Modify integrity-check to prevent a buffer overread when dealing with a corrupted...

FossilOrigin-Name: 3c9097f19adae071a12e1114f64993d0c1da1163

diff --git a/manifest b/manifest
index 5216c2e122d107c3efe14594065d3c0af56b9f73..0916cea7d331a911b049c2f7fde9567daf728506 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Make\ssure\srecursive\scalls\sto\swinOpen()\spreserve\sthe\spVfs\spointer.\nFault\sfound\swhile\stesting\sa\smingw\sbuild\sin\sVMWare.\s(CVS\s6410)
-D 2009-03-30T13:04:18
+C Modify\sintegrity-check\sto\sprevent\sa\sbuffer\soverread\swhen\sdealing\swith\sa\scorrupted\sdatabase.\s(CVS\s6411)
+D 2009-03-30T13:53:43
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 583e87706abc3026960ed759aff6371faf84c211
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -103,7 +103,7 @@ F src/auth.c c8b2ab5c8bad4bd90ed7c294694f48269162c627
 F src/backup.c 0082d0e5a63f04e88faee0dff0a7d63d3e92a78d
 F src/bitvec.c 44f7059ac1f874d364b34af31b9617e52223ba75
 F src/btmutex.c 341502bc496dc0840dcb00cde65680fb0e85c3ab
-F src/btree.c 3aef6704823573386039c608642c9aa78a37bb4e
+F src/btree.c 5f99af1adb683c4bea6f84e32b7946f3df748bda
 F src/btree.h e302c5747494067cd4f5763000fbe7bca767d816
 F src/btreeInt.h df64030d632f8c8ac217ed52e8b6b3eacacb33a5
 F src/build.c be2bdaf2a3f6b24ef08dc14b9fd33aa84c689908
@@ -711,7 +711,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P 1ad176375746d680225d7ecddca54bc281b1556d
-R 58fd324f9c74a646af859265a6406860
-U drh
-Z 9cb7d0847214ae5af48c579246effaeb
+P 18b44f0df3d75689fb5cee20120eb3c6ae5882b3
+R 19a418b68e502c278b55debcd479fd8e
+U danielk1977
+Z 32feefd9ba4cee6cc7bd15aa8b32502a

diff --git a/manifest.uuid b/manifest.uuid
index 64d5d71d2143ce8ca80ceb8c28761c2b8c40f00d..8c1db19dc71c7cc2a14c7b18d1226d08acc6917f 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-18b44f0df3d75689fb5cee20120eb3c6ae5882b3
\ No newline at end of file
+3c9097f19adae071a12e1114f64993d0c1da1163
\ No newline at end of file

diff --git a/src/btree.c b/src/btree.c
index a7e4605ad16df72b7fb8c79c7a970fcb74d89dcf..54b630eede98f1e0f24b3657af8ccdf9690c3c8a 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -9,7 +9,7 @@
 **    May you share freely, never taking more than you give.
 **
 *************************************************************************
-** $Id: btree.c,v 1.579 2009/03/28 10:54:23 danielk1977 Exp $
+** $Id: btree.c,v 1.580 2009/03/30 13:53:43 danielk1977 Exp $
 **
 ** This file implements a external (disk-based) database using BTrees.
 ** See the header comment on "btreeInt.h" for additional information.
@@ -7107,7 +7107,9 @@ static int checkTreePage(
     sz = info.nData;
     if( !pPage->intKey ) sz += (int)info.nKey;
     assert( sz==info.nPayload );
-    if( sz>info.nLocal ){
+    if( (sz>info.nLocal) 
+     && (&pCell[info.iOverflow]<=&pPage->aData[pBt->usableSize])
+    ){
       int nPage = (sz - info.nLocal + usableSize - 5)/(usableSize - 4);
       Pgno pgnoOvfl = get4byte(&pCell[info.iOverflow]);
 #ifndef SQLITE_OMIT_AUTOVACUUM