From: drh <drh@noemail.net>
Date: Wed, 1 Apr 2015 13:21:33 +0000 (+0000)
Subject: Improved detection and suppression of endless loops in clearDatabasePage().
X-Git-Tag: version-3.8.9~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ccf46d0b9020d88fddbdc2dd9b9104b403f7d615;p=thirdparty%2Fsqlite.git

Improved detection and suppression of endless loops in clearDatabasePage().

FossilOrigin-Name: 30011ad2f55cfcacaf23a58ebcc17b17a7b9355e
---

diff --git a/manifest b/manifest
index 63d5d9eccf..83880531e8 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C On\swindows,\sflush\sthe\smapping\sview\swhen\ssyncing\scontent\sto\sdisk.
-D 2015-03-31T19:40:05.313
+C Improved\sdetection\sand\ssuppression\sof\sendless\sloops\sin\sclearDatabasePage().
+D 2015-04-01T13:21:33.901
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 00d12636df7a5b08af09116bcd6c7bfd49b8b3b4
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -173,9 +173,9 @@ F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240
 F src/backup.c ff743689c4d6c5cb55ad42ed9d174b2b3e71f1e3
 F src/bitvec.c 19a4ba637bd85f8f63fc8c9bae5ade9fb05ec1cb
 F src/btmutex.c 45a968cc85afed9b5e6cf55bf1f42f8d18107f79
-F src/btree.c 525f19f01d5976dbc12e83e7339e41488de79183
+F src/btree.c 2caf598165f3608fde8abac2b243826616ce54b7
 F src/btree.h 969adc948e89e449220ff0ff724c94bb2a52e9f1
-F src/btreeInt.h 2bfefc01875d8da066504c233ec259fcb3b2ef72
+F src/btreeInt.h 973a22a6fd61350b454ad614832b1f0a5e25a1e4
 F src/build.c 0419bba592c22f6d00e6d57a2ca7136720d02c1a
 F src/callback.c 7b44ce59674338ad48b0e84e7b72f935ea4f68b0
 F src/complete.c 198a0066ba60ab06fc00fba1998d870a4d575463
@@ -1248,8 +1248,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P ea697e6d9ff1f4d77774589a02ba4a18feafbf03 45acf6a85150839d591316418dad59ae20ce3aa4
-R 00dcdcdf447a25afe74cb2a2ac195e0b
-T +closed 45acf6a85150839d591316418dad59ae20ce3aa4
+P a828e73dc1ae50189bdf73f60caeb7308738ad7a
+R 9ae26e7b05df4833a239ec9186729882
 U drh
-Z e131d4f6392434ebe038899ef79bd289
+Z b113a7338e765a6278a4e0ffd57f1cf8
diff --git a/manifest.uuid b/manifest.uuid
index 6301587c11..925ee38b4d 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-a828e73dc1ae50189bdf73f60caeb7308738ad7a
\ No newline at end of file
+30011ad2f55cfcacaf23a58ebcc17b17a7b9355e
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index b497cd7468..789796d55a 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -7980,28 +7980,29 @@ static int clearDatabasePage(
   int i;
   int hdr;
   u16 szCell;
-  u8 hasChildren;
 
   assert( sqlite3_mutex_held(pBt->mutex) );
   if( pgno>btreePagecount(pBt) ){
     return SQLITE_CORRUPT_BKPT;
   }
-
   rc = getAndInitPage(pBt, pgno, &pPage, 0);
   if( rc ) return rc;
-  hasChildren = !pPage->leaf;
-  pPage->leaf = 1;  /* Block looping if the database is corrupt */
+  if( pPage->bBusy ){
+    rc = SQLITE_CORRUPT_BKPT;
+    goto cleardatabasepage_out;
+  }
+  pPage->bBusy = 1;
   hdr = pPage->hdrOffset;
   for(i=0; i<pPage->nCell; i++){
     pCell = findCell(pPage, i);
-    if( hasChildren ){
+    if( !pPage->leaf ){
       rc = clearDatabasePage(pBt, get4byte(pCell), 1, pnChange);
       if( rc ) goto cleardatabasepage_out;
     }
     rc = clearCell(pPage, pCell, &szCell);
     if( rc ) goto cleardatabasepage_out;
   }
-  if( hasChildren ){
+  if( !pPage->leaf ){
     rc = clearDatabasePage(pBt, get4byte(&pPage->aData[hdr+8]), 1, pnChange);
     if( rc ) goto cleardatabasepage_out;
   }else if( pnChange ){
@@ -8015,6 +8016,7 @@ static int clearDatabasePage(
   }
 
 cleardatabasepage_out:
+  pPage->bBusy = 0;
   releasePage(pPage);
   return rc;
 }
diff --git a/src/btreeInt.h b/src/btreeInt.h
index 87d0ef1bb8..33ef641059 100644
--- a/src/btreeInt.h
+++ b/src/btreeInt.h
@@ -280,6 +280,7 @@ struct MemPage {
   u8 hdrOffset;        /* 100 for page 1.  0 otherwise */
   u8 childPtrSize;     /* 0 if leaf==1.  4 if leaf==0 */
   u8 max1bytePayload;  /* min(maxLocal,127) */
+  u8 bBusy;            /* Prevent endless loops on corrupt database files */
   u16 maxLocal;        /* Copy of BtShared.maxLocal or BtShared.maxLeaf */
   u16 minLocal;        /* Copy of BtShared.minLocal or BtShared.minLeaf */
   u16 cellOffset;      /* Index in aData of first cell pointer */