-C For\sFROM-clause\ssubqueries\sthat\scannot\sbe\sflattened,\stry\sto\spush\srelevant\nWHERE\sclause\sterms\sof\sthe\souter\squery\sdown\sinto\sthe\ssubquery\sin\sorder\sto\shelp\nthe\ssubquery\srun\sfaster\sand/or\suse\sless\smemory.
-D 2015-06-02T18:09:18.284
+C Always\scheck\sfor\scell\soverflow\sbefore\sreturning\sa\sslot\sfrom\sthe\npageFindSlot\sroutine\sin\sbtree.c.
+D 2015-06-02T19:36:29.792
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
F Makefile.in 994bab32a3a69e0c35bd148b65cde49879772964
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
F src/backup.c ff743689c4d6c5cb55ad42ed9d174b2b3e71f1e3
F src/bitvec.c 5eb7958c3bf65210211cbcfc44eff86d0ded7c9d
F src/btmutex.c 45a968cc85afed9b5e6cf55bf1f42f8d18107f79
-F src/btree.c c73a170115df068764126a85288cdec092ec180c
+F src/btree.c 5166c27883c24768c2f7f53479714f03ef34c612
F src/btree.h 969adc948e89e449220ff0ff724c94bb2a52e9f1
F src/btreeInt.h 973a22a6fd61350b454ad614832b1f0a5e25a1e4
F src/build.c 73da2b9e9311abc4fcb4e36f76c7800c2d2504a4
F test/fuzzcheck.c a60f926e3fa86c8d33908406d75eec868c22b9ca
F test/fuzzdata1.db b60254eeb6bc11474071b883059662a73c48da7f
F test/fuzzdata2.db f03a420d3b822cc82e4f894ca957618fbe9c4973
-F test/fuzzdata3.db 3632e598ff8574228aadf09897bd040d3c5f5ffb
+F test/fuzzdata3.db a6e9bf75b8bfad0b7e60e57038908f4237b9c5d2
F test/fuzzer1.test d4c52aaf3ef923da293a2653cfab33d02f718a36
F test/fuzzerfault.test 8792cd77fd5bce765b05d0c8e01b9edcf8af8536
F test/genesis.tcl 1e2e2e8e5cc4058549a154ff1892fe5c9de19f98
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 9678646d9a14ba283a83839be329599a676a537a 297fae7551a2af9e600d833801ff79fca0602ad5
-R 4cb9a66e53feaa59f815d8d8fff07191
-T +closed 297fae7551a2af9e600d833801ff79fca0602ad5
+P 6df18e949d3676290785143993513ea1b917d729
+R df67992b4dca09a3ed79d8f1ab3e61e2
U drh
-Z 655d5f5f5a9ad84ec56fa650e3297ec0
+Z ecf49562dd93a4ec8af623b100b6b686
int x = size - nByte;
testcase( x==4 );
testcase( x==3 );
- if( x<4 ){
+ if( pc < pPg->cellOffset+2*pPg->nCell || size+pc > usableSize ){
+ *pRc = SQLITE_CORRUPT_BKPT;
+ return 0;
+ }else if( x<4 ){
/* EVIDENCE-OF: R-11498-58022 In a well-formed b-tree page, the total
** number of bytes in fragments may not exceed 60. */
if( aData[hdr+7]>=60 ){
** fragmented bytes within the page. */
memcpy(&aData[iAddr], &aData[pc], 2);
aData[hdr+7] += (u8)x;
- }else if( pc < pPg->cellOffset+2*pPg->nCell || size+pc > usableSize ){
- *pRc = SQLITE_CORRUPT_BKPT;
- return 0;
}else{
/* The slot remains on the free-list. Reduce its size to account
** for the portion used by the new allocation. */
projects / thirdparty / sqlite.git / commitdiff
