From: drh <>
Date: Thu, 13 Jul 2023 14:49:39 +0000 (+0000)
Subject: Fix an off-by-one error in tests for cells overflowing the end pages.  The
X-Git-Tag: version-3.43.0~137
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc6d949aa3640f0e7f0ff750486f500e02aded76;p=thirdparty%2Fsqlite.git

Fix an off-by-one error in tests for cells overflowing the end pages.  The
error is completely harmless for the default page cache, but might cause
problems for application-defined page caches that pack pages tightly
together.

FossilOrigin-Name: ce6793e954f291b6f5c29175baf730ce217328de1f0601b8935daac62af5f448
---

diff --git a/manifest b/manifest
index 39db92f161..1724a15f2b 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Replace\s'self'\swith\s'globalThis'\sin\ssome\sJS\stest\scode.
-D 2023-07-13T03:46:43.944
+C Fix\san\soff-by-one\serror\sin\stests\sfor\scells\soverflowing\sthe\send\spages.\s\sThe\nerror\sis\scompletely\sharmless\sfor\sthe\sdefault\spage\scache,\sbut\smight\scause\nproblems\sfor\sapplication-defined\spage\scaches\sthat\spack\spages\stightly\ntogether.
+D 2023-07-13T14:49:39.099
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -575,7 +575,7 @@ F src/auth.c 19b7ccacae3dfba23fc6f1d0af68134fa216e9040e53b0681b4715445ea030b4
 F src/backup.c 5c97e8023aab1ce14a42387eb3ae00ba5a0644569e3476f38661fa6f824c3523
 F src/bitvec.c 9eac5f42c11914d5ef00a75605bb205e934f435c579687f985f1f8b0995c8645
 F src/btmutex.c 79a43670447eacc651519a429f6ece9fd638563cf95b469d6891185ddae2b522
-F src/btree.c c9400cc1509116a29120dc06feb00ca7e26b5a4a6dba80758b1ba109d8fce5a4
+F src/btree.c 2281facb0531d53fb42c03d1f32bc1b5903564d782ec5ff4ffc63171d960e2aa
 F src/btree.h aa354b9bad4120af71e214666b35132712b8f2ec11869cb2315c52c81fad45cc
 F src/btreeInt.h 3b4eff7155c0cea6971dc51f62e3529934a15a6640ec607dd42a767e379cb3a9
 F src/build.c a8ae3b32d9aa9bbd2c0e97d7c0dd80def9fbca408425de1608f57ee6f47f45f4
@@ -641,7 +641,7 @@ F src/shell.c.in d320d8a13636de06d777cc1eab981caca304e175464e98183cf4ea68d93db81
 F src/sqlite.h.in f999ef3642f381d69679b2516b430dbcb6c5a2a951b7f5e43dc4751b474a5774
 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
 F src/sqlite3ext.h da473ce2b3d0ae407a6300c4a164589b9a6bfdbec9462688a8593ff16f3bb6e4
-F src/sqliteInt.h 002a6c3e24752d123468c5d948a80e2cd4acf01badce268f9dd98b581cd7bb96
+F src/sqliteInt.h dcb1a885e8b6cb78df618944b89d44361a99d0fe33e1bba2c150a855f7dc5599
 F src/sqliteLimit.h 33b1c9baba578d34efe7dfdb43193b366111cdf41476b1e82699e14c11ee1fb6
 F src/status.c 160c445d7d28c984a0eae38c144f6419311ed3eace59b44ac6dafc20db4af749
 F src/table.c 0f141b58a16de7e2fbe81c308379e7279f4c6b50eb08efeec5892794a0ba30d1
@@ -2042,8 +2042,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P a061a43e36b8f3cb7c465fd2e54cfcd9dceb07e232ee78602bbdd1818acd05ea
-R e5f9c2b543ee2e3a15f3537a9d58e252
-U stephan
-Z c5917bb24dee9d73dec2b26ad6758a4f
+P 53eeffc9b1ea8c3ee7d7cdcc220997ed893403e45b35d8ea10805ea3b0435587
+R f55f041ebafddabf4ddb162a1fc63377
+U drh
+Z 047638bedbf2babca9e4fd105a9bea6f
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 2830c84e4a..4c41db31e5 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-53eeffc9b1ea8c3ee7d7cdcc220997ed893403e45b35d8ea10805ea3b0435587
\ No newline at end of file
+ce6793e954f291b6f5c29175baf730ce217328de1f0601b8935daac62af5f448
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index 643d1c42de..8817efc71b 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -1534,7 +1534,7 @@ static void ptrmapPutOvflPtr(MemPage *pPage, MemPage *pSrc, u8 *pCell,int *pRC){
   pPage->xParseCell(pPage, pCell, &info);
   if( info.nLocal<info.nPayload ){
     Pgno ovfl;
-    if( SQLITE_WITHIN(pSrc->aDataEnd, pCell, pCell+info.nLocal) ){
+    if( SQLITE_OVERFLOW(pSrc->aDataEnd, pCell, pCell+info.nLocal) ){
       testcase( pSrc!=pPage );
       *pRC = SQLITE_CORRUPT_BKPT;
       return;
@@ -8695,7 +8695,7 @@ static int balance_nonroot(
     assert( iOvflSpace <= (int)pBt->pageSize );
     for(k=0; ALWAYS(k<NB*2) && b.ixNx[k]<=j; k++){}
     pSrcEnd = b.apEnd[k];
-    if( SQLITE_WITHIN(pSrcEnd, pCell, pCell+sz) ){
+    if( SQLITE_OVERFLOW(pSrcEnd, pCell, pCell+sz) ){
       rc = SQLITE_CORRUPT_BKPT;
       goto balance_cleanup;
     }
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index 770aa70718..f214862f74 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -889,8 +889,31 @@ typedef INT16_TYPE LogEst;
 ** the end of buffer S.  This macro returns true if P points to something
 ** contained within the buffer S.
 */
-#define SQLITE_WITHIN(P,S,E) (((uptr)(P)>=(uptr)(S))&&((uptr)(P)<(uptr)(E)))
+#define SQLITE_WITHIN(P,S,E)   (((uptr)(P)>=(uptr)(S))&&((uptr)(P)<(uptr)(E)))
 
+/*
+** P is one byte past the end of a large buffer. Return true if a span of bytes
+** between S..E crosses the end of that buffer.  In other words, return true
+** if the sub-buffer S..E-1 overflows the buffer show last byte is P-1.
+**
+** S is the start of the span.  E is one byte past the end of end of span.
+**
+**                        P
+**     |-----------------|                FALSE
+**               |-------|
+**               S        E
+**
+**                        P
+**     |-----------------|
+**                    |-------|           TRUE
+**                    S        E
+**
+**                        P
+**     |-----------------|               
+**                        |-------|       FALSE
+**                        S        E
+*/
+#define SQLITE_OVERFLOW(P,S,E) (((uptr)(S)<(uptr)(P))&&((uptr)(E)>(uptr)(P)))
 
 /*
 ** Macros to determine whether the machine is big or little endian,