Fix the VFSes so that there is no 32-bit integer overflow in the

author drh <>

Thu, 21 May 2026 15:14:35 +0000 (15:14 +0000)

committer drh <>

Thu, 21 May 2026 15:14:35 +0000 (15:14 +0000)
author drh <>
Thu, 21 May 2026 15:14:35 +0000 (15:14 +0000)
committer drh <>
Thu, 21 May 2026 15:14:35 +0000 (15:14 +0000)
diff --git a/manifest b/manifest

index 985b5a1b891ce6c6ae327fc74ff95ee0bfe4dc78..ea05a71d533558f22177e34d3254c13359328a58 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sbuffer\soverread\sin\sthe\ssession\smodule\sthat\scould\soccur\swhen\sprocessing\sa\scorrupt\schangeset.
-D 2026-05-21T14:58:36.935
+C Fix\sthe\sVFSes\sso\sthat\sthere\sis\sno\s32-bit\sinteger\soverflow\sin\sthe\nxShmMap\smethod\sif\sthe\sWAL\sfile\ssize\sexceeds\sabout\s25\sterabytes,\sor\nif\sthe\sheader\sis\scorrupted\sto\smake\sSQLite\sthink\sthat\sthe\sWAL\sfile\ssize\nis\sthat\sbig.\n[bugs:/info/2026-05-21T03:53:03Z|Bug\s2026-05-21T03:53:03Z].
+D 2026-05-21T15:14:35.420
  F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -721,8 +721,8 @@ F src/os.h 1ff5ae51d339d0e30d8a9d814f4b8f8e448169304d83a7ed9db66a65732f3e63
  F src/os_common.h 6c0eb8dd40ef3e12fe585a13e709710267a258e2c8dd1c40b1948a1d14582e06
  F src/os_kv.c e7d96727db5b67e39d590a68cc61c86daf4c093c36c011a09ebfb521182ec28d
  F src/os_setup.h 8efc64eda6a6c2f221387eefc2e7e45fd5a3d5c8337a7a83519ba4fbd2957ae2
-F src/os_unix.c a07dce662f6c4e18098f6faa9f7ec7cf311f56ee9151bed2aad4dcd55852c9e2
-F src/os_win.c beae6892a5301541b932e8ada4c34dc871d96d4d98a28051382f32138501b1b9
+F src/os_unix.c 83759942d1ea8d59daed50901c123016f845fada74caf3496b8a2537c9a08838
+F src/os_win.c 8df4b34ec6a08616a7ac33164999524ef773fa359d39ae9ae0e7e1ae4f167440
  F src/os_win.h c06ccc3a090cf54202ea58981c298817f3309d4c9e4d52ad0a02927346493721
  F src/pager.c fbec9063ea139dfa5d94ce540671752b89f8e8dc38f8a1f614bab1aa04a2dd40
  F src/pager.h 6137149346e6c8a3ddc1eeb40aee46381e9bc8b0fcc6dda8a1efde993c2275b8
@@ -2205,8 +2205,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
  F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
  F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
  F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 035f1d2f284a081e6aef01cc773a3784458ec8e6297f3fbf4063670a9e65278c
-R 1e2b795dd24a1dc54fabb62c538c6eaa
-U dan
-Z e2539ec2b0b2717cf345cab8558dd8c0
+P 869a51ae84dfaaf824c872e4b3024f35eea7fa67bb584759a2d42ebf8404ef6e
+R 9253aad57f0e0c2cd700de54d1f4d82b
+U drh
+Z 444f216a004346dc782c26e43224aa07
  # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid

index f4b403f593b5e06b3d2e397af9dd67d254bca887..5970dfeaa7bb05ed0510e46e5200f5659f79a849 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-869a51ae84dfaaf824c872e4b3024f35eea7fa67bb584759a2d42ebf8404ef6e
+9ac4a33a2932d353c4871fd8e09c10addf827f1fc3fc9380037d738cf2cd0353
diff --git a/src/os_unix.c b/src/os_unix.c

index 3267d021383b3251136a14ca95234c7ad84f36aa..ad8259971a2186406c4cbd455b7c953a434d2115 100644 (file)
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -5140,9 +5140,9 @@ static int unixShmMap(
    nReqRegion = ((iRegion+nShmPerMap) / nShmPerMap) * nShmPerMap;
  
    if( pShmNode->nRegion<nReqRegion ){
-    char **apNew;                      /* New apRegion[] array */
-    int nByte = nReqRegion*szRegion;   /* Minimum required file size */
-    struct stat sStat;                 /* Used by fstat() */
+    char **apNew;                         /* New apRegion[] array */
+    i64 nByte = nReqRegion*(i64)szRegion; /* Minimum required file size */
+    struct stat sStat;                    /* Used by fstat() */
  
      pShmNode->szRegion = szRegion;
  
