Stronger constraint checking in allocateSpace().

FossilOrigin-Name: 0f9e65b6c1e7f2f7a0358163c0ec3ce5fe8ed8814202b03ec167cf2f617f82f3

diff --git a/manifest b/manifest
index 227174aa99a19d6860d2870282441ae963bef4ce..7acb30c007103cf8bd451cae33d5ea33511332e4 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Earlier\sdetection\sof\scorruption\sin\ssqlite3BtreeDelete().\ndbsqlfuzz\sa4c48c291d6e40157a1b749a05eaa7c7faf5a625.
-D 2023-04-02T18:49:45.072
+C Stronger\sconstraint\schecking\sin\sallocateSpace().
+D 2023-04-03T12:45:16.371
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -560,7 +560,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf
 F src/backup.c a2891172438e385fdbe97c11c9745676bec54f518d4447090af97189fd8e52d7
 F src/bitvec.c 7c849aac407230278445cb069bebc5f89bf2ddd87c5ed9459b070a9175707b3d
 F src/btmutex.c 6ffb0a22c19e2f9110be0964d0731d2ef1c67b5f7fabfbaeb7b9dabc4b7740ca
-F src/btree.c 946f6a8ae18d72647a150c5fc9fc7dc7d4f7e68864141cd0b6323a56cd91ad03
+F src/btree.c b56f7af31b11fa3f63099c388a45bd79e55e079df718a332a5fa716989ec8fd5
 F src/btree.h aa354b9bad4120af71e214666b35132712b8f2ec11869cb2315c52c81fad45cc
 F src/btreeInt.h 06bb2c1a07172d5a1cd27a2a5d617b93b1e976c5873709c31964786f86365a6e
 F src/build.c 8357d6ca9a8c9afc297c431df28bc2af407b47f3ef2311875276c944b30c4d54
@@ -2046,9 +2046,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P a8faea2842f412dfa2588b65868acb523c9eae1b5ad15c631a1ab193eaa615a7
-Q +978dc71c388b37740da38c310674315c7d7fe814d1daa16a146b4df71385d1e1
-R 1246ed5bff2b62d28852f0379cd6a67d
+P 728633c0bd665ed94e4969180a83ef102c54371e339bc06ea6cb006eaefdb267
+Q +9e968f4fbce061190f10f31ce9d3eb4fce6706ea6b7e5011bfa1e893d37ca68d
+R d2aeecbda2c6a9aac15b61ea9445e050
 U drh
-Z 0805557b24b03b082d8837880f959253
+Z c84ef3bee4ec9e9769a7432b9a66137d
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index 90fc78d223dca3108b5ad25e36976db6a2581911..f4b1024ac44804087a8550c65dc16cc01850464d 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-728633c0bd665ed94e4969180a83ef102c54371e339bc06ea6cb006eaefdb267
\ No newline at end of file
+0f9e65b6c1e7f2f7a0358163c0ec3ce5fe8ed8814202b03ec167cf2f617f82f3
\ No newline at end of file

diff --git a/src/btree.c b/src/btree.c
index 4e2bd780178e5a351f0c8de9fc85a708a26e5db3..c7ecc1bd00b2e2d3c326b145eeb4fba76a834c27 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -1724,13 +1724,14 @@ static int allocateSpace(MemPage *pPage, int nByte, int *pIdx){
   ** integer, so a value of 0 is used in its place. */
   pTmp = &data[hdr+5];
   top = get2byte(pTmp);
-  assert( top<=(int)pPage->pBt->usableSize ); /* by btreeComputeFreeSpace() */
   if( gap>top ){
     if( top==0 && pPage->pBt->usableSize==65536 ){
       top = 65536;
     }else{
       return SQLITE_CORRUPT_PAGE(pPage);
     }
+  }else if( top>(int)pPage->pBt->usableSize ){
+    return SQLITE_CORRUPT_PAGE(pPage);
   }
 
   /* If there is enough space between gap and top for one more cell pointer,
@@ -7536,7 +7537,7 @@ static int editPage(
 
   pData = &aData[get2byteNotZero(&aData[hdr+5])];
   if( pData<pBegin ) goto editpage_fail;
-  if( pData>pPg->aDataEnd ) goto editpage_fail;
+  if( NEVER(pData>pPg->aDataEnd) ) goto editpage_fail;
 
   /* Add cells to the start of the page */
   if( iNew<iOld ){