Fix a bad assert() (it needs an "||CORRUPT_DB" term) in b-tree, discovered

by dbsqlfuzz.

FossilOrigin-Name: f5f263cc626d6a8bea3e85e28bb716e3eac0d9cd199cc060c0c8b0c77b280a45

diff --git a/manifest b/manifest
index 99c429946293e387a20e40e9f519699e9e095bf7..c00d80c42ebcc9e22a7413d1e1a2b41ee4b0d684 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Do\snot\srun\smerge1.test\swith\sSQLITE_OMIT_VIRTUALTABLE\sbuilds.
-D 2022-02-12T18:56:24.181
+C Fix\sa\sbad\sassert()\s(it\sneeds\san\s"||CORRUPT_DB"\sterm)\sin\sb-tree,\sdiscovered\nby\sdbsqlfuzz.
+D 2022-02-14T13:53:49.894
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -492,7 +492,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf
 F src/backup.c a2891172438e385fdbe97c11c9745676bec54f518d4447090af97189fd8e52d7
 F src/bitvec.c 7c849aac407230278445cb069bebc5f89bf2ddd87c5ed9459b070a9175707b3d
 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
-F src/btree.c ddab31c38d5f16114bc68392430556b1063fe14e0020f9a56d2c35ddd58ba7e3
+F src/btree.c 36171a7ac65de459a46fc5c058469e312675b6607c77ae352720f29a4c3aec99
 F src/btree.h 74d64b8f28cfa4a894d14d4ed64fa432cd697b98b61708d4351482ae15913e22
 F src/btreeInt.h ee9348c4cb9077243b049edc93a82c1f32ca48baeabf2140d41362b9f9139ff7
 F src/build.c b59ff41525c10b429adc277d3bca6e433b09d055b0df8c1529385763cea8bb04
@@ -1944,8 +1944,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 9252619d410293ddefd108f5cf81b6fb4932bd3f2ceaaa92abb7542e34f66111
-R 80e8eecaf7636ea102822137f451668f
-U dan
-Z 534ed5fc79f3b9c855702c93bc92827c
+P bf8dbfd499e732f14c7a8efee527e8ce155937dbb2a3e85213f8aa64ac497189
+R eb064779415a6eb9ec1638908fc5d28d
+U drh
+Z 1f402c75824ae1ac218e657bf4bc7a68
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index 17e7501d4c772b8d311232e118f8c5e3166a9ce2..a1b8b44c4ff6fa1107c01ffbc119789ba4859ad6 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-bf8dbfd499e732f14c7a8efee527e8ce155937dbb2a3e85213f8aa64ac497189
\ No newline at end of file
+f5f263cc626d6a8bea3e85e28bb716e3eac0d9cd199cc060c0c8b0c77b280a45
\ No newline at end of file

diff --git a/src/btree.c b/src/btree.c
index fdf0ac22c9e4cf42ead28542f09108de78b2eda6..d54adafe2ec91768b080bd5f53b127d7379be180 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -1782,7 +1782,7 @@ static int freeSpace(MemPage *pPage, u16 iStart, u16 iSize){
     if( iFreeBlk>pPage->pBt->usableSize-4 ){ /* TH3: corrupt081.100 */
       return SQLITE_CORRUPT_PAGE(pPage);
     }
-    assert( iFreeBlk>iPtr || iFreeBlk==0 );
+    assert( iFreeBlk>iPtr || iFreeBlk==0 || CORRUPT_DB );
   
     /* At this point:
     **    iFreeBlk:   First freeblock after iStart, or zero if none
@@ -6846,6 +6846,12 @@ static void dropCell(MemPage *pPage, int idx, int sz, int *pRC){
   assert( pPage->pBt->usableSize > (u32)(ptr-data) );
   pc = get2byte(ptr);
   hdr = pPage->hdrOffset;
+#if 0  /* Not required.  Omit for efficiency */
+  if( pc<hdr+pPage->nCell*2 ){
+    *pRC = SQLITE_CORRUPT_BKPT;
+    return;
+  }
+#endif
   testcase( pc==(u32)get2byte(&data[hdr+5]) );
   testcase( pc+sz==pPage->pBt->usableSize );
   if( pc+sz > pPage->pBt->usableSize ){