Fix an issue introduced by check-in [4cd2a9672c59] (2017-03-03) that could

author drh <drh@noemail.net>

Thu, 28 Sep 2017 13:47:35 +0000 (13:47 +0000)

committer drh <drh@noemail.net>

Thu, 28 Sep 2017 13:47:35 +0000 (13:47 +0000)
author drh <drh@noemail.net>
Thu, 28 Sep 2017 13:47:35 +0000 (13:47 +0000)
committer drh <drh@noemail.net>
Thu, 28 Sep 2017 13:47:35 +0000 (13:47 +0000)
diff --git a/manifest b/manifest

index 5a19f398447aeb127bde4774bdc1ff32c6617951..a65a171730365ba6cf6db1e82ddda9aed68331f4 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\snew\sroutines\sto\ssimplify\sdealing\swith\scollating\ssequences\sin\sexpressions:\nsqlite3ExprNNCollSeq()\sand\ssqlite3ExprCollSeqMatch().
-D 2017-09-28T01:58:23.335
+C Fix\san\sissue\sintroduced\sby\scheck-in\s[4cd2a9672c59]\s(2017-03-03)\sthat\scould\nallow\sa\snegative\svalue\sin\sthe\s3rd\sparameter\sto\smemmove()\swhen\ndefragmentPage()\sis\scalled\son\sa\sbtree\spage\swith\sa\scorrupted\nfreeblock\slist.\s\sThe\scorruption\sis\snow\sdetected\searly\sand\sresults\sin\nan\sSQLITE_CORRUPT\sreturn\sbefore\sthe\smemmove()\sis\sreached.
+D 2017-09-28T13:47:35.240
  F Makefile.in 4bc36d913c2e3e2d326d588d72f618ac9788b2fd4b7efda61102611a6495c3ff
  F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
  F Makefile.msc 6033b51b6aea702ea059f6ab2d47b1d3cef648695f787247dd4fb395fe60673f
@@ -401,7 +401,7 @@ F src/auth.c 6277d63837357549fe14e723490d6dc1a38768d71c795c5eb5c0f8a99f918f73
  F src/backup.c faf17e60b43233c214aae6a8179d24503a61e83b
  F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
  F src/btmutex.c 0e9ce2d56159b89b9bc8e197e023ee11e39ff8ca
-F src/btree.c 1c2b2f1714c411d7a9bc52c90d9dd7eab261261d5691ac0f67e1ced92419799c
+F src/btree.c 221bc1b836f0c386676999a7c62c8dc60455e255fab37df97eca2aa619b92f2a
  F src/btree.h 32ef5d3f25dc70ef1ee9cecf84a023c21378f06a57cd701d2e866e141b150f09
  F src/btreeInt.h 55b702efce17e5d1941865464227d3802cfc9c7c832fac81d4c94dced47a71fc
  F src/build.c e71e96a67daf3d1dd23188423e66cd6af38017e2ec73fead5d2b57da2d3c7e16
@@ -1655,7 +1655,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 0413001843dce7c63659d39b329ca14cdcd54f4407922f51b2fb7659572a733e
-R 0aa0c6a22a3ca8a1377c9aa1ffa8dd82
+P 490e488ea963fe725b16212822c8608f2b6abce688931b611446bc2cbfe6b87c
+R 2f97a6d6fe698142318cfe94f9a0a57b
  U drh
-Z 1f5f89ecf882e16436178057d38d6ed8
+Z 00f2b9734ad71698420412023f6d2194
diff --git a/manifest.uuid b/manifest.uuid

index 030ba54b7f5b2c3bf82b00a950900d81632137d1..567c9cdf5d8d29f7abb17b75794df8d328cffbe1 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-490e488ea963fe725b16212822c8608f2b6abce688931b611446bc2cbfe6b87c
-\ No newline at end of file
+5b9ae693120fe4f7bc3b6270f35d773876f6cc8f5990e05cce0d255c54b36ae7
+\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c

index a1b125dda89593f39568caf421ac871ae2e0fbdd..7c468f35a57466a1c2e0e34262b9da987da7e24a 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -1399,6 +1399,9 @@ static int defragmentPage(MemPage *pPage, int nMaxFrag){
          int sz2 = 0;
          int sz = get2byte(&data[iFree+2]);
          int top = get2byte(&data[hdr+5]);
+        if( top>=iFree ){
+          return SQLITE_CORRUPT_PGNO(pPage->pgno);
+        }
          if( iFree2 ){
            assert( iFree+sz<=iFree2 ); /* Verified by pageFindSlot() */
            sz2 = get2byte(&data[iFree2+2]);
author	drh <drh@noemail.net>
	Thu, 28 Sep 2017 13:47:35 +0000 (13:47 +0000)
committer	drh <drh@noemail.net>
	Thu, 28 Sep 2017 13:47:35 +0000 (13:47 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/btree.c		patch \| blob \| blame \| history