From: drh Date: Fri, 8 Mar 2019 01:52:30 +0000 (+0000) Subject: Detect an attempt to drop a btree that is not within the bounds of the X-Git-Tag: version-3.28.0~128 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9a518843f5945fb2e985ef568631694c743f0feb;p=thirdparty%2Fsqlite.git Detect an attempt to drop a btree that is not within the bounds of the database file and abort early with an SQLITE_CORRUPT error, to avoid problems later on in the process. FossilOrigin-Name: 235a9698f5e9b3c21dc51c9c5042becfb82fc1762a7519a46b9f9fdafe9b0f13 --- diff --git a/manifest b/manifest index cfd839cd02..a2bb8e839b 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\sthe\ssqlite3_stmt_isexplain()\sinterface. -D 2019-03-06T14:53:27.483 +C Detect\san\sattempt\sto\sdrop\sa\sbtree\sthat\sis\snot\swithin\sthe\sbounds\sof\sthe\ndatabase\sfile\sand\sabort\searly\swith\san\sSQLITE_CORRUPT\serror,\sto\savoid\nproblems\slater\son\sin\sthe\sprocess. +D 2019-03-08T01:52:30.651 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in 1ad7263f38329c0ecea543c80f30af839ee714ea77fc391bf1a3fbb919a5b6b5 @@ -456,7 +456,7 @@ F src/auth.c 0fac71038875693a937e506bceb492c5f136dd7b1249fbd4ae70b4e8da14f9df F src/backup.c 78d3cecfbe28230a3a9a1793e2ead609f469be43e8f486ca996006be551857ab F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 -F src/btree.c 7da25dbf427e7ad5d36b78541cf33b9cba2d3f9d02ad5ab41777770aa3396f6f +F src/btree.c 9abc4326303d6f5df9b9de07c753b226d4b7e75b8d3cf94262297c3b87b45b0a F src/btree.h 63b94fb38ce571c15eb6a3661815561b501d23d5948b2d1e951fbd7a2d04e8d3 F src/btreeInt.h 6111c15868b90669f79081039d19e7ea8674013f907710baa3c814dc3f8bfd3f F src/build.c 3acec29b23948042173301a8befebae01a98344debf66cbd4467c8b9077707b8 @@ -1806,7 +1806,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P b0d5cf40bba34e459caa7480bc84a1d75496c2ab52029f4bb0a31f2d9369a8ee -R f7bdcd8bffdce5eed151de0a075f21b3 +P ee642d3e2775ba4c73627ac71d0abf7a0f7a4ab3151d88e0076e9992f4814983 +R 404aa454c620c1b37b76e59f8936c8c2 U drh -Z f31ea26ece43f3a0263dc6076fee4b21 +Z 3fa1a0dfc55d9ca0db2a4e1013622b98 diff --git a/manifest.uuid b/manifest.uuid index 183908f8ff..81035d51a2 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -ee642d3e2775ba4c73627ac71d0abf7a0f7a4ab3151d88e0076e9992f4814983 \ No newline at end of file +235a9698f5e9b3c21dc51c9c5042becfb82fc1762a7519a46b9f9fdafe9b0f13 \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index ac03ec1430..6b237b4146 100644 --- a/src/btree.c +++ b/src/btree.c @@ -9268,6 +9268,9 @@ static int btreeDropTable(Btree *p, Pgno iTable, int *piMoved){ assert( sqlite3BtreeHoldsMutex(p) ); assert( p->inTrans==TRANS_WRITE ); assert( iTable>=2 ); + if( iTable>btreePagecount(pBt) ){ + return SQLITE_CORRUPT_BKPT; + } rc = btreeGetPage(pBt, (Pgno)iTable, &pPage, 0); if( rc ) return rc;