Strengthen the new balance_nonroot() code against various corrupt database

problems.

FossilOrigin-Name: 5ba983432069714afebbb2f0ef22d41be52f7a4c

diff --git a/manifest b/manifest
index f2f4dac7b507c1ef957705964edf22f237255483..ab5e8753cf73126f1bd4ddb1d14818e84f388b22 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Adjustment\sto\sa\smalloc\stest\sso\sthat\sit\saccepts\sa\snarrow\srange\sof\svalues\sto\naccount\sfor\svariations\sin\smalloc\ssubsystems.
-D 2015-06-24T10:46:25.903
+C Strengthen\sthe\snew\sbalance_nonroot()\scode\sagainst\svarious\scorrupt\sdatabase\nproblems.
+D 2015-06-24T12:07:40.692
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 1063c58075b7400d93326b0eb332b48a54f53025
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -192,7 +192,7 @@ F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240
 F src/backup.c ff743689c4d6c5cb55ad42ed9d174b2b3e71f1e3
 F src/bitvec.c 5eb7958c3bf65210211cbcfc44eff86d0ded7c9d
 F src/btmutex.c 45a968cc85afed9b5e6cf55bf1f42f8d18107f79
-F src/btree.c 9980353a770fa660b74d9c9deabb3e07a218dfb7
+F src/btree.c 2167a4fdf8ab24b0bc066969db47f4c17a7773ec
 F src/btree.h 969adc948e89e449220ff0ff724c94bb2a52e9f1
 F src/btreeInt.h 6ece2dd9c8e2eac05f0a8ded8772a44e96486c65
 F src/build.c b3f15255d5b16e42dafeaa638fd4f8a47c94ed70
@@ -1286,7 +1286,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 14b73d201509d3c04f760a08d21f3c499f2870a8
-R a57cd0079b99218bd12ce044cb0278e1
+P e0195070f84f418c46698627a2dcbfcfb94d999c
+R 7d5a275fb657ecb8665ac07bebe4c955
 U drh
-Z ee5603fe9d2ad1d7f63752edf51bdda4
+Z 5227e07a1b8f384d21181ee18b88f9b4

diff --git a/manifest.uuid b/manifest.uuid
index 38e2b047cf4d14cb870bf1423c0774fdfa36f1fb..2367d3101b04c0f11b52e7065c8b78ca090f3b09 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-e0195070f84f418c46698627a2dcbfcfb94d999c
\ No newline at end of file
+5ba983432069714afebbb2f0ef22d41be52f7a4c
\ No newline at end of file

diff --git a/src/btree.c b/src/btree.c
index 37093ddd59a70c3ef7519aa9a3dfb3dee577c5f4..0d4d75cc998a1b031591c2fed9309620df0ac3f9 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -1439,9 +1439,7 @@ static int allocateSpace(MemPage *pPage, int nByte, int *pIdx){
   ** However, that integer is too large to be stored in a 2-byte unsigned
   ** integer, so a value of 0 is used in its place. */
   top = get2byteNotZero(&data[hdr+5]);
-  if( gap>top || NEVER((u32)top>pPage->pBt->usableSize) ){
-    /* The NEVER() is because a oversize "top" value will be blocked from
-    ** reaching this point by btreeInitPage() or btreeGetUnusedPage() */
+  if( gap>top || (u32)top>pPage->pBt->usableSize ){
     return SQLITE_CORRUPT_BKPT;
   }
 
@@ -7192,7 +7190,7 @@ static int balance_nonroot(
     }
     if( cntNew[i]>=b.nCell ){
       k = i+1;
-    }else if( cntNew[i] - (i>0 ? cntNew[i-1] : 0) <= 0 ){
+    }else if( cntNew[i] <= (i>0 ? cntNew[i-1] : 0) ){
       rc = SQLITE_CORRUPT_BKPT;
       goto balance_cleanup;
     }
@@ -7218,7 +7216,7 @@ static int balance_nonroot(
     r = cntNew[i-1] - 1;
     d = r + 1 - leafData;
     (void)cachedCellSize(&b, d);
-    while(1){
+    do{
       assert( d<nMaxCells );
       assert( r<nMaxCells );
       (void)cachedCellSize(&b, r);
@@ -7229,15 +7227,15 @@ static int balance_nonroot(
       szRight += b.szCell[d] + 2;
       szLeft -= b.szCell[r] + 2;
       cntNew[i-1] = r;
-      if( cntNew[i-1] <= 0 ){
-        rc = SQLITE_CORRUPT_BKPT;
-        goto balance_cleanup;
-      }
       r--;
       d--;
-    }
+    }while( r>=0 );
     szNew[i] = szRight;
     szNew[i-1] = szLeft;
+    if( cntNew[i-1] <= (i>1 ? cntNew[i-2] : 0) ){
+      rc = SQLITE_CORRUPT_BKPT;
+      goto balance_cleanup;
+    }
   }
 
   /* Sanity check:  For a non-corrupt database file one of the follwing