Back out changes [00286ca5d998d802] and [6844ede29e1dac93] (replacing the

associated branches with NEVER()) and add a single new test to
btreeOverwriteCell() that detects when an overflow pages is also mapped
into a b-tree page and raises and immediate SQLITE_CORRUPT error before
making any changes.
dbsqlfuzz 81791bd980fe6935ff2c7334ec8bef11c1c12b82 and others.

FossilOrigin-Name: 32210fa4ac4f06e1705ef808731c7be040a23f9a8630986440100c5d4e76dc07

diff --git a/manifest b/manifest
index 34f8d5390691b66ac12b134e38913f302a1aa6ba..0623eca37bd8e50f5f4dc27ea10abc1019f15828 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Remove\sa\sNEVER()\sin\sbtree\sthat\sis\ssometimes\sreachable.\ndbsqlfuzz\sb9140023005430654c8fe544cf0a082ef8d561c1.
-D 2021-09-09T19:19:02.452
+C Back\sout\schanges\s[00286ca5d998d802]\sand\s[6844ede29e1dac93]\s(replacing\sthe\nassociated\sbranches\swith\sNEVER())\sand\sadd\sa\ssingle\snew\stest\sto\nbtreeOverwriteCell()\sthat\sdetects\swhen\san\soverflow\spages\sis\salso\smapped\ninto\sa\sb-tree\spage\sand\sraises\sand\simmediate\sSQLITE_CORRUPT\serror\sbefore\nmaking\sany\schanges.\ndbsqlfuzz\s81791bd980fe6935ff2c7334ec8bef11c1c12b82\sand\sothers.
+D 2021-09-10T01:02:42.266
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -485,7 +485,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf
 F src/backup.c 3014889fa06e20e6adfa0d07b60097eec1f6e5b06671625f476a714d2356513d
 F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
-F src/btree.c 742425ddcc06b2fef621b26edded28f77c7f9a9e96bdb3cb5217eb91444d99cf
+F src/btree.c bed4239e31772ed5486e947d8eaf3d38fcc76136e19d0383bad15609198419c2
 F src/btree.h 74d64b8f28cfa4a894d14d4ed64fa432cd697b98b61708d4351482ae15913e22
 F src/btreeInt.h 7bc15a24a02662409ebcd6aeaa1065522d14b7fda71573a2b0568b458f514ae0
 F src/build.c 8fa6deebf8726339a5aafb322e9d79c48950b994f33f17460c5393ef593d202e
@@ -1057,7 +1057,7 @@ F test/fuzzdata4.db b502c7d5498261715812dd8b3c2005bad08b3a26e6489414bd13926cd3e4
 F test/fuzzdata5.db e35f64af17ec48926481cfaf3b3855e436bd40d1cfe2d59a9474cb4b748a52a5
 F test/fuzzdata6.db 92a80e4afc172c24f662a10a612d188fb272de4a9bd19e017927c95f737de6d7
 F test/fuzzdata7.db 0166b56fd7a6b9636a1d60ef0a060f86ddaecf99400a666bb6e5bbd7199ad1f2
-F test/fuzzdata8.db 270cbd5fc46e1bf05e1d8a9ca8a6283df2b9a6d204c6135b51a11f39db21e0da
+F test/fuzzdata8.db 81c9cfdd1c9dad84c1dbefb0a22cf31b685b8255031bc3827a6926412b0dc6f1
 F test/fuzzer1.test 3d4c4b7e547aba5e5511a2991e3e3d07166cfbb8
 F test/fuzzer2.test a85ef814ce071293bce1ad8dffa217cbbaad4c14
 F test/fuzzerfault.test f64c4aef4c9e9edf1d6dc0d3f1e65dcc81e67c996403c88d14f09b74807a42bc
@@ -1922,7 +1922,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 3ebfe7128a20b270de65ebf4620f62e34ea6cc46b472cc52aed96af504eb9637
-R 18891cf2bf7f46de337f5e14da9a6bc6
+P 6844ede29e1dac93a392dfb1e7e676bb9d0a2e7bbec0a4a5804ffc2025a99b66
+R c7edda4bf8c5cd37a2071fe54c9ca0b9
 U drh
-Z 418794be93dd5023a367639347086d0f
+Z 09e56d520fbccbfbbf9b532c35be723e

diff --git a/manifest.uuid b/manifest.uuid
index 377fbd2779d0ec3e4e515df9821b10167b8b21a6..c3b2d962a4a073f7515f22daf9eabf9d1f74c039 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-6844ede29e1dac93a392dfb1e7e676bb9d0a2e7bbec0a4a5804ffc2025a99b66
\ No newline at end of file
+32210fa4ac4f06e1705ef808731c7be040a23f9a8630986440100c5d4e76dc07
\ No newline at end of file

diff --git a/src/btree.c b/src/btree.c
index 727727a2ab798ce3726b8a99ca907bea6326ceeb..74e60d98de64612d1dfb6d8933f7b9e741b9cf8e 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -7096,7 +7096,7 @@ static int rebuildPage(
 
   assert( i<iEnd );
   j = get2byte(&aData[hdr+5]);
-  if( j>(u32)usableSize ){ j = 0; }
+  if( NEVER(j>(u32)usableSize) ){ j = 0; }
   memcpy(&pTmp[j], &aData[j], usableSize - j);
 
   for(k=0; pCArray->ixNx[k]<=i && ALWAYS(k<NB*2); k++){}
@@ -7327,7 +7327,7 @@ static int editPage(
 
   pData = &aData[get2byteNotZero(&aData[hdr+5])];
   if( pData<pBegin ) goto editpage_fail;
-  if( pData>pPg->aDataEnd ) goto editpage_fail;
+  if( NEVER(pData>pPg->aDataEnd) ) goto editpage_fail;
 
   /* Add cells to the start of the page */
   if( iNew<iOld ){
@@ -8733,7 +8733,7 @@ static int btreeOverwriteCell(BtCursor *pCur, const BtreePayload *pX){
   do{
     rc = btreeGetPage(pBt, ovflPgno, &pPage, 0);
     if( rc ) return rc;
-    if( sqlite3PagerPageRefcount(pPage->pDbPage)!=1 ){
+    if( sqlite3PagerPageRefcount(pPage->pDbPage)!=1 || pPage->isInit ){
       rc = SQLITE_CORRUPT_BKPT;
     }else{
       if( iOffset+ovflPageSize<(u32)nTotal ){

diff --git a/test/fuzzdata8.db b/test/fuzzdata8.db
index 6a37fc490a976dbbb6609e2c16600cce8c7023eb..311aae543ca0be9146e125bfd9b66fabfafc5364 100644 (file)
Binary files a/test/fuzzdata8.db and b/test/fuzzdata8.db differ