Improvements to rootpage bounds checking during schema parse.

author drh <drh@noemail.net>

Wed, 22 Jul 2020 20:12:10 +0000 (20:12 +0000)

committer drh <drh@noemail.net>

Wed, 22 Jul 2020 20:12:10 +0000 (20:12 +0000)
author drh <drh@noemail.net>
Wed, 22 Jul 2020 20:12:10 +0000 (20:12 +0000)
committer drh <drh@noemail.net>
Wed, 22 Jul 2020 20:12:10 +0000 (20:12 +0000)
diff --git a/manifest b/manifest

index a677fefb1e3d79e413af815d594ba089640dc11e..f6a100715d75416c96a2a0e744ccb086836ae617 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,16 +1,16 @@
  B d2aac001204621062e6cb3230ce2ac1b4545cb83b3ebb6bfebccee4d51162e97
-C When\sparsing\sthe\sschema,\sdetect\sout-of-bounds\srootpage\svalues\sand\sthrow\san\nerror.
-D 2020-07-22T18:03:56.431
+C Improvements\sto\srootpage\sbounds\schecking\sduring\sschema\sparse.
+D 2020-07-22T20:12:10.870
  F src/analyze.c 5cffff3d355858cd22bfc6e20ac7203510d2e1cc935086eb06f4abb2f579f628
  F src/btree.c a4720f51945a86379ecd962a715d6fe9de08651a67d1e6f7b4884612da83ceb5
  F src/btree.h 7af72bbb4863c331c8f6753277ab40ee67d2a2125a63256d5c25489722ec162b
  F src/btreeInt.h 83166f6daeb91062b6ae9ee6247b3ad07e40eba58f3c05ba9e8dedad4ab1ea38
  F src/build.c f2b73fbb2197fb6e6a35ff2e1750085f023dc50542185f1a2dfccd632223eb14
  F src/pager.c a5f65ff2cd73b8d381cc7b338cac382ca6978d578fa0b84fdaa11d3cdc3c3e18
-F src/prepare.c 752643468bab27081bee439a7a727b616db2997e2ecdae132e8c786f8e44bcec
+F src/prepare.c 8e7300f91270fd2dca9852419eb0a0d282220b0faddb04890131738f7fcd5c56
  F src/select.c 0e75d64091200a2a8fdc02abafe176a0c2e9b2654c4cc34564f25f0b408e91de
  F src/sqliteInt.h ec260b2441d94ef0b5be424c323cf255ae30d23e2fb2bd1c42a3a59c2fbafedb
-F src/util.c 58bf59fb0923017619c9c53957a676ff2322314b2547f6a223e0707e7ba505de
+F src/util.c 9ae0b629657ca10abde2f27f5dc3e545cb66d298d111bac062b236a099f8df2d
  F src/vdbe.c 120fdb1add80309cf1b4d6cc88b7f4e0580e816ded743a8f495fff9ef35a4e0a
  F src/vdbe.h 83603854bfa5851af601fc0947671eb260f4363e62e960e8a994fb9bbcd2aaa1
  F src/vdbeInt.h 762abffb7709f19c2cb74af1bba73a900f762e64f80d69c31c9ae89ed1066b60
@@ -18,10 +18,7 @@ F src/vdbeaux.c 1cbbbffdb874c6f3e7aab40f3deb48abac4a71df1043cd95bb0d652d4e053871
  F src/wherecode.c 8064fe5c042824853a9b1fda670054a51a49033a6c79059988c97751ccf8088e
  F test/corrupt3.test 2520432b1fbf99994841e69804a3c59fb828183f4d09b85a1631bc7adca17e31
  F tool/showdb.c 49e810f5c414c792b5bf38cd5557ca9639713ebfef32aaff32faf7cb7ccce513
-P 4c5f3c6cacf84a36d0347790d98d82d1f584cd1537a13a2736348405c4d20367
-R ccc7b0ae4ada19d710420f989f7c9313
-T *branch * rootpage-bounds-check
-T *sym-rootpage-bounds-check *
-T -sym-larger-databases *
+P 6c3a2727dc912ed800146e07db5d15d0f3468d13701165ba763c4b114c3e18e8
+R 8ead1dc407d0990e3de43a2746002935
  U drh
-Z c08f65e2e744a2c088ae7728fbcd5c94
+Z 6533392daf1a1cab3900f2468d6a420b
diff --git a/manifest.uuid b/manifest.uuid

