From: danielk1977 <danielk1977@noemail.net>
Date: Sat, 11 Apr 2009 16:06:15 +0000 (+0000)
Subject: Fix a case where a corrupt database could cause an assert() to fail. (CVS 6496)
X-Git-Tag: version-3.6.15~254
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e589a67f6c71c248200f660bc85fb25afd3fd7c4;p=thirdparty%2Fsqlite.git

Fix a case where a corrupt database could cause an assert() to fail. (CVS 6496)

FossilOrigin-Name: 2c560e057e1da8a603efc36deea036f2392a4ab9
---

diff --git a/manifest b/manifest
index 46491d9fbe..2c55036132 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Allocate\sa\slittle\sextra\sscratch\sspace\sfor\sthe\smemsubsys1\stests.\s\sThe\nextra\sspace\sis\sneeded\sin\ssome\sconfigurations.\s(CVS\s6495)
-D 2009-04-11T14:46:43
+C Fix\sa\scase\swhere\sa\scorrupt\sdatabase\scould\scause\san\sassert()\sto\sfail.\s(CVS\s6496)
+D 2009-04-11T16:06:15
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 583e87706abc3026960ed759aff6371faf84c211
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -103,7 +103,7 @@ F src/auth.c c8b2ab5c8bad4bd90ed7c294694f48269162c627
 F src/backup.c 0082d0e5a63f04e88faee0dff0a7d63d3e92a78d
 F src/bitvec.c ef370407e03440b0852d05024fb016b14a471d3d
 F src/btmutex.c 9b899c0d8df3bd68f527b0afe03088321b696d3c
-F src/btree.c 8331febf3769cdac2e0cde463be4ed901406b783
+F src/btree.c 103858ade0ad7d3320aadae936557e48b84bf3c2
 F src/btree.h 99fcc7e8c4a1e35afe271bcb38de1a698dfc904e
 F src/btreeInt.h df64030d632f8c8ac217ed52e8b6b3eacacb33a5
 F src/build.c 2882f22078db1c3f887b1aca77ff460cf9461c62
@@ -286,7 +286,7 @@ F test/corrupt8.test 9992ef7f67cefc576b92373f6bf5ab8775280f51
 F test/corrupt9.test 794d284109c65c8f10a2b275479045e02d163bae
 F test/corruptA.test 99e95620b980161cb3e79f06a884a4bb8ae265ff
 F test/corruptB.test 505331779fe7a96fe38ecbb817f19c63bc27d171
-F test/corruptC.test c798aa395a8d052fba88bd1be8e1945309e3f94a
+F test/corruptC.test 47d544f612b8a26a05900d65289abb1ae3b30837
 F test/count.test 276b32260ecfa1f3c50799818fd1aea99888eea8
 F test/crash.test 1b6ac8410689ff78028887f445062dc897c9ac89
 F test/crash2.test 5b14d4eb58b880e231361d3b609b216acda86651
@@ -717,7 +717,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P 7f2d6a0bd510801e011eb075f494194d9ebf568b
-R 35a05d947ec7b23c1e90eab3b71fdf4b
-U drh
-Z b584bba8c08c1f53861bf5172c3ff0cb
+P 5484419294356b704c2c9064f36ed254875ca8c0
+R 2e96b765f3ae6df475f1d5f1c48e8aa8
+U danielk1977
+Z 8f3345f1abea5eb987e939cee8d0e3ce
diff --git a/manifest.uuid b/manifest.uuid
index da5632ecc7..4367021ccf 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-5484419294356b704c2c9064f36ed254875ca8c0
\ No newline at end of file
+2c560e057e1da8a603efc36deea036f2392a4ab9
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index e5c25f8090..d928559d41 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -9,7 +9,7 @@
 **    May you share freely, never taking more than you give.
 **
 *************************************************************************
-** $Id: btree.c,v 1.594 2009/04/10 09:47:07 danielk1977 Exp $
+** $Id: btree.c,v 1.595 2009/04/11 16:06:15 danielk1977 Exp $
 **
 ** This file implements a external (disk-based) database using BTrees.
 ** See the header comment on "btreeInt.h" for additional information.
@@ -4672,7 +4672,10 @@ static int clearCell(MemPage *pPage, unsigned char *pCell){
   while( nOvfl-- ){
     Pgno iNext = 0;
     MemPage *pOvfl = 0;
-    if( ovflPgno==0 || ovflPgno>pagerPagecount(pBt) ){
+    if( ovflPgno<2 || ovflPgno>pagerPagecount(pBt) ){
+      /* 0 is not a legal page number and page 1 cannot be an 
+      ** overflow page. Therefore if ovflPgno<2 or past the end of the 
+      ** file the database must be corrupt. */
       return SQLITE_CORRUPT_BKPT;
     }
     if( nOvfl ){
diff --git a/test/corruptC.test b/test/corruptC.test
index 0ba860b6b1..63fc2fbf87 100644
--- a/test/corruptC.test
+++ b/test/corruptC.test
@@ -15,7 +15,7 @@
 # data base file, then tests that single byte corruptions in 
 # increasingly larger quantities are handled gracefully.
 #
-# $Id: corruptC.test,v 1.10 2008/11/19 18:43:07 drh Exp $
+# $Id: corruptC.test,v 1.11 2009/04/11 16:06:15 danielk1977 Exp $
 
 catch {file delete -force test.db test.db-journal test.bu}
 
@@ -260,6 +260,19 @@ do_test corruptC-2.13 {
   catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;}
 } {1 {database disk image is malformed}}
 
+do_test corruptC-2.14 {
+  db close
+  copy_file test.bu test.db
+
+  sqlite3 db test.db
+  set blob [string repeat abcdefghij 10000]
+  execsql { INSERT INTO t1 VALUES (1, $blob) }
+
+  sqlite3 db test.db
+  set filesize [file size test.db]
+  hexio_write test.db [expr $filesize-2048] 00000001
+  catchsql {DELETE FROM t1 WHERE rowid = (SELECT max(rowid) FROM t1)}
+} {1 {database disk image is malformed}}
 
 #
 # now test for a series of quasi-random seeds