-C Add\stest\scase\sfor\sthe\sproblem\sfixed\sby\s[127a5b776d].
-D 2013-08-01T17:43:35.105
+C Make\ssure\ssigned\sinteger\soverflow\sdoes\snot\scause\sa\ssegfault\swhile\sattempting\nto\sread\sa\scorrupt\sdatabase\swhere\sthe\sheader\ssize\svarint\son\sa\srecord\sis\slarger\nthan\sthe\smaximum\s32-bit\ssigned\sinteger.
+D 2013-08-01T19:17:39.891
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
F Makefile.in 5e41da95d92656a5004b03d3576e8b226858a28e
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
F src/vdbe.h f380af2a7fab32ba8a8b05bf042497636afec66d
F src/vdbeInt.h e9b7c6b165a31a4715c5aa97223d20d265515231
F src/vdbeapi.c 4d13580bd058b39623e8fcfc233b7df4b8191e8b
-F src/vdbeaux.c c01594ecf5a78ef41a721f3465152bb91883a942
+F src/vdbeaux.c ca0c9d4b5104a3b4e4cf3c557d661938f15e68ac
F src/vdbeblob.c 5dc79627775bd9a9b494dd956e26297946417d69
F src/vdbemem.c 833005f1cbbf447289f1973dba2a0c2228c7b8ab
F src/vdbesort.c 3937e06b2a0e354500e17dc206ef4c35770a5017
F test/corruptD.test 3b09903a2e2fe07ecafe775fea94177f8a4bb34f
F test/corruptE.test d3a3d7e864a95978195741744dda4abfd8286018
F test/corruptF.test 1c7b6f77cf3f237fb7fbb5b61d6c921fd4c7b993
+F test/corruptG.test 01d94538a0666808dae1b4010f24c25becee13af
F test/count.test 454e1ce985c94d13efeac405ce54439f49336163
F test/coveridxscan.test cdb47d01acc4a634a34fd25abe85189e0d0f1e62
F test/crash.test fb9dc4a02dcba30d4aa5c2c226f98b220b2b959f
F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
F tool/wherecosttest.c f407dc4c79786982a475261866a161cd007947ae
F tool/win/sqlite.vsix 97894c2790eda7b5bce3cc79cb2a8ec2fde9b3ac
-P 127a5b776d16e1e23c5b3d454f6aaea67f1ded3a
-R 55095a68bf1e6bed6cc6b3606b16b8da
-U dan
-Z 4a8fdbd96b68de3d602c8482b890b1d9
+P 65816718b59b286c11d939235a23c7325f25594b
+R 40beea5b8511a37f010f0f7e67aa8773
+U drh
+Z a89405d573d1d6b7d75b24ed5c21bc2d
-65816718b59b286c11d939235a23c7325f25594b
\ No newline at end of file
+c3baca99f4580652afb2c3f73036ab83796a1557
\ No newline at end of file
int nKey1, const void *pKey1, /* Left key */
UnpackedRecord *pPKey2 /* Right key */
){
- int d1; /* Offset into aKey[] of next data element */
+ u32 d1; /* Offset into aKey[] of next data element */
u32 idx1; /* Offset into aKey[] of next header element */
u32 szHdr1; /* Number of bytes in header */
int i = 0;
/* Read the serial types for the next element in each key. */
idx1 += getVarint32( aKey1+idx1, serial_type1 );
- if( d1>=nKey1 && sqlite3VdbeSerialTypeLen(serial_type1)>0 ) break;
+ if( d1>=(u32)nKey1 && sqlite3VdbeSerialTypeLen(serial_type1)>0 ) break;
/* Extract the values to be compared.
*/
--- /dev/null
+# 2013-08-01
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#***********************************************************************
+#
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+set testprefix corruptG
+
+# Do not use a codec for tests in this file, as the database file is
+# manipulated directly using tcl scripts (using the [hexio_write] command).
+#
+do_not_use_codec
+
+# Create a simple database with a single entry. Then corrupt the
+# header-size varint on the index payload so that it maps into a
+# negative number. Try to use the database.
+#
+
+do_execsql_test 1.1 {
+ PRAGMA page_size=512;
+ CREATE TABLE t1(a,b,c);
+ INSERT INTO t1(rowid,a,b,c) VALUES(2,'abc','xyz','123');
+ CREATE INDEX t1abc ON t1(a,b,c);
+}
+
+# Corrupt the file
+db close
+hexio_write test.db [expr {3*512 - 15}] 888080807f
+sqlite3 db test.db
+
+# Try to use the file.
+do_test 1.2 {
+ catchsql {
+ SELECT c FROM t1 WHERE a>'abc';
+ }
+} {0 {}}
+do_test 1.3 {
+ catchsql {
+ PRAGMA integrity_check
+ }
+} {0 ok}
+do_test 1.4 {
+ catchsql {
+ SELECT c FROM t1 ORDER BY a;
+ }
+} {1 {database disk image is malformed}}
+
+finish_test
projects / thirdparty / sqlite.git / commitdiff
