From 0d0654119fc1d2222e1c63cc9fdb3aef6a9c8fab Mon Sep 17 00:00:00 2001 From: danielk1977 Date: Wed, 12 Nov 2008 18:21:36 +0000 Subject: [PATCH] Avoid some buffer overreads detected by valgrind while running corruptC.test. (CVS 5898) FossilOrigin-Name: faa6bd7b615837c920b5b3b027115caa2f56ec15 --- manifest | 16 ++++++++-------- manifest.uuid | 2 +- src/btree.c | 14 ++++++++------ test/corruptC.test | 6 +++--- 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/manifest b/manifest index 29cdbce257..2154b4c16b 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Version\s3.6.5\s(CVS\s5897) -D 2008-11-12T15:38:53 +C Avoid\ssome\sbuffer\soverreads\sdetected\sby\svalgrind\swhile\srunning\scorruptC.test.\s(CVS\s5898) +D 2008-11-12T18:21:36 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0 F Makefile.in 48172b58e444a9725ec482e0c022a564749acab4 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -99,7 +99,7 @@ F src/attach.c 208881c87160d9e2c73a46cf86116c5a6d66f9d7 F src/auth.c c8b2ab5c8bad4bd90ed7c294694f48269162c627 F src/bitvec.c 9e922b2577b7e46d8f95349bca6a52f7674d7582 F src/btmutex.c 3a90096c3080b9057dc570b8e16e46511e1c788a -F src/btree.c 7505a73bd9b7c36a816543c4a71437d8c2f7539a +F src/btree.c 7c06d81faa3a44116968987a5189b4a2f6a37962 F src/btree.h 179c3ea813780df78a289a8f5130db18e6d4616e F src/btreeInt.h e38e9b2b285f40f5bc0a6664f630d4a141622f16 F src/build.c 98a6884d47c3cc12faeb2e9a926018d3a7382133 @@ -265,7 +265,7 @@ F test/corrupt8.test 9992ef7f67cefc576b92373f6bf5ab8775280f51 F test/corrupt9.test 794d284109c65c8f10a2b275479045e02d163bae F test/corruptA.test 99e95620b980161cb3e79f06a884a4bb8ae265ff F test/corruptB.test 505331779fe7a96fe38ecbb817f19c63bc27d171 -F test/corruptC.test d73d70aa2919fae2e0032043e85d00949e1d556a +F test/corruptC.test bcedf37afa205aff7cf1729a32b862c6a037fb5f F test/crash.test 1b6ac8410689ff78028887f445062dc897c9ac89 F test/crash2.test 5b14d4eb58b880e231361d3b609b216acda86651 F test/crash3.test 776f9363554c029fcce71d9e6600fa0ba6359ce7 @@ -656,7 +656,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e -P f41dd2053c8a297a05b47d0ef631b4d9a7db2fff -R 217eb8bceae810089ca0de92c63eed2e -U drh -Z d3949478ddaafe6e3d8afbf1d2a260a7 +P 369f74983bb1b6a6426260148018cdc084fc2b49 +R 1f4429807d31bf0a13a5939ab83fd57a +U danielk1977 +Z ced029dc2e076de2b81cab7ea9f2d078 diff --git a/manifest.uuid b/manifest.uuid index 2b196e9171..f643bf86aa 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -369f74983bb1b6a6426260148018cdc084fc2b49 \ No newline at end of file +faa6bd7b615837c920b5b3b027115caa2f56ec15 \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index 1dc3f168d1..9d497c5939 100644 --- a/src/btree.c +++ b/src/btree.c @@ -9,7 +9,7 @@ ** May you share freely, never taking more than you give. ** ************************************************************************* -** $Id: btree.c,v 1.533 2008/11/12 08:49:52 danielk1977 Exp $ +** $Id: btree.c,v 1.534 2008/11/12 18:21:36 danielk1977 Exp $ ** ** This file implements a external (disk-based) database using BTrees. ** See the header comment on "btreeInt.h" for additional information. @@ -734,14 +734,15 @@ static int defragmentPage(MemPage *pPage){ u8 *pAddr; /* The i-th cell pointer */ pAddr = &data[cellOffset + i*2]; pc = get2byte(pAddr); - if (pc >= pPage->pBt->usableSize) { + if( pc>=pPage->pBt->usableSize ){ return SQLITE_CORRUPT_BKPT; } size = cellSizePtr(pPage, &temp[pc]); cbrk -= size; - if ((cbrk < cellOffset+2*nCell) || (cbrk+size>pPage->pBt->usableSize)) { + if( cbrkusableSize ){ return SQLITE_CORRUPT_BKPT; } + assert( cbrk+size<=usableSize && cbrk>=0 ); memcpy(&data[cbrk], &temp[pc], size); put2byte(pAddr, cbrk); } @@ -3181,7 +3182,7 @@ static int accessPayload( u32 nKey; int iIdx = 0; MemPage *pPage = pCur->apPage[pCur->iPage]; /* Btree page of current entry */ - BtShared *pBt; /* Btree this cursor belongs to */ + BtShared *pBt = pCur->pBt; /* Btree this cursor belongs to */ assert( pPage ); assert( pCur->eState==CURSOR_VALID ); @@ -3196,7 +3197,9 @@ static int accessPayload( if( skipKey ){ offset += nKey; } - if( offset+amt > nKey+pCur->info.nData ){ + if( offset+amt > nKey+pCur->info.nData + || &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize] + ){ /* Trying to read or write past the end of the data is an error */ return SQLITE_CORRUPT_BKPT; } @@ -3215,7 +3218,6 @@ static int accessPayload( offset -= pCur->info.nLocal; } - pBt = pCur->pBt; if( rc==SQLITE_OK && amt>0 ){ const int ovflSize = pBt->usableSize - 4; /* Bytes content per ovfl page */ Pgno nextPage; diff --git a/test/corruptC.test b/test/corruptC.test index bcf654e8c7..d093ad2bc0 100644 --- a/test/corruptC.test +++ b/test/corruptC.test @@ -15,7 +15,7 @@ # data base file, then tests that single byte corruptions in # increasingly larger quantities are handled gracefully. # -# $Id: corruptC.test,v 1.7 2008/11/12 14:22:25 danielk1977 Exp $ +# $Id: corruptC.test,v 1.8 2008/11/12 18:21:36 danielk1977 Exp $ catch {file delete -force test.db test.db-journal test.bu} @@ -150,8 +150,8 @@ do_test corruptC-2.5 { catchsql {PRAGMA integrity_check} } {0 {{*** in database main *** Corruption detected in cell 710 on page 4 -Multiple uses for byte 116 of page 4 -Fragmented space is 0 byte reported as 21 on page 4}}} +Multiple uses for byte 661 of page 4 +Fragmented space is 249 byte reported as 21 on page 4}}} # test that a corrupt free cell size is handled (seed 169595) do_test corruptC-2.6 { -- 2.47.2