-C Make\ssure\ssigned\sinteger\soverflow\sdoes\snot\scause\sa\ssegfault\swhile\sattempting\nto\sread\sa\scorrupt\sdatabase\swhere\sthe\sheader\ssize\svarint\son\sa\srecord\sis\slarger\nthan\sthe\smaximum\s32-bit\ssigned\sinteger.
-D 2013-08-01T19:17:39.891
+C Fix\sa\spotential\sbuffer\soverread\sin\ssqlite3VdbeRecordCompare()\swhen\sa\nserial_type\sspecifies\sa\sfield\sthat\sstarts\sin\sbounds\sbut\sis\smuch\stoo\slarge\nfor\sthe\sallocated\sbuffer.\s\sMostly\sharmless.\s\sThe\soverread\sis\sunlikely\sto\ngo\smore\sthan\sone\sor\stwo\sbytes\spast\sthe\send\sof\sthe\sbuffer.
+D 2013-08-01T20:26:04.768
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
F Makefile.in 5e41da95d92656a5004b03d3576e8b226858a28e
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
F src/vdbe.h f380af2a7fab32ba8a8b05bf042497636afec66d
F src/vdbeInt.h e9b7c6b165a31a4715c5aa97223d20d265515231
F src/vdbeapi.c 4d13580bd058b39623e8fcfc233b7df4b8191e8b
-F src/vdbeaux.c ca0c9d4b5104a3b4e4cf3c557d661938f15e68ac
+F src/vdbeaux.c 902bc99e72ab3cc5ad38cd344fb0757249839c36
F src/vdbeblob.c 5dc79627775bd9a9b494dd956e26297946417d69
F src/vdbemem.c 833005f1cbbf447289f1973dba2a0c2228c7b8ab
F src/vdbesort.c 3937e06b2a0e354500e17dc206ef4c35770a5017
F test/corruptD.test 3b09903a2e2fe07ecafe775fea94177f8a4bb34f
F test/corruptE.test d3a3d7e864a95978195741744dda4abfd8286018
F test/corruptF.test 1c7b6f77cf3f237fb7fbb5b61d6c921fd4c7b993
-F test/corruptG.test 01d94538a0666808dae1b4010f24c25becee13af
+F test/corruptG.test 3804cb1b1b66ca82dc809dc80e3957dc7e0111e8
F test/count.test 454e1ce985c94d13efeac405ce54439f49336163
F test/coveridxscan.test cdb47d01acc4a634a34fd25abe85189e0d0f1e62
F test/crash.test fb9dc4a02dcba30d4aa5c2c226f98b220b2b959f
F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
F tool/wherecosttest.c f407dc4c79786982a475261866a161cd007947ae
F tool/win/sqlite.vsix 97894c2790eda7b5bce3cc79cb2a8ec2fde9b3ac
-P 65816718b59b286c11d939235a23c7325f25594b
-R 40beea5b8511a37f010f0f7e67aa8773
+P c3baca99f4580652afb2c3f73036ab83796a1557
+R fcb797895b127e11a00659cd0bcac3ee
U drh
-Z a89405d573d1d6b7d75b24ed5c21bc2d
+Z f701ece092c0412f4414d12aeebc6620
do_execsql_test 1.1 {
PRAGMA page_size=512;
CREATE TABLE t1(a,b,c);
- INSERT INTO t1(rowid,a,b,c) VALUES(2,'abc','xyz','123');
+ INSERT INTO t1(rowid,a,b,c) VALUES(52,'abc','xyz','123');
CREATE INDEX t1abc ON t1(a,b,c);
}
}
} {1 {database disk image is malformed}}
+# Corrupt the same file in a slightly different way. Make the record header
+# sane, but corrupt one of the serial_type value to indicate a huge payload
+# such that the payload begins in allocated space but overflows the buffer.
+#
+db close
+hexio_write test.db [expr {3*512-15}] 0611ffff7f01
+sqlite3 db test.db
+
+do_test 2.1 {
+ catchsql {
+ SELECT rowid FROM t1 WHERE a='bc' and b='xyz123456789';
+ }
+} {0 {}}
+
finish_test
projects / thirdparty / sqlite.git / commitdiff
