Prevent a rollback from crashing if the sector-size field of the

rollback journal is corrupted. (CVS 5868)

FossilOrigin-Name: cf9d1d933f6b6713018928d9a7680ae63e8edcd0

diff --git a/manifest b/manifest
index d27c9398d7f1ce28a0a41f97b553def46ff16bdd..236af11056f1660dbcff4c8ae91cf348e41207e3 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\sdocumentation\sto\smake\sit\sclear\sthat\sshort\sreads\sfrom\sxRead\sin\sthe\sVFS\nmust\sbe\szero-filled.\s(CVS\s5867)
-D 2008-11-07T00:06:18
+C Prevent\sa\srollback\sfrom\scrashing\sif\sthe\ssector-size\sfield\sof\sthe\nrollback\sjournal\sis\scorrupted.\s(CVS\s5868)
+D 2008-11-07T00:24:54
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 48172b58e444a9725ec482e0c022a564749acab4
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -138,7 +138,7 @@ F src/os_common.h 24525d8b7bce66c374dfc1810a6c9043f3359b60
 F src/os_os2.c 63be0987dbeb42e9b08c831863d2a315953b86e1
 F src/os_unix.c d17f694eda9d583676bcab87109efad42dd2abe1
 F src/os_win.c e208cbbceac63c1dd881d0909de5a4679a2c6992
-F src/pager.c e9103fc8ef7439db804425811a8d2b31fe3879b3
+F src/pager.c 6b6f8eb4938d184d6612ea89631185dbace246b3
 F src/pager.h 4a57b219c0765fe1870238064e3f46e4eb2cf5af
 F src/parse.y 2c4758b4c5ead6de8cf7112f5a7cce7561d313fe
 F src/pcache.c 5b80676e664019c1ebc8356cc25332dd69da6269
@@ -654,7 +654,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P 1b6a5140446da896f69fddc8d1ea076815bb45e3
-R 08ee53a11b68016faeed82f91090e413
+P fb311d6f4098a08f05b3fac9a2a7e2a53c38bb5f
+R f50c7a2e7dd00ab08ec53c3aea49aa7d
 U drh
-Z 5e998c6356f65705edd280b38e19632c
+Z f1bbebd3f9bc0e31bb789450c23f8559

diff --git a/manifest.uuid b/manifest.uuid
index e2cd87bdd101c56a3ffa5acc7ad44e8591fe8477..6a1ab644b107429bf6452250af26b75e3dce8fb1 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-fb311d6f4098a08f05b3fac9a2a7e2a53c38bb5f
\ No newline at end of file
+cf9d1d933f6b6713018928d9a7680ae63e8edcd0
\ No newline at end of file

diff --git a/src/pager.c b/src/pager.c
index ca4716e6ec8e7d05440081ddb2c28f6bf956e268..4d24a36eab449f791c0dcbc8a749e704db85a40c 100644 (file)
--- a/src/pager.c
+++ b/src/pager.c
@@ -18,7 +18,7 @@
 ** file simultaneously, or one process from reading the database while
 ** another is writing.
 **
-** @(#) $Id: pager.c,v 1.501 2008/11/03 20:55:07 drh Exp $
+** @(#) $Id: pager.c,v 1.502 2008/11/07 00:24:54 drh Exp $
 */
 #ifndef SQLITE_OMIT_DISKIO
 #include "sqliteInt.h"
@@ -203,7 +203,7 @@ struct Pager {
   i64 stmtHdrOff;             /* First journal header written this statement */
   i64 stmtCksum;              /* cksumInit when statement was started */
   i64 stmtJSize;              /* Size of journal at stmt_begin() */
-  int sectorSize;             /* Assumed sector size during rollback */
+  u32 sectorSize;             /* Assumed sector size during rollback */
 #ifdef SQLITE_TEST
   int nHit, nMiss;            /* Cache hits and missing */
   int nRead, nWrite;          /* Database pages read/written */
@@ -756,8 +756,12 @@ static int readJournalHdr(
   ** is being called from within pager_playback(). The local value
   ** of Pager.sectorSize is restored at the end of that routine.
   */
-  rc = read32bits(pPager->jfd, jrnlOff+12, (u32 *)&pPager->sectorSize);
+  rc = read32bits(pPager->jfd, jrnlOff+12, &pPager->sectorSize);
   if( rc ) return rc;
+  if( (pPager->sectorSize & (pPager->sectorSize-1))!=0
+         || pPager->sectorSize>0x1000000 ){
+    return SQLITE_DONE;
+  }
 
   pPager->journalOff += JOURNAL_HDR_SZ(pPager);
   return SQLITE_OK;