From: drh <drh@noemail.net>
Date: Wed, 31 Mar 2010 20:29:06 +0000 (+0000)
Subject: Report corruption if a database contains a reference that is out of range
X-Git-Tag: version-3.7.2~504
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d8626fe2b7b261b8c6cec3d58dd428b4a82a69b;p=thirdparty%2Fsqlite.git

Report corruption if a database contains a reference that is out of range
according to the filesize-in-header database size.

FossilOrigin-Name: a91db0b1cd0b0fbadc5c8fe2eb8863629b411d87
---

diff --git a/manifest b/manifest
index d98b27f90c..20b74f372a 100644
--- a/manifest
+++ b/manifest
@@ -1,8 +1,8 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-C Clarification\sof\sthe\simplementation\sof\sSQLITE_STMTSTATUS_FULLSCAN_STEP.\nNo\slogical\scode\schanges\s-\sjust\scommenting\sand\slayout\schanges\sto\simprove\nreadability.
-D 2010-03-31T17:47:44
+C Report\scorruption\sif\sa\sdatabase\scontains\sa\sreference\sthat\sis\sout\sof\srange\naccording\sto\sthe\sfilesize-in-header\sdatabase\ssize.
+D 2010-03-31T20:29:07
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 4f2f967b7e58a35bb74fb7ec8ae90e0f4ca7868b
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -112,7 +112,7 @@ F src/auth.c 523da7fb4979469955d822ff9298352d6b31de34
 F src/backup.c e86634da8c48357a759694c9c7c471125cd8d5a8
 F src/bitvec.c 06ad2c36a9c3819c0b9cbffec7b15f58d5d834e0
 F src/btmutex.c 96a12f50f7a17475155971a241d85ec5171573ff
-F src/btree.c de086bad7eb739586bf453ec91db39e7a4c73dab
+F src/btree.c 02ad0060d00a05dd167a3b60e1c9abb8f4679cb3
 F src/btree.h ad6cff92286f9b02ec32f0b97136e9a544249f37
 F src/btreeInt.h 22447d259639271774a931cbf66aa55112846681
 F src/build.c 11100b66fb97638d2d874c1d34d8db90650bb1d7
@@ -305,7 +305,7 @@ F test/corrupt7.test 1eb2214f29474fa6b155aa3da8a7d46bf52089e1
 F test/corrupt8.test 9992ef7f67cefc576b92373f6bf5ab8775280f51
 F test/corrupt9.test 4aa1cb1ef091cb0e13e89a819c72911631b5176a
 F test/corruptA.test 99e95620b980161cb3e79f06a884a4bb8ae265ff
-F test/corruptB.test 66b4544104dd03d0f33ea69ddac3fa4a682cd3c2
+F test/corruptB.test d88b500f7994cb2eb9646410c263111e9831f889
 F test/corruptC.test 691ed070baef5e1345939caadf270a52837a5064
 F test/corruptD.test 3ae6e2dc6e2226c6935a8a40d4b5ee3eba75f8c0
 F test/corruptE.test dbf66cae4c0e977ca9625a9114cdd01df8967bef
@@ -797,14 +797,14 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
-P ffc23409c7fb45dc5a8722fad26e26d207bb3213
-R fb70f81c55ea2f57d23ae93c53ee104a
+P 06b9ca32255572a699dc51f46f848d0bf01255e1
+R 7d8684b73c602c2980a1877629272610
 U drh
-Z 2e6efba5751b6f848c3f2e5e8db9d371
+Z 019388e72c1d6fcd99563b309203809e
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.6 (GNU/Linux)
 
-iD8DBQFLs4rDoxKgR168RlERAiZYAJ0TZfEDkV0dVbYdvmxs5u4E7UpfBgCfXR5e
-/ISKZh0zZtpX5zEYwcAlUEA=
-=n9oV
+iD8DBQFLs7CWoxKgR168RlERAo7kAJ9xfXtlWiJg/NoBVHXelNJHhEKNoQCff5FN
+VAKy4m4ZJBO8z9GemyuG8jU=
+=aexS
 -----END PGP SIGNATURE-----
diff --git a/manifest.uuid b/manifest.uuid
index 7e6af2b664..2a374bda5c 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-06b9ca32255572a699dc51f46f848d0bf01255e1
\ No newline at end of file
+a91db0b1cd0b0fbadc5c8fe2eb8863629b411d87
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index 8349b13bad..0b60a78977 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -1583,9 +1583,11 @@ static int getAndInitPage(
   MemPage **ppPage     /* Write the page pointer here */
 ){
   int rc;
-  TESTONLY( Pgno iLastPg = btreePagecount(pBt); )
   assert( sqlite3_mutex_held(pBt->mutex) );
 
+  if( pgno<=0 || pgno>btreePagecount(pBt) ){
+    return SQLITE_CORRUPT_BKPT;
+  }
   rc = btreeGetPage(pBt, pgno, ppPage, 0);
   if( rc==SQLITE_OK ){
     rc = btreeInitPage(*ppPage);
@@ -1593,15 +1595,6 @@ static int getAndInitPage(
       releasePage(*ppPage);
     }
   }
-
-  /* If the requested page number was either 0 or greater than the page
-  ** number of the last page in the database, this function should return
-  ** SQLITE_CORRUPT or some other error (i.e. SQLITE_FULL). Check that this
-  ** is the case.  */
-  assert( (pgno>0 && pgno<=iLastPg) || rc!=SQLITE_OK );
-  testcase( pgno==0 );
-  testcase( pgno==iLastPg );
-
   return rc;
 }
 
diff --git a/test/corruptB.test b/test/corruptB.test
index 7d3740bc61..3ff545aa43 100644
--- a/test/corruptB.test
+++ b/test/corruptB.test
@@ -154,7 +154,7 @@ do_test corruptB-2.1.1 {
 do_test corruptB-2.1.2 {
   sqlite3 db test.db
   catchsql { SELECT * FROM t1 }
-} {1 {database or disk is full}}
+} {1 {database disk image is malformed}}
 
 #---------------------------------------------------------------------------