@@ -5173,7 +5173,7 @@ static int unixShmMap(
          */
          else{
            static const int pgsz = 4096;
-          int iPg;
+          i64 iPg;
  
            /* Write to the last byte of each newly allocated or extended page */
            assert( (nByte % pgsz)==0 );
@@ -5199,8 +5199,8 @@ static int unixShmMap(
      }
      pShmNode->apRegion = apNew;
      while( pShmNode->nRegion<nReqRegion ){
-      int nMap = szRegion*nShmPerMap;
-      int i;
+      i64 nMap = (i64)szRegion*(i64)nShmPerMap;
+      i64 i;
        void *pMem;
        if( pShmNode->hShm>=0 ){
          pMem = osMmap(0, nMap,
diff --git a/src/os_win.c b/src/os_win.c

index 6cd563d245245a138a3eab71054b320d7e573ba9..5faff4d7a110ecb7872d186f6b3cf17782433c4d 100644 (file)
--- a/src/os_win.c
+++ b/src/os_win.c
@@ -3599,7 +3599,7 @@ static int winShmMap(
    if( pShmNode->nRegion<=iRegion ){
      HANDLE hShared = pShmNode->hSharedShm;
      struct ShmRegion *apNew;           /* New aRegion[] array */
-    int nByte = (iRegion+1)*szRegion;  /* Minimum required file size */
+    i64 nByte = ((i64)iRegion+1)*(i64)szRegion;  /* Minimum file size */
      sqlite3_int64 sz;                  /* Current size of wal-index file */
  
      pShmNode->szRegion = szRegion;
@@ -3630,7 +3630,7 @@ static int winShmMap(
  
      /* Map the requested memory region into this processes address space. */
      apNew = (struct ShmRegion*)sqlite3_realloc64(
-        pShmNode->aRegion, (iRegion+1)*sizeof(apNew[0])
+        pShmNode->aRegion, ((i64)iRegion+1)*sizeof(apNew[0])
      );
      if( !apNew ){
        rc = SQLITE_IOERR_NOMEM_BKPT;
@@ -3652,19 +3652,19 @@ static int winShmMap(
  #else
        hMap = osCreateFileMappingW(hShared, NULL, protect, 0, nByte, NULL);
  #endif
-      OSTRACE(("SHM-MAP-CREATE pid=%lu, region=%d, size=%d, rc=%s\n",
+      OSTRACE(("SHM-MAP-CREATE pid=%lu, region=%d, size=%lld, rc=%s\n",
                 osGetCurrentProcessId(), pShmNode->nRegion, nByte,
                 hMap ? "ok" : "failed"));
        if( hMap ){
-        int iOffset = pShmNode->nRegion*szRegion;
+        i64 iOffset = pShmNode->nRegion*szRegion;
          int iOffsetShift = iOffset % winSysInfo.dwAllocationGranularity;
  #ifdef SQLITE_UWP
          pMap = osMapViewOfFileFromApp(hMap, flags,
-            iOffset - iOffsetShift, szRegion + iOffsetShift
+            iOffset - iOffsetShift, (i64)szRegion + iOffsetShift
          );
  #else
          pMap = osMapViewOfFile(hMap, flags,
-            0, iOffset - iOffsetShift, szRegion + iOffsetShift
+            0, iOffset - iOffsetShift, (i64)szRegion + iOffsetShift
          );
  #endif
          OSTRACE(("SHM-MAP-MAP pid=%lu, region=%d, offset=%d, size=%d, rc=%s\n",
@@ -3687,7 +3687,7 @@ static int winShmMap(
  
  shmpage_out:
    if( pShmNode->nRegion>iRegion ){
-    int iOffset = iRegion*szRegion;
+    i64 iOffset = (i64)iRegion*(i64)szRegion;
      int iOffsetShift = iOffset % winSysInfo.dwAllocationGranularity;
      char *p = (char *)pShmNode->aRegion[iRegion].pMap;
      *pp = (void *)&p[iOffsetShift];
author	drh <>
	Thu, 21 May 2026 15:14:35 +0000 (15:14 +0000)
committer	drh <>
	Thu, 21 May 2026 15:14:35 +0000 (15:14 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/os_unix.c		patch \| blob \| blame \| history
src/os_win.c		patch \| blob \| blame \| history