From: dan Date: Fri, 17 Mar 2023 14:18:39 +0000 (+0000) Subject: Fix a potential buffer overread in the recovery extension. X-Git-Tag: version-3.42.0~248 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=66086eb6a6c55a59d0529074bbf9564b64014370;p=thirdparty%2Fsqlite.git Fix a potential buffer overread in the recovery extension. FossilOrigin-Name: 0b3b5bf9597615589a1d045aaa697c13550553ee4fe4b9008a8e51415b6fe96a --- diff --git a/ext/recover/dbdata.c b/ext/recover/dbdata.c index 15b73cad95..4100202354 100644 --- a/ext/recover/dbdata.c +++ b/ext/recover/dbdata.c @@ -512,10 +512,14 @@ static int dbdataNext(sqlite3_vtab_cursor *pCursor){ if( pCsr->bOnePage==0 && pCsr->iPgno>pCsr->szDb ) return SQLITE_OK; rc = dbdataLoadPage(pCsr, pCsr->iPgno, &pCsr->aPage, &pCsr->nPage); if( rc!=SQLITE_OK ) return rc; - if( pCsr->aPage ) break; + if( pCsr->aPage && pCsr->nPage>=256 ) break; + sqlite3_free(pCsr->aPage); + pCsr->aPage = 0; if( pCsr->bOnePage ) return SQLITE_OK; pCsr->iPgno++; } + + assert( iOff+3+2<=pCsr->nPage ); pCsr->iCell = pTab->bPtr ? -2 : 0; pCsr->nCell = get_uint16(&pCsr->aPage[iOff+3]); } diff --git a/manifest b/manifest index 0c12280f4a..21149d9fac 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Ensure\sthat\san\serror\sdoes\snot\sdelete\sthe\sTable\sobject\sout\sfrom\sunder\nthe\sxConstruct\smethod\sof\sa\svirtual\stable.\ndbsqlfuzz\s7cc8804a1c6d4e3d554d79096e6ea75a7c1c7d2d -D 2023-03-17T10:43:05.828 +C Fix\sa\spotential\sbuffer\soverread\sin\sthe\srecovery\sextension. +D 2023-03-17T14:18:39.265 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -365,7 +365,7 @@ F ext/rbu/rbuvacuum4.test ffccd22f67e2d0b380d2889685742159dfe0d19a3880ca3d2d1d69 F ext/rbu/sqlite3rbu.c 348bb6251e6ec459de102f8b2dd50789a98643ef7a28e56e4c787ac9659c15ea F ext/rbu/sqlite3rbu.h 9d923eb135c5d04aa6afd7c39ca47b0d1d0707c100e02f19fdde6a494e414304 F ext/rbu/test_rbu.c ee6ede75147bc081fe9bc3931e6b206277418d14d3fbceea6fdc6216d9b47055 -F ext/recover/dbdata.c ab5e6ee837717c5cec505c34bba9fb188cc405f95157d681f8df8fe927c82324 +F ext/recover/dbdata.c 501227169803bfafb34cd8ec7fffda6e64c1a282ac33315d3a096076c5928feb F ext/recover/recover1.test 2072993624d5e32fef20ae03b17fc06c02bcb344421fe17bb329b24d2a51e647 F ext/recover/recover_common.tcl a61306c1eb45c0c3fc45652c35b2d4ec19729e340bdf65a272ce4c229cefd85a F ext/recover/recoverbuild.test a6f05273ff5fe517afd166444597c70cb97033e7f58496433a4428a1ecb5d79f @@ -2050,8 +2050,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 741af08af1b93406a120580379d13e514524af627da5387ecfa6e442d004bfdd -R c2d5a5d6b87ec41a79e446c5372dacc4 -U drh -Z 5cbbee7a44b99c1cb81f73e037d66431 +P df4928c92b0db77d0a40d7b492b609db191252e2f87bca63d000e4fe2e206293 +R 70e8a82bdecc07447025e06299f230f8 +U dan +Z e6d83c6fc661a51988a2c81a05d958c9 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index c828c35aae..db9230734c 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -df4928c92b0db77d0a40d7b492b609db191252e2f87bca63d000e4fe2e206293 \ No newline at end of file +0b3b5bf9597615589a1d045aaa697c13550553ee4fe4b9008a8e51415b6fe96a \ No newline at end of file