From: drh Date: Tue, 28 Jul 2020 20:32:12 +0000 (+0000) Subject: Earlier detection of out-of-range page numbers in the btree layer. X-Git-Tag: version-3.33.0~36^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1024822ba8333faa32ffdfd7d395e49407a21332;p=thirdparty%2Fsqlite.git Earlier detection of out-of-range page numbers in the btree layer. FossilOrigin-Name: 805bb67a82be51dc6077480691ed815c63a37bd8fc00cf7e67e020349c6e322e --- diff --git a/manifest b/manifest index 9f6a2b2b1f..48601089f4 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Merge\senhancements\sfrom\strunk. -D 2020-07-28T17:51:48.981 +C Earlier\sdetection\sof\sout-of-range\spage\snumbers\sin\sthe\sbtree\slayer. +D 2020-07-28T20:32:12.478 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -476,7 +476,7 @@ F src/auth.c a3d5bfdba83d25abed1013a8c7a5f204e2e29b0c25242a56bc02bb0c07bf1e06 F src/backup.c b1c90cd4110248c8e1273ff4578d3a84c0c34725e1b96dacd4a6294a908702de F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 -F src/btree.c 312780d344ab1c205b6571ef38757c7d5ea1cec539802cdd5a508381dd71be88 +F src/btree.c 398b6a2ec3224533beab389b3db12da7bda726805ce362130fbe08c74ce0599c F src/btree.h 7af72bbb4863c331c8f6753277ab40ee67d2a2125a63256d5c25489722ec162b F src/btreeInt.h 83166f6daeb91062b6ae9ee6247b3ad07e40eba58f3c05ba9e8dedad4ab1ea38 F src/build.c 1b8436ed3ac339a0507e61b14e4bd823eb02b76a9499b2241fddc61a5ff38c1a @@ -1879,7 +1879,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 22e8e6901a119698de831ede6d8b03c4fd6576eaa8686a97a0b8aeea7593688a ee8a108058c304f9b6b02f84f1da01a0b7a3a21992627bcc1f97d42e8d23da69 -R eadae907213e64a4a20abad95f5fd65f +P 969c25bb14fbd99ca8523abf0ae78a75a3dde539e3323d105690aef4940041eb +R 5e98c4cb6c9b78a3e5d40725f8973216 U drh -Z c2595a223b4a7c3d570814053566ad4a +Z 4cd38b7003d2f733da13812745e0abc4 diff --git a/manifest.uuid b/manifest.uuid index 92cc10c689..fa506eb0dd 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -969c25bb14fbd99ca8523abf0ae78a75a3dde539e3323d105690aef4940041eb \ No newline at end of file +805bb67a82be51dc6077480691ed815c63a37bd8fc00cf7e67e020349c6e322e \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index 39bbf17a4d..af542f09e5 100644 --- a/src/btree.c +++ b/src/btree.c @@ -6290,6 +6290,10 @@ static int freePage2(BtShared *pBt, MemPage *pMemPage, Pgno iPage){ u32 nLeaf; /* Initial number of leaf cells on trunk page */ iTrunk = get4byte(&pPage1->aData[32]); + if( iTrunk>btreePagecount(pBt) ){ + rc = SQLITE_CORRUPT_BKPT; + goto freepage_out; + } rc = btreeGetPage(pBt, iTrunk, &pTrunk, 0); if( rc!=SQLITE_OK ){ goto freepage_out; @@ -9127,6 +9131,9 @@ static int btreeCreateTable(Btree *p, Pgno *piTable, int createTabFlags){ ** created so far, so the new root-page is (meta[3]+1). */ sqlite3BtreeGetMeta(p, BTREE_LARGEST_ROOT_PAGE, &pgnoRoot); + if( pgnoRoot>btreePagecount(pBt) ){ + return SQLITE_CORRUPT_BKPT; + } pgnoRoot++; /* The new root-page may not be allocated on a pointer-map page, or the