index b93907488d35286d287b71719a0d85bd6eaff1cd..de3900513bcc700f68f07eabd13315b03e3a59f1 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-6c3a2727dc912ed800146e07db5d15d0f3468d13701165ba763c4b114c3e18e8
-\ No newline at end of file
+75599a9731be19e213a8ae174b038a43381bc6883a6b7f4058c2c1625fdea432
+\ No newline at end of file
diff --git a/src/prepare.c b/src/prepare.c

index 84f2ee8a231ad989ed113a2a6aafd162e3725964..0be11a226bf98d2dcab30d2323113c45f95b22e3 100644 (file)
--- a/src/prepare.c
+++ b/src/prepare.c
@@ -115,10 +115,10 @@ int sqlite3InitCallback(void *pInit, int argc, char **argv, char **NotUsed){
  
      assert( db->init.busy );
      db->init.iDb = iDb;
-    sqlite3GetUInt32(argv[3], &db->init.newTnum);
-    if( db->init.newTnum>pData->mxPage && pData->mxPage!=0 ){
+    if( sqlite3GetUInt32(argv[3], &db->init.newTnum)==0
+     || (db->init.newTnum>pData->mxPage && pData->mxPage>0)
+    ){
        corruptSchema(pData, argv[1], "invalid rootpage");
-      return 0;
      }
      db->init.orphanTrigger = 0;
      db->init.azInit = argv;
@@ -152,13 +152,15 @@ int sqlite3InitCallback(void *pInit, int argc, char **argv, char **NotUsed){
      */
      Index *pIndex;
      pIndex = sqlite3FindIndex(db, argv[1], db->aDb[iDb].zDbSName);
-    if( pIndex==0
-     || sqlite3GetUInt32(argv[3],&pIndex->tnum)==0
+    if( pIndex==0 ){
+      corruptSchema(pData, argv[1], "orphan index");
+    }else
+    if( sqlite3GetUInt32(argv[3],&pIndex->tnum)==0
       || pIndex->tnum<2
       || (pIndex->tnum>pData->mxPage && pData->mxPage!=0)
       || sqlite3IndexHasDuplicateRootPage(pIndex)
      ){
-      corruptSchema(pData, argv[1], pIndex?"invalid rootpage":"orphan index");
+      corruptSchema(pData, argv[1], "invalid roopage");
      }
    }
    return 0;
diff --git a/src/util.c b/src/util.c

index 58d1cdd5c3203c16e19a26081580449130edac2b..64ab4e95dca3524d90e069373b517362bc38413e 100644 (file)
--- a/src/util.c
+++ b/src/util.c
@@ -874,9 +874,9 @@ int sqlite3GetUInt32(const char *z, u32 *pI){
    int i;
    for(i=0; sqlite3Isdigit(z[i]); i++){
      v = v*10 + z[i] - '0';
-    if( v>4294967296LL ) return 0;
+    if( v>4294967296LL ){ *pI = 0; return 0; }
    }
-  if( i==0 || z[i]!=0 ) return 0;
+  if( i==0 || z[i]!=0 ){ *pI = 0; return 0; }
    *pI = (u32)v;
    return 1;
  }
author	drh <drh@noemail.net>
	Wed, 22 Jul 2020 20:12:10 +0000 (20:12 +0000)
committer	drh <drh@noemail.net>
	Wed, 22 Jul 2020 20:12:10 +0000 (20:12 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/prepare.c		patch \| blob \| blame \| history
src/util.c		patch \| blob \| blame \| history