Bug fix: Only trust the database size number at offset 28 if the change

counter at offset 24 matches the version number counter at offset 92.
This prevents corruption in the case of two applications writing to the
database where one is an older version of SQLite and the other is a newer
version.

FossilOrigin-Name: f80c3f922a114e738613955a939db46cf0847038

diff --git a/manifest b/manifest
index bab89a2a9923f0ea6f507eef7abaa541a465589f..f7fc681bf90e74996911948911e6493bd1fa473e 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,8 @@
-C Add\sextra\stest\scases\sto\spager1.test.
-D 2010-06-16T12:30:11
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+C Bug\sfix:\s\sOnly\strust\sthe\sdatabase\ssize\snumber\sat\soffset\s28\sif\sthe\schange\ncounter\sat\soffset\s24\smatches\sthe\sversion\snumber\scounter\sat\soffset\s92.\nThis\sprevents\scorruption\sin\sthe\scase\sof\stwo\sapplications\swriting\sto\sthe\ndatabase\swhere\sone\sis\san\solder\sversion\sof\sSQLite\sand\sthe\sother\sis\sa\snewer\nversion.
+D 2010-06-17T02:13:40
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in a5cad1f8f3e021356bfcc6c77dc16f6f1952bbc3
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -113,7 +116,7 @@ F src/auth.c 523da7fb4979469955d822ff9298352d6b31de34
 F src/backup.c 3dc89da1da8b948554d5daedab5fec1097188a2d
 F src/bitvec.c 06ad2c36a9c3819c0b9cbffec7b15f58d5d834e0
 F src/btmutex.c 96a12f50f7a17475155971a241d85ec5171573ff
-F src/btree.c 5934a9f5a328488cca392766bb841ff41c9083a9
+F src/btree.c 9806fb4030d0af907cf5cd7d4b9c8fd939eccfef
 F src/btree.h dd83041eda10c17daf023257c1fc883b5f71f85a
 F src/btreeInt.h b0c87f6725b06a0aa194a6d25d54b16ce9d6e291
 F src/build.c 9d48f4023d5e3d0a6807f1f531d8d7187d252c57
@@ -156,7 +159,7 @@ F src/os_common.h a8f95b81eca8a1ab8593d23e94f8a35f35d4078f
 F src/os_os2.c 665876d5eec7585226b0a1cf5e18098de2b2da19
 F src/os_unix.c ae173c9f6afaa58b2833a1c95c6cd32021755c42
 F src/os_win.c dfde7d33c446e89dd9a277c036f2c4cc564b3138
-F src/pager.c 2964185d4356d0dc159b8340e52d2538d32394e5
+F src/pager.c 7f0ebd5dca02cda61a5ee2cc8d6877286592abda
 F src/pager.h ca1f23c0cf137ac26f8908df2427c8b308361efd
 F src/parse.y ace5c7a125d9f2a410e431ee3209034105045f7e
 F src/pcache.c 1e9aa2dbc0845b52e1b51cc39753b6d1e041cb07
@@ -811,7 +814,7 @@ F tool/restore_jrnl.tcl 6957a34f8f1f0f8285e07536225ec3b292a9024a
 F tool/shell1.test ef08a3e738b9fee4fc228920956950bc35db0575
 F tool/shell2.test 8f51f61c13b88618e71c17439fe0847c2421c5d1
 F tool/shell3.test ff663e83100670a295d473515c12beb8103a78b6
-F tool/showdb.c 12fbece85695e3a61bdb4f7607b61f264120c4b6
+F tool/showdb.c 01c20e8181941b714fe07f72c64a7560fee17ff9
 F tool/showjournal.c ec3b171be148656827c4949fbfb8ab4370822f87
 F tool/soak1.tcl 8d407956e1a45b485a8e072470a3e629a27037fe
 F tool/space_used.tcl f714c41a59e326b8b9042f415b628b561bafa06b
@@ -822,7 +825,14 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
-P 6c5c04eea1f0e8d61883ee8675c249fbf895dc01
-R d490808417f08b44a0b162eb48b4aec9
-U dan
-Z 861e5ff117287c588eecf635e107e097
+P ad3209572d0e6afe5c8b52313e334509661045e2
+R ad508c111bfac4ef56e6dd1a72cf9f53
+U drh
+Z 1cb6e747168ed02cf4bf3371c6ee48c5
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+iD8DBQFMGYTXoxKgR168RlERAgMoAKCCbW2c14E1x3NYvkGGyBe/EgKS5QCeL5Cg
+CUKdqaE7t6fQ84lCcJEMBaQ=
+=hOmP
+-----END PGP SIGNATURE-----

