From: drh <> Date: Mon, 3 Apr 2023 12:45:16 +0000 (+0000) Subject: Stronger constraint checking in allocateSpace(). X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e49f88d3de819c96db0168d73a4aca04ef6e8e97;p=thirdparty%2Fsqlite.git Stronger constraint checking in allocateSpace(). FossilOrigin-Name: 0f9e65b6c1e7f2f7a0358163c0ec3ce5fe8ed8814202b03ec167cf2f617f82f3 --- diff --git a/manifest b/manifest index 227174aa99..7acb30c007 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Earlier\sdetection\sof\scorruption\sin\ssqlite3BtreeDelete().\ndbsqlfuzz\sa4c48c291d6e40157a1b749a05eaa7c7faf5a625. -D 2023-04-02T18:49:45.072 +C Stronger\sconstraint\schecking\sin\sallocateSpace(). +D 2023-04-03T12:45:16.371 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -560,7 +560,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf F src/backup.c a2891172438e385fdbe97c11c9745676bec54f518d4447090af97189fd8e52d7 F src/bitvec.c 7c849aac407230278445cb069bebc5f89bf2ddd87c5ed9459b070a9175707b3d F src/btmutex.c 6ffb0a22c19e2f9110be0964d0731d2ef1c67b5f7fabfbaeb7b9dabc4b7740ca -F src/btree.c 946f6a8ae18d72647a150c5fc9fc7dc7d4f7e68864141cd0b6323a56cd91ad03 +F src/btree.c b56f7af31b11fa3f63099c388a45bd79e55e079df718a332a5fa716989ec8fd5 F src/btree.h aa354b9bad4120af71e214666b35132712b8f2ec11869cb2315c52c81fad45cc F src/btreeInt.h 06bb2c1a07172d5a1cd27a2a5d617b93b1e976c5873709c31964786f86365a6e F src/build.c 8357d6ca9a8c9afc297c431df28bc2af407b47f3ef2311875276c944b30c4d54 @@ -2046,9 +2046,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P a8faea2842f412dfa2588b65868acb523c9eae1b5ad15c631a1ab193eaa615a7 -Q +978dc71c388b37740da38c310674315c7d7fe814d1daa16a146b4df71385d1e1 -R 1246ed5bff2b62d28852f0379cd6a67d +P 728633c0bd665ed94e4969180a83ef102c54371e339bc06ea6cb006eaefdb267 +Q +9e968f4fbce061190f10f31ce9d3eb4fce6706ea6b7e5011bfa1e893d37ca68d +R d2aeecbda2c6a9aac15b61ea9445e050 U drh -Z 0805557b24b03b082d8837880f959253 +Z c84ef3bee4ec9e9769a7432b9a66137d # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 90fc78d223..f4b1024ac4 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -728633c0bd665ed94e4969180a83ef102c54371e339bc06ea6cb006eaefdb267 \ No newline at end of file +0f9e65b6c1e7f2f7a0358163c0ec3ce5fe8ed8814202b03ec167cf2f617f82f3 \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index 4e2bd78017..c7ecc1bd00 100644 --- a/src/btree.c +++ b/src/btree.c @@ -1724,13 +1724,14 @@ static int allocateSpace(MemPage *pPage, int nByte, int *pIdx){ ** integer, so a value of 0 is used in its place. */ pTmp = &data[hdr+5]; top = get2byte(pTmp); - assert( top<=(int)pPage->pBt->usableSize ); /* by btreeComputeFreeSpace() */ if( gap>top ){ if( top==0 && pPage->pBt->usableSize==65536 ){ top = 65536; }else{ return SQLITE_CORRUPT_PAGE(pPage); } + }else if( top>(int)pPage->pBt->usableSize ){ + return SQLITE_CORRUPT_PAGE(pPage); } /* If there is enough space between gap and top for one more cell pointer, @@ -7536,7 +7537,7 @@ static int editPage( pData = &aData[get2byteNotZero(&aData[hdr+5])]; if( pDatapPg->aDataEnd ) goto editpage_fail; + if( NEVER(pData>pPg->aDataEnd) ) goto editpage_fail; /* Add cells to the start of the page */ if( iNew