.
    20     20   **
    21         -** @(#) $Id: pager.c,v 1.621 2009/07/25 11:40:08 danielk1977 Exp $
           21  +** @(#) $Id: pager.c,v 1.622 2009/07/25 14:18:57 drh Exp $
    22     22   */
    23     23   #ifndef SQLITE_OMIT_DISKIO
    24     24   #include "sqliteInt.h"
    25     25   
    26     26   /*
    27     27   ** Macros for troubleshooting.  Normally turned off
    28     28   */
................................................................................
  1724   1724       char *zJournal;
  1725   1725       char *zMasterPtr = 0;
  1726   1726       int nMasterPtr = pVfs->mxPathname+1;
  1727   1727   
  1728   1728       /* Load the entire master journal file into space obtained from
  1729   1729       ** sqlite3_malloc() and pointed to by zMasterJournal. 
  1730   1730       */
  1731         -    zMasterJournal = (char *)sqlite3Malloc((int)nMasterJournal + nMasterPtr);
         1731  +    zMasterJournal = sqlite3Malloc((int)nMasterJournal + nMasterPtr + 1);
  1732   1732       if( !zMasterJournal ){
  1733   1733         rc = SQLITE_NOMEM;
  1734   1734         goto delmaster_out;
  1735   1735       }
  1736         -    zMasterPtr = &zMasterJournal[nMasterJournal];
         1736  +    zMasterPtr = &zMasterJournal[nMasterJournal+1];
  1737   1737       rc = sqlite3OsRead(pMaster, zMasterJournal, (int)nMasterJournal, 0);
  1738   1738       if( rc!=SQLITE_OK ) goto delmaster_out;
         1739  +    zMasterJournal[nMasterJournal] = 0;
  1739   1740   
  1740   1741       zJournal = zMasterJournal;
  1741   1742       while( (zJournal-zMasterJournal)<nMasterJournal ){
  1742   1743         int exists;
  1743   1744         rc = sqlite3OsAccess(pVfs, zJournal, SQLITE_ACCESS_EXISTS, &exists);
  1744   1745         if( rc!=SQLITE_OK ){
  1745   1746           goto delmaster_out;
................................................................................
  3106   3107     ** was executed.
  3107   3108     **
  3108   3109     ** The solution is to write the current data for page X into the 
  3109   3110     ** sub-journal file now (if it is not already there), so that it will
  3110   3111     ** be restored to its current value when the "ROLLBACK TO sp" is 
  3111   3112     ** executed.
  3112   3113     */
  3113         -  if( rc==SQLITE_OK && pPg->pgno>pPager->dbSize && subjRequiresPage(pPg) ){
  3114         -assert(0);
         3114  +  if( NEVER(
         3115  +      rc==SQLITE_OK && pPg->pgno>pPager->dbSize && subjRequiresPage(pPg)
         3116  +  ) ){
  3115   3117       rc = subjournalPage(pPg);
  3116   3118     }
  3117   3119   
  3118   3120     /* Write the contents of the page out to the database file. */
  3119   3121     if( rc==SQLITE_OK ){
  3120   3122       pPg->pDirty = 0;
  3121   3123       rc = pager_write_pagelist(pPg);