diff --git a/manifest.uuid b/manifest.uuid
index 4d0fbc3ef3b075a759e15f2627a56be3a03c8f54..79c5e02bef42af4b7c1260f0b33b6fbf631ad91c 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-ad3209572d0e6afe5c8b52313e334509661045e2
\ No newline at end of file
+f80c3f922a114e738613955a939db46cf0847038
\ No newline at end of file

diff --git a/src/btree.c b/src/btree.c
index 1e1b6f19ea3e2228a452b94409b43e516e354901..37ea5e46b1c58a3c6c767fa4c1c9bbacdf13ff30 100644 (file)
--- a/src/btree.c
+++ b/src/btree.c
@@ -2250,7 +2250,7 @@ static int lockBtree(BtShared *pBt){
   if( (rc = sqlite3PagerPagecount(pBt->pPager, &nPageFile))!=SQLITE_OK ){;
     goto page1_init_failed;
   }
-  if( nPage==0 ){
+  if( nPage==0 || memcmp(24+(u8*)pPage1->aData, 92+(u8*)pPage1->aData,4)!=0 ){
     nPage = nPageFile;
   }
   if( nPage>0 ){

diff --git a/src/pager.c b/src/pager.c
index 2b102fbea9a35d4c1f5e62e8ed8a51a11898ed6c..bc7e8556b5a8ff645d118b4c2600563bc53b0525 100644 (file)
--- a/src/pager.c
+++ b/src/pager.c
@@ -2234,9 +2234,9 @@ static int readDbPage(PgHdr *pPg){
       /* If the read is unsuccessful, set the dbFileVers[] to something
       ** that will never be a valid file version.  dbFileVers[] is a copy
       ** of bytes 24..39 of the database.  Bytes 28..31 should always be
-      ** zero.  Bytes 32..35 and 35..39 should be page numbers which are
-      ** never 0xffffffff.  So filling pPager->dbFileVers[] with all 0xff
-      ** bytes should suffice.
+      ** zero or the size of the database in page. Bytes 32..35 and 35..39
+      ** should be page numbers which are never 0xffffffff.  So filling
+      ** pPager->dbFileVers[] with all 0xff bytes should suffice.
       **
       ** For an encrypted database, the situation is more complex:  bytes
       ** 24..39 of the database are white noise.  But the probability of
@@ -4990,7 +4990,10 @@ static int pager_incr_changecounter(Pager *pPager, int isDirectMode){
       change_counter++;
       put32bits(((char*)pPgHdr->pData)+24, change_counter);
 
-      /* Also store the SQLite version number in bytes 96..99 */
+      /* Also store the SQLite version number in bytes 96..99 and in
+      ** bytes 92..95 store the change counter for which the version number
+      ** is valid. */
+      put32bits(((char*)pPgHdr->pData)+92, change_counter);
       put32bits(((char*)pPgHdr->pData)+96, SQLITE_VERSION_NUMBER);
 
       /* If running in direct mode, write the contents of page 1 to the file. */

diff --git a/tool/showdb.c b/tool/showdb.c
index 08b1b85987cacc87d7119e415140087a7195f938..a54eea8a96686d2b444c478bdfb2a1d2b214a437 100644 (file)
--- a/tool/showdb.c
+++ b/tool/showdb.c
@@ -169,7 +169,7 @@ static void print_db_header(void){
   print_decode_line(aData, 80, 4, "meta[10]");
   print_decode_line(aData, 84, 4, "meta[11]");
   print_decode_line(aData, 88, 4, "meta[12]");
-  print_decode_line(aData, 92, 4, "meta[13]");
+  print_decode_line(aData, 92, 4, "Change counter for version number");
   print_decode_line(aData, 96, 4, "SQLite version number");
 }