From: drh <>
Date: Thu, 16 Mar 2023 02:30:43 +0000 (+0000)
Subject: Another approach at attempting to contain the damage caused by corruption
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d160c0cf5b9e57c8ff7e7dfd91f51987696ab2b5;p=thirdparty%2Fsqlite.git

Another approach at attempting to contain the damage caused by corruption
that leaves MemPage.isInit clear.  Works better than the previous but is
still not perfect.

FossilOrigin-Name: ba964eb0f3dac957367bc03cb3800800e8f2758403467bdbfb44e7e1a7d9cebf
---

diff --git a/manifest b/manifest
index 373c42bcfe..0d9ea4ab52 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C When\sthe\sbtreeInitPage()\sroutine\sdetects\sdatabase\scorruption,\sit\sshould\ncontinue\sto\sthe\send\sand\sset\sMemPage.isInit\sbefore\sit\sreturns\sSQLITE_CORRUPT,\nbecause\sif\sit\sleaves\sMemPage.isInit\sunset,\sthen\scan\scause\sdifficulty\slater.\ndbsqlfuzz\s460aa158f9a2c41145831cc924296cde1f312b3f
-D 2023-03-16T01:20:03.007
+C Another\sapproach\sat\sattempting\sto\scontain\sthe\sdamage\scaused\sby\scorruption\nthat\sleaves\sMemPage.isInit\sclear.\s\sWorks\sbetter\sthan\sthe\sprevious\sbut\sis\nstill\snot\sperfect.
+D 2023-03-16T02:30:43.826
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -564,7 +564,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf
 F src/backup.c a2891172438e385fdbe97c11c9745676bec54f518d4447090af97189fd8e52d7
 F src/bitvec.c 7c849aac407230278445cb069bebc5f89bf2ddd87c5ed9459b070a9175707b3d
 F src/btmutex.c 6ffb0a22c19e2f9110be0964d0731d2ef1c67b5f7fabfbaeb7b9dabc4b7740ca
-F src/btree.c a5e655d5bec07d1f9fccc1e7a28b5b26996c6c18114ca05af129d83293a4c822
+F src/btree.c b7318b5a3cb40a1a42d0a42e175783a02c88a1ef4972b20fba93fd0e237e0781
 F src/btree.h aa354b9bad4120af71e214666b35132712b8f2ec11869cb2315c52c81fad45cc
 F src/btreeInt.h 06bb2c1a07172d5a1cd27a2a5d617b93b1e976c5873709c31964786f86365a6e
 F src/build.c 4fed662d383527c808d85f53b9c544ead425ac8b9c7cb38501a64e3797921d41
@@ -2050,8 +2050,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 73f0036f045bf37193b6e87ae45b578c5831614c530488257c69666178da3aa5
-R f8418eb3fd937c9722d4ddb07f780c3f
+P 44e83f8b8fab5b46fd50461b5bad9b31437607f259e8b284852ca3be0d376c8a
+R 333e88ec9c338e26ffc59fb44537a76f
 U drh
-Z 85500bf9802b1e301dd6325803715dec
+Z 5abd6e9065f4915bbe0135e8f0ac1b31
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 83068c2d2b..47cb0b1018 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-44e83f8b8fab5b46fd50461b5bad9b31437607f259e8b284852ca3be0d376c8a
\ No newline at end of file
+ba964eb0f3dac957367bc03cb3800800e8f2758403467bdbfb44e7e1a7d9cebf
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index 452135751f..669cf7bf8d 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -2156,8 +2156,15 @@ static int btreeInitPage(MemPage *pPage){
   data = pPage->aData + pPage->hdrOffset;
   /* EVIDENCE-OF: R-28594-02890 The one-byte flag at offset 0 indicating
   ** the b-tree page type. */
-  if( decodeFlags(pPage, data[0]) ){
-    rc = SQLITE_CORRUPT_PAGE(pPage);
+  pPage->nCell = get2byte(&data[3]);
+  if( decodeFlags(pPage, data[0]) || pPage->nCell>MX_CELL(pBt) ){
+    BtCursor *pCur;
+    for(pCur=pBt->pCursor; pCur; pCur=pCur->pNext){
+      sqlite3BtreeClearCursor(pCur);
+      pCur->eState = CURSOR_FAULT;
+      pCur->skipNext = SQLITE_CORRUPT;
+    }
+    return SQLITE_CORRUPT_PAGE(pPage);
   }
   assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
   pPage->maskPage = (u16)(pBt->pageSize - 1);
@@ -2168,11 +2175,6 @@ static int btreeInitPage(MemPage *pPage){
   pPage->aDataOfst = pPage->aData + pPage->childPtrSize;
   /* EVIDENCE-OF: R-37002-32774 The two-byte integer at offset 3 gives the
   ** number of cells on the page. */
-  pPage->nCell = get2byte(&data[3]);
-  if( pPage->nCell>MX_CELL(pBt) ){
-    /* To many cells for a single page.  The page must be corrupt */
-    rc = SQLITE_CORRUPT_PAGE(pPage);
-  }
   testcase( pPage->nCell==MX_CELL(pBt) );
   /* EVIDENCE-OF: R-24089-57979 If a page contains no cells (which is only
   ** possible for a root page of a table that contains no rows) then the
@@ -2180,7 +2182,6 @@ static int btreeInitPage(MemPage *pPage){
   ** bytes of reserved space. */
   assert( pPage->nCell>0
        || get2byteNotZero(&data[5])==(int)pBt->usableSize
-       || rc==SQLITE_CORRUPT
        || CORRUPT_DB );
   pPage->nFree = -1;  /* Indicate that this value is yet uncomputed */
   pPage->isInit = 1;