Require that the appendvfs suffix mark indicate that the appended database

begins at an offset that is a muliple of 512 and that the appended database
contains at least 512 bytes.

FossilOrigin-Name: aeb87cc70495dd172e170eff31fd754331d4b979c0b649ab239f8c5c0c76e695

diff --git a/ext/misc/appendvfs.c b/ext/misc/appendvfs.c
index 245c551face54d3c0accfc7ba82558e602ba8c69..3834da54cbd71131208367e6b17e9c14d52d2e79 100644 (file)
--- a/ext/misc/appendvfs.c
+++ b/ext/misc/appendvfs.c
@@ -425,6 +425,10 @@ static int apndUnfetch(sqlite3_file *pFile, sqlite3_int64 iOfst, void *pPage){
 ** Try to read the append-mark off the end of a file.  Return the
 ** start of the appended database if the append-mark is present.
 ** If there is no valid append-mark, return -1;
+**
+** An append-mark is only valid if the NNNNNNNN start-of-database offset
+** indicates that the appended database contains at least one page.  The
+** start-of-database value must be a multiple of 512.
 */
 static sqlite3_int64 apndReadMark(sqlite3_int64 sz, sqlite3_file *pFile){
   int rc, i;
@@ -441,6 +445,8 @@ static sqlite3_int64 apndReadMark(sqlite3_int64 sz, sqlite3_file *pFile){
     msbs -= 8;
     iMark |= (sqlite3_int64)a[APND_MARK_PREFIX_SZ+i]<<msbs;
   }
+  if( iMark > (sz - APND_MARK_SIZE - 512) ) return -1;
+  if( iMark & 0x1ff ) return -1;
   return iMark;
 }
 

diff --git a/manifest b/manifest
index 39211e9b1e47f0554a508877ebad713395b4299f..3df837eca00b9962434e38d21846150fbe5a6485 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Correct\sthe\sprecendence\sorder\sfor\srules\sthat\sdetermine\show\sa\sdatabase\sis\nopened\sby\sappendvfs\swhen\sa\sdatabase\sis\sappended\sto\sanother\sdatabase.
-D 2021-03-08T13:30:29.886
+C Require\sthat\sthe\sappendvfs\ssuffix\smark\sindicate\sthat\sthe\sappended\sdatabase\nbegins\sat\san\soffset\sthat\sis\sa\smuliple\sof\s512\sand\sthat\sthe\sappended\sdatabase\ncontains\sat\sleast\s512\sbytes.
+D 2021-03-08T13:45:08.970
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -286,7 +286,7 @@ F ext/lsm1/tool/mklsm1c.tcl f31561bbee5349f0a554d1ad7236ac1991fc09176626f529f607
 F ext/misc/README.md d6dd0fe1d8af77040216798a6a2b0c46c73054d2f0ea544fbbcdccf6f238c240
 F ext/misc/amatch.c e3ad5532799cee9a97647f483f67f43b38796b84b5a8c60594fe782a4338f358
 F ext/misc/anycollseq.c 5ffdfde9829eeac52219136ad6aa7cd9a4edb3b15f4f2532de52f4a22525eddb
-F ext/misc/appendvfs.c abbfc1a10f283fb5f282523e52e48fa52a0aa5112894ed692aa468b8018c55fe
+F ext/misc/appendvfs.c 12744a3cedbe1987ad7bab252f9392e1f265cc34ad266dd7f8f6bbba61c778e5
 F ext/misc/blobio.c a867c4c4617f6ec223a307ebfe0eabb45e0992f74dd47722b96f3e631c0edb2a
 F ext/misc/btreeinfo.c d28ce349b40054eaa9473e835837bad7a71deec33ba13e39f963d50933bfa0f9
 F ext/misc/carray.c b75a0f207391038bf1540d3372f482a95c3613511c7c474db51ede1196321c7c
@@ -1910,7 +1910,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P cf2add064f70c477fee1473c3196b72deb41222eb0cdbbdbdcf4a79995184e2b
-R c65cd003e96185a8d777feb682b63283
+P 92989fc56f2e81ac13f8106ec83c930f43d10715269b988ee47c9bfa53621995
+R 95e6ca76a30ea77bdd3f5fbf1f80121b
 U drh
-Z 77d29435258e5f198f92fac302448d30
+Z b77a3ba4a0e4bc82984a421652c390d8

diff --git a/manifest.uuid b/manifest.uuid
index e168b8fc126fd63470220ff9c1cecb62ea2520bf..83924179eebf3e17b54d8649a1e8fea45e83210f 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-92989fc56f2e81ac13f8106ec83c930f43d10715269b988ee47c9bfa53621995
\ No newline at end of file
+aeb87cc70495dd172e170eff31fd754331d4b979c0b649ab239f8c5c0c76e695
\ No newline at end of file