Earlier detection of out-of-range page numbers in the btree layer.

FossilOrigin-Name: 805bb67a82be51dc6077480691ed815c63a37bd8fc00cf7e67e020349c6e322e

diff --git a/manifest b/manifest
index 9f6a2b2b1f9e1e8e3599560e1d71edbe2bde9f0c..48601089f4e0778a8bc3c0dae3cb61d399941512 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Merge\senhancements\sfrom\strunk.
-D 2020-07-28T17:51:48.981
+C Earlier\sdetection\sof\sout-of-range\spage\snumbers\sin\sthe\sbtree\slayer.
+D 2020-07-28T20:32:12.478
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -476,7 +476,7 @@ F src/auth.c a3d5bfdba83d25abed1013a8c7a5f204e2e29b0c25242a56bc02bb0c07bf1e06
 F src/backup.c b1c90cd4110248c8e1273ff4578d3a84c0c34725e1b96dacd4a6294a908702de
 F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
-F src/btree.c 312780d344ab1c205b6571ef38757c7d5ea1cec539802cdd5a508381dd71be88
+F src/btree.c 398b6a2ec3224533beab389b3db12da7bda726805ce362130fbe08c74ce0599c
 F src/btree.h 7af72bbb4863c331c8f6753277ab40ee67d2a2125a63256d5c25489722ec162b
 F src/btreeInt.h 83166f6daeb91062b6ae9ee6247b3ad07e40eba58f3c05ba9e8dedad4ab1ea38
 F src/build.c 1b8436ed3ac339a0507e61b14e4bd823eb02b76a9499b2241fddc61a5ff38c1a
@@ -1879,7 +1879,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 22e8e6901a119698de831ede6d8b03c4fd6576eaa8686a97a0b8aeea7593688a ee8a108058c304f9b6b02f84f1da01a0b7a3a21992627bcc1f97d42e8d23da69
-R eadae907213e64a4a20abad95f5fd65f
+P 969c25bb14fbd99ca8523abf0ae78a75a3dde539e3323d105690aef4940041eb
+R 5e98c4cb6c9b78a3e5d40725f8973216
 U drh
-Z c2595a223b4a7c3d570814053566ad4a
+Z 4cd38b7003d2f733da13812745e0abc4

diff --git a/manifest.uuid b/manifest.uuid
index 92cc10c689bcc273935b8cb449cd5821c425abfc..fa506eb0ddf816ba0095e8ee3cd609978445d7c5 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-969c25bb14fbd99ca8523abf0ae78a75a3dde539e3323d105690aef4940041eb
\ No newline at end of file
+805bb67a82be51dc6077480691ed815c63a37bd8fc00cf7e67e020349c6e322e
\ No newline at end of file

diff --git a/src/btree.c b/src/btree.c
index 39bbf17a4dac1ea4d4a608bb4929f266a870e6a3..af542f09e53305ec9d2b284195a2d8dce8f12295 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -6290,6 +6290,10 @@ static int freePage2(BtShared *pBt, MemPage *pMemPage, Pgno iPage){
     u32 nLeaf;                /* Initial number of leaf cells on trunk page */
 
     iTrunk = get4byte(&pPage1->aData[32]);
+    if( iTrunk>btreePagecount(pBt) ){
+      rc = SQLITE_CORRUPT_BKPT;
+      goto freepage_out;
+    }
     rc = btreeGetPage(pBt, iTrunk, &pTrunk, 0);
     if( rc!=SQLITE_OK ){
       goto freepage_out;
@@ -9127,6 +9131,9 @@ static int btreeCreateTable(Btree *p, Pgno *piTable, int createTabFlags){
     ** created so far, so the new root-page is (meta[3]+1).
     */
     sqlite3BtreeGetMeta(p, BTREE_LARGEST_ROOT_PAGE, &pgnoRoot);
+    if( pgnoRoot>btreePagecount(pBt) ){
+      return SQLITE_CORRUPT_BKPT;
+    }
     pgnoRoot++;
 
     /* The new root-page may not be allocated on a pointer-map page, or the