From: mistachkin <mistachkin@noemail.net>
Date: Mon, 20 Feb 2017 19:13:37 +0000 (+0000)
Subject: Avoid unsigned integer overflows for SQLITE_WIN32_HEAP_INIT_SIZE when the Win32 heap... 
X-Git-Tag: version-3.18.0~106
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5e6710ab6540e45cfb79d85609f28c496d5b6f25;p=thirdparty%2Fsqlite.git

Avoid unsigned integer overflows for SQLITE_WIN32_HEAP_INIT_SIZE when the Win32 heap subsystem is used with very large values of SQLITE_DEFAULT_CACHE_SIZE and/or SQLITE_DEFAULT_PAGE_SIZE.

FossilOrigin-Name: 96b6a98e5e4cb0ddbfcd78b05bfbfcd8976e9f32
---

diff --git a/manifest b/manifest
index ab58b869fe..34aa979a22 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Small\sgrammar\ssimplification.
-D 2017-02-20T14:30:17.816
+C Avoid\sunsigned\sinteger\soverflows\sfor\sSQLITE_WIN32_HEAP_INIT_SIZE\swhen\sthe\sWin32\sheap\ssubsystem\sis\sused\swith\svery\slarge\svalues\sof\sSQLITE_DEFAULT_CACHE_SIZE\sand/or\sSQLITE_DEFAULT_PAGE_SIZE.
+D 2017-02-20T19:13:37.359
 F Makefile.in edb6bcdd37748d2b1c3422ff727c748df7ffe918
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc a89ea37ab5928026001569f056973b9059492fe2
@@ -379,7 +379,7 @@ F src/os.h 8e976e59eb4ca1c0fca6d35ee803e38951cb0343
 F src/os_common.h b2f4707a603e36811d9b1a13278bffd757857b85
 F src/os_setup.h 0dbaea40a7d36bf311613d31342e0b99e2536586
 F src/os_unix.c 30e2c43e4955db990e5b5a81e901f8aa74cc8820
-F src/os_win.c cf90abd4e50d9f56d2c20ce8e005aff55d7bd8e9
+F src/os_win.c c97c79fe19dfb0a14c89b78280beabd9ac28acb1
 F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a
 F src/pager.c ff1232b3088a39806035ecfac4fffeb22717d80b
 F src/pager.h f2a99646c5533ffe11afa43e9e0bea74054e4efa
@@ -1556,7 +1556,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 491814272dce7e937b4734fcbc2ad69e12377b56
-R b4cf79fa4c0fd30460236bc8c090e993
-U drh
-Z 32b02aa6638f1e40c7df4614e1f90d4a
+P 0d8a868acd74fb1d076f23fda58b841bb7e6900b
+R 42e490f947871a7f92e95baf4bc40d36
+U mistachkin
+Z 144582bee7eff0d5ee39c945bf2670f2
diff --git a/manifest.uuid b/manifest.uuid
index c411ab59d6..60aeb2563f 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-0d8a868acd74fb1d076f23fda58b841bb7e6900b
\ No newline at end of file
+96b6a98e5e4cb0ddbfcd78b05bfbfcd8976e9f32
\ No newline at end of file
diff --git a/src/os_win.c b/src/os_win.c
index 2cb5f7b0c8..8d75d8bec5 100644
--- a/src/os_win.c
+++ b/src/os_win.c
@@ -352,7 +352,34 @@ struct winVfsAppData {
  ******************************************************************************
  */
 #ifndef SQLITE_WIN32_HEAP_CREATE
-#  define SQLITE_WIN32_HEAP_CREATE    (TRUE)
+#  define SQLITE_WIN32_HEAP_CREATE        (TRUE)
+#endif
+
+/*
+ * This is the maximum possible initial size of the Win32-specific heap, in
+ * bytes.
+ */
+#ifndef SQLITE_WIN32_HEAP_MAX_INIT_SIZE
+#  define SQLITE_WIN32_HEAP_MAX_INIT_SIZE (4294967295U)
+#endif
+
+/*
+ * This is the extra space for the initial size of the Win32-specific heap,
+ * in bytes.  This value may be zero.
+ */
+#ifndef SQLITE_WIN32_HEAP_INIT_EXTRA
+#  define SQLITE_WIN32_HEAP_INIT_EXTRA  (4194304)
+#endif
+
+/*
+ * Calculate the maximum legal cache size, in pages, based on the maximum
+ * possible initial heap size and the default page size, setting aside the
+ * needed extra space.
+ */
+#ifndef SQLITE_WIN32_MAX_CACHE_SIZE
+#  define SQLITE_WIN32_MAX_CACHE_SIZE   (((SQLITE_WIN32_HEAP_MAX_INIT_SIZE) - \
+                                          (SQLITE_WIN32_HEAP_INIT_EXTRA)) / \
+                                         (SQLITE_DEFAULT_PAGE_SIZE))
 #endif
 
 /*
@@ -361,25 +388,36 @@ struct winVfsAppData {
  */
 #ifndef SQLITE_WIN32_CACHE_SIZE
 #  if SQLITE_DEFAULT_CACHE_SIZE>=0
-#    define SQLITE_WIN32_CACHE_SIZE (SQLITE_DEFAULT_CACHE_SIZE)
+#    define SQLITE_WIN32_CACHE_SIZE     (SQLITE_DEFAULT_CACHE_SIZE)
 #  else
-#    define SQLITE_WIN32_CACHE_SIZE (-(SQLITE_DEFAULT_CACHE_SIZE))
+#    define SQLITE_WIN32_CACHE_SIZE     (-(SQLITE_DEFAULT_CACHE_SIZE))
 #  endif
 #endif
 
+/*
+ * Make sure that the calculated cache size, in pages, cannot cause the
+ * initial size of the Win32-specific heap to exceed the maximum amount
+ * of memory that can be specified in the call to HeapCreate.
+ */
+#if SQLITE_WIN32_CACHE_SIZE>=SQLITE_WIN32_MAX_CACHE_SIZE
+#  undef SQLITE_WIN32_CACHE_SIZE
+#  define SQLITE_WIN32_CACHE_SIZE       (2000)
+#endif
+
 /*
  * The initial size of the Win32-specific heap.  This value may be zero.
  */
 #ifndef SQLITE_WIN32_HEAP_INIT_SIZE
-#  define SQLITE_WIN32_HEAP_INIT_SIZE ((SQLITE_WIN32_CACHE_SIZE) * \
-                                       (SQLITE_DEFAULT_PAGE_SIZE) + 4194304)
+#  define SQLITE_WIN32_HEAP_INIT_SIZE   ((SQLITE_WIN32_CACHE_SIZE) * \
+                                         (SQLITE_DEFAULT_PAGE_SIZE) + \
+                                         (SQLITE_WIN32_HEAP_INIT_EXTRA))
 #endif
 
 /*
  * The maximum size of the Win32-specific heap.  This value may be zero.
  */
 #ifndef SQLITE_WIN32_HEAP_MAX_SIZE
-#  define SQLITE_WIN32_HEAP_MAX_SIZE  (0)
+#  define SQLITE_WIN32_HEAP_MAX_SIZE    (0)
 #endif
 
 /*
@@ -387,7 +425,7 @@ struct winVfsAppData {
  * zero for the default behavior.
  */
 #ifndef SQLITE_WIN32_HEAP_FLAGS
-#  define SQLITE_WIN32_HEAP_FLAGS     (0)
+#  define SQLITE_WIN32_HEAP_FLAGS       (0)
 #endif