Convert an assert() into a corruption detection branch in

sqlite3BtreePayload().  dbsqlfuzz 848171b5d58f6e4a62257466e0e7de16696d4f02.

FossilOrigin-Name: f038d7f90e04838479e44ded00f627ec5ad8e1bd477edea8e87e66dd37485f30

diff --git a/manifest b/manifest
index 4f24fe338a30161a93bf9480db76bfd08a596fb8..303751989b87f5cf43971e1e3bfefdf99a051c85 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Attempt\sto\sclarify\sthe\ssqlite3_open_v2()\sdocumentation\sso\sthat\speople\sdo\snot\ncome\saway\swith\sthe\sidea\sthat\sSQLITE_OPEN_EXCLUSIVE\sis\san\sallowed\sbit\svalue\nfor\sthe\s3rd\sargument\sbitmask.
-D 2021-10-13T15:09:37.468
+C Convert\san\sassert()\sinto\sa\scorruption\sdetection\sbranch\sin\nsqlite3BtreePayload().\s\sdbsqlfuzz\s848171b5d58f6e4a62257466e0e7de16696d4f02.
+D 2021-10-13T20:11:30.248
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -490,7 +490,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf
 F src/backup.c 3014889fa06e20e6adfa0d07b60097eec1f6e5b06671625f476a714d2356513d
 F src/bitvec.c 7c849aac407230278445cb069bebc5f89bf2ddd87c5ed9459b070a9175707b3d
 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
-F src/btree.c 472cc43a2631d9bd917475e0a0ab43949ae27c8541473a90b55c51011f6121cc
+F src/btree.c 35782a608c940e219a01cf9d84de55e11668a42ede3b7b2d2fb4a6edb52e97e5
 F src/btree.h 74d64b8f28cfa4a894d14d4ed64fa432cd697b98b61708d4351482ae15913e22
 F src/btreeInt.h 7bc15a24a02662409ebcd6aeaa1065522d14b7fda71573a2b0568b458f514ae0
 F src/build.c f70d6375ea5b78daac5b1d24eab53ed7b81c3e68a17dff9581c50c0c06180e00
@@ -1929,7 +1929,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P d008ad793dfb11c287f366377cbc561acedef6c9d08b1557f463484eda41a84e
-R 644c30e18e947a05fafdb5df2b0f8d2d
+P 1310a126deae6974277d281ff78a7c34bd21829dd822a9fd8d6bda23cfba3f15
+R ddd28488cf1a451a13c0cb716c97747e
 U drh
-Z e7301d7f781cb8ce94d114b2a893f0d7
+Z 5667237680aeda2d46fd0828f30e8bb5

diff --git a/manifest.uuid b/manifest.uuid
index 7c225c6221c819174dd23860a96eb641e99b17ce..660c03c92ba40c02b84c43cf899fe497c2c15446 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-1310a126deae6974277d281ff78a7c34bd21829dd822a9fd8d6bda23cfba3f15
\ No newline at end of file
+f038d7f90e04838479e44ded00f627ec5ad8e1bd477edea8e87e66dd37485f30
\ No newline at end of file

diff --git a/src/btree.c b/src/btree.c
index 8b7f1137c86d04a039dd36908dd6e8adb2eb12ab..766fd0805b5f5fa65e8a3f2ade06675467af726e 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -4836,7 +4836,9 @@ static int accessPayload(
   assert( pPage );
   assert( eOp==0 || eOp==1 );
   assert( pCur->eState==CURSOR_VALID );
-  assert( pCur->ix<pPage->nCell );
+  if( pCur->ix>=pPage->nCell ){
+    return SQLITE_CORRUPT_PAGE(pPage);
+  }
   assert( cursorHoldsMutex(pCur) );
 
   getCellInfo(pCur);
@@ -5023,7 +5025,6 @@ int sqlite3BtreePayload(BtCursor *pCur, u32 offset, u32 amt, void *pBuf){
   assert( cursorHoldsMutex(pCur) );
   assert( pCur->eState==CURSOR_VALID );
   assert( pCur->iPage>=0 && pCur->pPage );
-  assert( pCur->ix<pCur->pPage->nCell );
   return accessPayload(pCur, offset, amt, (unsigned char*)pBuf, 0);
 }