From: drh <drh@noemail.net>
Date: Wed, 8 May 2019 00:17:45 +0000 (+0000)
Subject: Earlier detections of errors in the byte-offset-to-cell-content integer at
X-Git-Tag: version-3.29.0~141
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dfcecdfea8e0c4260109a38bb0f5d14b4b8cc9ca;p=thirdparty%2Fsqlite.git

Earlier detections of errors in the byte-offset-to-cell-content integer at
offset 5 in the header of a btree page.

FossilOrigin-Name: a0819086a521fb0ca4ffd12f959b168a89ea2e30a2844bbbd39831b2b9ecf29b
---

diff --git a/manifest b/manifest
index 52577a29ed..cbd5fdce9a 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Generate\sall\srecords\sfor\sINSERT\sor\sUPDATE\sprior\sto\srunning\sforeign\skey\nconstraint\schecks,\ssince\sthe\sFK\schecks\smight\smodify\sthe\sdatatype\sof\sregisters\nused\sto\sgenerate\sthe\srecords.\s\sFix\sfor\sticket\s[e63cbcfd3378afe6980d6].
-D 2019-05-07T20:06:41.906
+C Earlier\sdetections\sof\serrors\sin\sthe\sbyte-offset-to-cell-content\sinteger\sat\s\noffset\s5\sin\sthe\sheader\sof\sa\sbtree\spage.
+D 2019-05-08T00:17:45.328
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -461,7 +461,7 @@ F src/auth.c 0fac71038875693a937e506bceb492c5f136dd7b1249fbd4ae70b4e8da14f9df
 F src/backup.c b1d37f6f7f5913944583733ed0f9e182f3ece0d42c27f46701142141a6e6fd33
 F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
-F src/btree.c 096a98aae7b57a0f6d119076f45e281e8b337100a304857b85986a59c6d606d1
+F src/btree.c 3fe1f1b3cd623a0cad788dfbd90ce200c3d522d608ae688fc8ee002d59924414
 F src/btree.h c11446f07ec0e9dc85af8041cb0855c52f5359c8b2a43e47e02a685282504d89
 F src/btreeInt.h 6111c15868b90669f79081039d19e7ea8674013f907710baa3c814dc3f8bfd3f
 F src/build.c 23e9332b260cd0e45f6cbfabe711957a0776ea3ff836746378868fdfa64d267b
@@ -1000,7 +1000,7 @@ F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba
 F test/fuzzdata4.db b502c7d5498261715812dd8b3c2005bad08b3a26e6489414bd13926cd3e42ed2
 F test/fuzzdata5.db e35f64af17ec48926481cfaf3b3855e436bd40d1cfe2d59a9474cb4b748a52a5
 F test/fuzzdata6.db 92a80e4afc172c24f662a10a612d188fb272de4a9bd19e017927c95f737de6d7
-F test/fuzzdata7.db f46c9a5698c1ca75ca6280c7c879a3f46dc82fe4b1ce246827496b806488952d
+F test/fuzzdata7.db 2b13f8d7a4e475f164c733e64c9ebc459424ec58d0876ef103de62c1a99e2fca
 F test/fuzzdata8.db 1786362da75b8696f804b0b4548b59830e148718bce827548c006031105e7783
 F test/fuzzer1.test 3d4c4b7e547aba5e5511a2991e3e3d07166cfbb8
 F test/fuzzer2.test a85ef814ce071293bce1ad8dffa217cbbaad4c14
@@ -1824,8 +1824,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 659c551dcc374a0d349ba9419f692e3363839e11d791a17cc35fa1854a674a51 2e31abe0ae5937a8ce10179e0ae045ee4c5ed8b7e2622ab41243226c6d3f5425
-R fa2fed430d13a58c5e4ca86a2cdaef6a
-T +closed 2e31abe0ae5937a8ce10179e0ae045ee4c5ed8b7e2622ab41243226c6d3f5425
+P 3c75605b4652ae88659465d832953ac9d467369f9cb417f73b3d8599ec60b18b
+R b0847795ba7312dd769390f52a23c18c
 U drh
-Z 73823319e7fa571b2383dfdc2d83370b
+Z 9c745365e239320fd6fda1cfdfad4d1f
diff --git a/manifest.uuid b/manifest.uuid
index 967645dbf3..67413b6578 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-3c75605b4652ae88659465d832953ac9d467369f9cb417f73b3d8599ec60b18b
\ No newline at end of file
+a0819086a521fb0ca4ffd12f959b168a89ea2e30a2844bbbd39831b2b9ecf29b
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index d0be549900..42867168ea 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -1628,9 +1628,9 @@ static int allocateSpace(MemPage *pPage, int nByte, int *pIdx){
   ** However, that integer is too large to be stored in a 2-byte unsigned
   ** integer, so a value of 0 is used in its place. */
   top = get2byte(&data[hdr+5]);
-  assert( top<=(int)pPage->pBt->usableSize ); /* Prevent by getAndInitPage() */
+  assert( top<=(int)pPage->pBt->usableSize ); /* by btreeComputeFreeSpace() */
   if( gap>top ){
-    if( top==0 && pPage->pBt->usableSize==65536 ){
+    if( top==0 && ALWAYS(pPage->pBt->usableSize==65536) ){
       top = 65536;
     }else{
       return SQLITE_CORRUPT_PAGE(pPage);
@@ -1925,7 +1925,7 @@ static int btreeComputeFreeSpace(MemPage *pPage){
   ** serves to verify that the offset to the start of the cell-content
   ** area, according to the page header, lies within the page.
   */
-  if( nFree>usableSize ){
+  if( nFree>usableSize || nFree<iCellFirst ){
     return SQLITE_CORRUPT_PAGE(pPage);
   }
   pPage->nFree = (u16)(nFree - iCellFirst);
@@ -8068,7 +8068,7 @@ static int balance_nonroot(
     assert( sz<=pBt->maxLocal+23 );
     assert( iOvflSpace <= (int)pBt->pageSize );
     insertCell(pParent, nxDiv+i, pCell, sz, pTemp, pNew->pgno, &rc);
-    if( rc!=SQLITE_OK ) goto balance_cleanup;
+    if( NEVER(rc!=SQLITE_OK) ) goto balance_cleanup;
     assert( sqlite3PagerIswriteable(pParent->pDbPage) );
   }
 
diff --git a/test/fuzzdata7.db b/test/fuzzdata7.db
index f24add2b58..fb111d865f 100644
Binary files a/test/fuzzdata7.db and b/test/fuzzdata7.db differ