SQLite

Check-in [d0b347b412]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add checks to make sure cells in corrupt database files do not overflow a page when doing autovacuum. Problem detected by valgrind.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: d0b347b412376d22e9f0770ac083dafb5e480dd0
User & Date: drh 2011-08-31 13:27:19.588
Context
2011-08-31
17:46
Backslash escaping is not working right in tostr.awk on the latest ubuntu. The easiest fix is to simply not use any backslashes in the spaceanal.tcl script. (check-in: df55006665 user: drh tags: trunk)
13:27
Add checks to make sure cells in corrupt database files do not overflow a page when doing autovacuum. Problem detected by valgrind. (check-in: d0b347b412 user: drh tags: trunk)
2011-08-30
19:52
Enable the thread test logic to work with the SQLITE_HAS_CODEC compile-time option. (check-in: 20ddfb4780 user: drh tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/btree.c.
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760






2761
2762
2763
2764
2765
2766
2767
2768
2750
2751
2752
2753
2754
2755
2756




2757
2758
2759
2760
2761
2762

2763
2764
2765
2766
2767
2768
2769







-
-
-
-
+
+
+
+
+
+
-







    nCell = pPage->nCell;

    for(i=0; i<nCell; i++){
      u8 *pCell = findCell(pPage, i);
      if( eType==PTRMAP_OVERFLOW1 ){
        CellInfo info;
        btreeParseCellPtr(pPage, pCell, &info);
        if( info.iOverflow ){
          if( iFrom==get4byte(&pCell[info.iOverflow]) ){
            put4byte(&pCell[info.iOverflow], iTo);
            break;
        if( info.iOverflow
         && pCell+info.iOverflow+3<=pPage->aData+pPage->maskPage
         && iFrom==get4byte(&pCell[info.iOverflow])
        ){
          put4byte(&pCell[info.iOverflow], iTo);
          break;
          }
        }
      }else{
        if( get4byte(pCell)==iFrom ){
          put4byte(pCell, iTo);
          break;
        }
      }
5186
5187
5188
5189
5190
5191
5192



5193
5194
5195
5196
5197
5198
5199
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203







+
+
+







  u32 ovflPageSize;

  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  btreeParseCellPtr(pPage, pCell, &info);
  if( info.iOverflow==0 ){
    return SQLITE_OK;  /* No overflow pages. Return without doing anything */
  }
  if( pCell+info.iOverflow+3 > pPage->aData+pPage->maskPage ){
    return SQLITE_CORRUPT;  /* Cell extends past end of page */
  }
  ovflPgno = get4byte(&pCell[info.iOverflow]);
  assert( pBt->usableSize > 4 );
  ovflPageSize = pBt->usableSize - 4;
  nOvfl = (info.nPayload - info.nLocal + ovflPageSize - 1)/ovflPageSize;
  assert( ovflPgno==0 || nOvfl>0 );
  while( nOvfl-- ){
    Pgno iNext = 0;