From: drh <> Date: Sun, 2 Jan 2022 17:46:49 +0000 (+0000) Subject: Earlier detection of corruption in sqlite3BtreeDelete(). Fix for X-Git-Tag: version-3.37.2~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c84cb56f81a5f33215ae9b469aac01aecf9b71db;p=thirdparty%2Fsqlite.git Earlier detection of corruption in sqlite3BtreeDelete(). Fix for the assertion fault reported by [forum:/forumpost/9d78389221|forum post 9d78389221]. FossilOrigin-Name: eb07219965721e0a2017d0462747b07178c23f51e3333036e0cb8f5b4751f404 --- diff --git a/manifest b/manifest index ee86a82d55..7bb4daab3a 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Do\snot\sraise\san\sSQLITE_SCHEMA\serror\sif\sin\ssqlite3Init().\s\sFix\sfor\sPoC\s#2\sin\n[forum:/forumpost/b03d86f951|forum\spost\sb03d86f951].\s\sSee\sTH3\sfor\stest\ncases. -D 2022-01-02T17:37:56.350 +C Earlier\sdetection\sof\scorruption\sin\ssqlite3BtreeDelete().\s\sFix\sfor\nthe\sassertion\sfault\sreported\sby\n[forum:/forumpost/9d78389221|forum\spost\s9d78389221]. +D 2022-01-02T17:46:49.075 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -492,7 +492,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf F src/backup.c 3014889fa06e20e6adfa0d07b60097eec1f6e5b06671625f476a714d2356513d F src/bitvec.c 7c849aac407230278445cb069bebc5f89bf2ddd87c5ed9459b070a9175707b3d F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 -F src/btree.c 9f21ecc67b307adbbab09c8d53e1907a16efb711f50ca3bbcf276057a9bd3028 +F src/btree.c b756d9d0d4b4d4b31827298960e528de9f721b60500e0d60433cfcc051a09350 F src/btree.h 74d64b8f28cfa4a894d14d4ed64fa432cd697b98b61708d4351482ae15913e22 F src/btreeInt.h ee9348c4cb9077243b049edc93a82c1f32ca48baeabf2140d41362b9f9139ff7 F src/build.c c46bd4f5a69f398410c4472f7c1c4291fb8078d2c9758a2dad5916edd1d30ecc @@ -1935,9 +1935,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 3c0806e4df3ba795962b0111236b2b6f27f63a35a02055c251f750ef02622803 -Q +e199a851e316bd471bfc54204b8c250d3ae93b829261214158a2c74acad4093e -R 23f8b8f954c8c0162ca9e2ead8fdaf4b +P 25beca31cf3dbad0e78085c5ceed797a461cfaddc2d41fb7a093aa27098e50d5 +Q +13e9ff9e84a114374b49986484dbee05953a496f3017dd5089fba6f495a17c40 +R 730490404cdcadd8b3d80c14383c2b6c U drh -Z f2d49b9319fb34c7e1cb58389cf30efe +Z a4ee511e0c37c9dc7a70f5bb4a6e22dd # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 42afe5d7a4..6a5ea4e1d8 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -25beca31cf3dbad0e78085c5ceed797a461cfaddc2d41fb7a093aa27098e50d5 \ No newline at end of file +eb07219965721e0a2017d0462747b07178c23f51e3333036e0cb8f5b4751f404 \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index e61fc4022f..e4d9166b17 100644 --- a/src/btree.c +++ b/src/btree.c @@ -6810,13 +6810,15 @@ static void dropCell(MemPage *pPage, int idx, int sz, int *pRC){ int hdr; /* Beginning of the header. 0 most pages. 100 page 1 */ if( *pRC ) return; - assert( idx>=0 && idxnCell ); + assert( idx>=0 ); + assert( idxnCell ); assert( CORRUPT_DB || sz==cellSize(pPage, idx) ); assert( sqlite3PagerIswriteable(pPage->pDbPage) ); assert( sqlite3_mutex_held(pPage->pBt->mutex) ); assert( pPage->nFree>=0 ); data = pPage->aData; ptr = &pPage->aCellIdx[2*idx]; + assert( pPage->pBt->usableSize > (int)(ptr-data) ); pc = get2byte(ptr); hdr = pPage->hdrOffset; testcase( pc==(u32)get2byte(&data[hdr+5]) ); @@ -9245,7 +9247,12 @@ int sqlite3BtreeDelete(BtCursor *pCur, u8 flags){ iCellIdx = pCur->ix; pPage = pCur->pPage; pCell = findCell(pPage, iCellIdx); - if( pPage->nFree<0 && btreeComputeFreeSpace(pPage) ) return SQLITE_CORRUPT; + if( pPage->nFree<0 && btreeComputeFreeSpace(pPage) ){ + return SQLITE_CORRUPT_BKPT; + } + if( pPage->nCell<=iCellIdx ){ + return SQLITE_CORRUPT_BKPT; + } /* If the bPreserve flag is set to true, then the cursor position must ** be preserved following this delete operation. If the current delete