Take care not to overread the record header when decoding the record

author drh <>

Wed, 18 Mar 2026 14:47:20 +0000 (14:47 +0000)

committer drh <>

Wed, 18 Mar 2026 14:47:20 +0000 (14:47 +0000)
author drh <>
Wed, 18 Mar 2026 14:47:20 +0000 (14:47 +0000)
committer drh <>
Wed, 18 Mar 2026 14:47:20 +0000 (14:47 +0000)
diff --git a/manifest b/manifest

index 81d40b34b58d9bcbbd97980566b49abd01987fd6..7a877174ab3afeb8c35f0f29575f8cdc5ca558ac 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Pad\sthe\sallocation\sin\svdbeIsMatchingKey()\sa\slittle\sto\savoid\sundefined\sbehaviour\sif\sthe\srecord\sis\scorrupt\sand\sgetVarint32()\sreads\spast\sthe\send\sof\sit.
-D 2026-03-18T14:01:21.766
+C Take\scare\snot\sto\soverread\sthe\srecord\sheader\swhen\sdecoding\sthe\srecord\nin\svdbeIsMatchingIndexKey().
+D 2026-03-18T14:47:20.951
  F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -803,7 +803,7 @@ F src/vdbe.c efb45e9c234a85ccb3c515a1af93832530a480bbc0a940929bf156c174c1df64
  F src/vdbe.h 70e862ac8a11b590f8c1eaac17a0078429d42bc4ea3f757a9af0f451dd966a71
  F src/vdbeInt.h f7157f110f88f1d9d8338c292faf23a9129f6712563ade2b408537c95e17bdef
  F src/vdbeapi.c 6cdcbe5c7afa754c998e73d2d5d2805556268362914b952811bdfb9c78a37cf1
-F src/vdbeaux.c f64744dc2ed5f5154387549fbaaef94b701af53990e2d0efcb559176464b0625
+F src/vdbeaux.c 2cfb8fc61e3ae446c2bed2f4c44aebfb4f4bf5b406c4d40dc03a52a4d87304a7
  F src/vdbeblob.c b3f0640db9642fbdc88bd6ebcc83d6009514cafc98f062f675f2c8d505d82692
  F src/vdbemem.c 317ec5e870ddb16951b606c9fe8be22baef22ecbe46f58fdefc259662238afb7
  F src/vdbesort.c b69220f4ea9ffea5fdef34d968c60305444eea909252a81933b54c296d9cca70
@@ -2194,8 +2194,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
  F tool/warnings.sh d924598cf2f55a4ecbc2aeb055c10bd5f48114793e7ba25f9585435da29e7e98
  F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
  F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P efd9a7a6c862f778da9cd74e38f674e5d1094aa1c566ea3e68553e83f59502d3
-R 944bc9f722937cbb4104e48b78aa4901
-U dan
-Z 314853e7091ee1fcae205f6db5503ae0
+P 9b0671a4f58098948d530f5e238b483a0e9f1309021aff0d6b5ea90e6c8f4e7b
+R b8f2431a3170169ff614376e506c5e3a
+U drh
+Z 399fe0cc6e8662d24092a4f0c31f2585
  # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid

index d898c44e58b8fc52312f1d50dbac8ad6a5e7a470..f7462d514ad28659847cd28c4d9dd42c4a4132a1 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-9b0671a4f58098948d530f5e238b483a0e9f1309021aff0d6b5ea90e6c8f4e7b
+3a275b5848767b61011b9d1d3d1a62328a80906386375d1b1e13fd92b6983e05
diff --git a/src/vdbeaux.c b/src/vdbeaux.c

index 8e6f762df63089f6ee74362b67871917e187acea..3e2540df1a157debe54a2b8a2be4ff93d77fbffd 100644 (file)
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -5488,6 +5488,10 @@ static int vdbeIsMatchingIndexKey(
          u32 iSerial = 0;
          int nSerial = 0;
  
+        if( idxHdr>=szHdr ){
+          rc = SQLITE_CORRUPT_BKPT;
+          break;
+        }
          idxHdr += getVarint32(&aRec[idxHdr], iSerial);
          nSerial = sqlite3VdbeSerialTypeLen(iSerial);
          if( (idxRec+nSerial)>nRec ){
author	drh <>
	Wed, 18 Mar 2026 14:47:20 +0000 (14:47 +0000)
committer	drh <>
	Wed, 18 Mar 2026 14:47:20 +0000 (14:47 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/vdbeaux.c		patch \| blob \| blame \| history