Better detection of corruption in allocateSpace() in btree.c.

FossilOrigin-Name: bf7bb53ee2485a5342916d514d6c7291eb84c5f1

diff --git a/manifest b/manifest
index d4e4d2a9f47f86f71f92ca7583e58c23075af70a..efb6a270655a2d5777d0a959a7162d1e02d82879 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Detect\sdatabase\scorruption\sin\sthe\smodifyPagePointer()\sroutine\sand\sabort.
-D 2015-05-24T10:18:12.213
+C Better\sdetection\sof\scorruption\sin\sallocateSpace()\sin\sbtree.c.
+D 2015-05-24T21:09:52.026
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 0a6ae26396ec696221021780dffbb894ff3cead7
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -192,7 +192,7 @@ F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240
 F src/backup.c ff743689c4d6c5cb55ad42ed9d174b2b3e71f1e3
 F src/bitvec.c 5eb7958c3bf65210211cbcfc44eff86d0ded7c9d
 F src/btmutex.c 45a968cc85afed9b5e6cf55bf1f42f8d18107f79
-F src/btree.c c222cc2b5a87ffab3b7943f5d9e23d77af1e5170
+F src/btree.c 17776a0c3ad27326a9067bdc4ddea2a0a2230581
 F src/btree.h 969adc948e89e449220ff0ff724c94bb2a52e9f1
 F src/btreeInt.h 973a22a6fd61350b454ad614832b1f0a5e25a1e4
 F src/build.c d5d9090788118178190c5724c19f93953b8c7a4e
@@ -1278,7 +1278,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 7bbf9b3cd6ebf103ebd8347579aef721d0dcd2dc
-R 2583ffdc05796a0af02256cd0d450b10
+P 4f0bba42f904e505900be67b00179ebb1f24ed03
+R 8242f5320e3965af2649b2d97c4412ed
 U drh
-Z d263884651c03b082e32e82465264add
+Z 757528b0ed7a78b958475a4239ae8625

diff --git a/manifest.uuid b/manifest.uuid
index 71ac030a90cd7fb3723cdc5c73d0951202763f3b..b6c71b9ba99c4ed1c7e98a599fc9e124a221da28 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4f0bba42f904e505900be67b00179ebb1f24ed03
\ No newline at end of file
+bf7bb53ee2485a5342916d514d6c7291eb84c5f1
\ No newline at end of file

diff --git a/src/btree.c b/src/btree.c
index 3321cbe39180282054bad0f344eb6822fa84c321..a418a0ec7f5679b8d71687f8e821362f52d57edf 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -1291,7 +1291,7 @@ static u8 *pageFindSlot(MemPage *pPg, int nByte, int *pRc, int *pbDefrag){
         ** fragmented bytes within the page. */
         memcpy(&aData[iAddr], &aData[pc], 2);
         aData[hdr+7] += (u8)x;
-      }else if( size+pc > usableSize ){
+      }else if( pc < pPg->cellOffset+2*pPg->nCell || size+pc > usableSize ){
         *pRc = SQLITE_CORRUPT_BKPT;
         return 0;
       }else{
@@ -6169,8 +6169,7 @@ static void rebuildPage(
     memcpy(pData, pCell, szCell[i]);
     put2byte(pCellptr, (pData - aData));
     pCellptr += 2;
-    assert( szCell[i]==cellSizePtr(pPg, pCell) || CORRUPT_DB );
-    testcase( szCell[i]!=cellSizePtr(pPg,pCell) );
+    assert( szCell[i]==cellSizePtr(pPg, pCell) );
   }
 
   /* The pPg->nFree field is now set incorrectly. The caller will fix it. */