From: drh <>
Date: Fri, 7 Apr 2023 18:27:32 +0000 (+0000)
Subject: Guard against oversized cells in the newly enhanced pageFreeArray().
X-Git-Tag: version-3.42.0~167^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Fbtree-freespace-opt;p=thirdparty%2Fsqlite.git

Guard against oversized cells in the newly enhanced pageFreeArray().

FossilOrigin-Name: 2dcdbb50356edbd3a79e53fa0bee4e700c2bdea78e27173b62ddabe44b066726
---

diff --git a/manifest b/manifest
index 436e685b2c..8efcf81a61 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\sNEVER\son\san\sunreachable\sbranch.
-D 2023-04-07T16:30:33.632
+C Guard\sagainst\soversized\scells\sin\sthe\snewly\senhanced\spageFreeArray().
+D 2023-04-07T18:27:32.091
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -564,7 +564,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf
 F src/backup.c a2891172438e385fdbe97c11c9745676bec54f518d4447090af97189fd8e52d7
 F src/bitvec.c 7c849aac407230278445cb069bebc5f89bf2ddd87c5ed9459b070a9175707b3d
 F src/btmutex.c 6ffb0a22c19e2f9110be0964d0731d2ef1c67b5f7fabfbaeb7b9dabc4b7740ca
-F src/btree.c 119a010f26b0ddbfa8117917bcb0a95b1286c5550e7222a72f3a0565599f6379
+F src/btree.c 895a4ab3a5aeb7db9ed894bb3fd1e2eee4422e95fa6ca3d3d0e803bc0080ec55
 F src/btree.h aa354b9bad4120af71e214666b35132712b8f2ec11869cb2315c52c81fad45cc
 F src/btreeInt.h a3268a60cbc91f578001f44ba40aae9c1b8aecbb0d2c095dd7fc54b0872ea4b8
 F src/build.c 8357d6ca9a8c9afc297c431df28bc2af407b47f3ef2311875276c944b30c4d54
@@ -2052,8 +2052,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 7eff46ba97dd8a3d6a5d01d5d61e98a2805deceafa47335eded7d784a8304525
-R d683893a4f37f40e4189174d14b43d68
+P 9b3febbd988be05807ada20146d3e196ae17c966722fff049feb32292157bff2
+R 6d5ac3499b5cfed37f1e7ebe2e26c3c7
 U drh
-Z 012057b737c59630df75dcd34aedd019
+Z 765df8c6a87f2cf39432d4f3f8e36810
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index ac529a1ac6..224e5e3627 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-9b3febbd988be05807ada20146d3e196ae17c966722fff049feb32292157bff2
\ No newline at end of file
+2dcdbb50356edbd3a79e53fa0bee4e700c2bdea78e27173b62ddabe44b066726
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index 9e22944cf3..0a3d713174 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -7619,6 +7619,7 @@ static int pageFreeArray(
         }
         aOfst[nFree] = iOfst;
         aAfter[nFree] = iAfter;
+        if( &aData[iAfter]>pEnd ) return 0;
         nFree++;
       }
       nRet++;