Fix a crash that could be caused by configuring the pager-cache with a bulk allocatio...

FossilOrigin-Name: b4b9dc632b06f932759bc2fceeb6fa1dd6e0de329106ae1d34be874ea1695859

diff --git a/manifest b/manifest
index 450b3216bfc3b096c3ab77b9a225dbbec7d58bd4..8734bd14fa39529807eb9ae88d0d2b9fcc79d13a 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\spossible\sNULL\spointer\sderefence\sin\sthe\s(experimental\sand\suntested)\nuuid.c\sextension.\n[bugs:/info/2026-06-04T09:50:59Z|Bug\s2026-06-04T09:50:59Z].
-D 2026-06-04T11:42:23.818
+C Fix\sa\scrash\sthat\scould\sbe\scaused\sby\sconfiguring\sthe\spager-cache\swith\sa\sbulk\sallocation\stoo\ssmall\sto\sfit\seven\sone\spage.\sBug\s[bugs:/info/2026-06-04T07:03:12Z\s|\s2026-06-04T07:03:12Z].
+D 2026-06-04T11:48:18.682
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -730,7 +730,7 @@ F src/pager.h 6137149346e6c8a3ddc1eeb40aee46381e9bc8b0fcc6dda8a1efde993c2275b8
 F src/parse.y d5a3c5b0277a441c38b35071c05e2b61ff5fc918a63309c809f4b6706179c320
 F src/pcache.c 588cc3c5ccaaadde689ed35ce5c5c891a1f7b1f4d1f56f6cf0143b74d8ee6484
 F src/pcache.h 092b758d2c5e4dabb30eae46d8dfad77c0f70b16bf3ff1943f7a232b0fe0d4ba
-F src/pcache1.c 131ca0daf4e66b4608d2945ae76d6ed90de3f60539afbd5ef9ec65667a5f2fcd
+F src/pcache1.c d7ee0f95992501a65379f620b3de1430b64e52e397769938668a9fd9dd1c8145
 F src/pragma.c 789ef67117b74b5be0a2db6681f7f0c55e6913791b9da309aefd280de2c8a74d
 F src/prepare.c 084a037fd3810cb7ffbfc001cd58c0ffac68ba36598a5084b55ea2a090014ebd
 F src/printf.c 1b3d26ed8ea9a900317832625d5e83b833c7cf14640d7d98a2c235e172b6fefc
@@ -1510,7 +1510,7 @@ F test/pageropt.test 84e4cc5cbca285357f7906e99b21be4f2bf5abc0
 F test/pagesize.test 5769fc62d8c890a83a503f67d47508dfdc543305
 F test/parser1.test 131f4733472252d53d8ed681115257866f55740ab697fa05900d766049348f27
 F test/pcache.test c8acbedd3b6fd0f9a7ca887a83b11d24a007972b
-F test/pcache2.test af7f3deb1a819f77a6d0d81534e97d1cf62cd442
+F test/pcache2.test 8a801d2b8e4b0ebb99701f026a67a9e84634c8aa24799a842c44003b93250da1
 F test/pendingrace.test e99efc5ab3584da3dfc8cd6a0ec4e5a42214820574f5ea24ee93f1d84655f463
 F test/percentile.test fd78896fa882fa4fbf693640097859721f3629926c2ccf804af5bcb7001fd35b
 F test/permutations.test e6de4f5777f7785737ac3d1d964b8656e5477a134665b2fe8a91884ab9b685b3
@@ -2208,8 +2208,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 003013ccabaaa7aea1e78844474ed5032ee9c9824f98c5d36687ac5256a5e128
-R cfa14dad181f100522dd042ae7f4e4d4
-U drh
-Z efd0a8837fd4c395161f3197f6024029
+P fa6374fe3ae1530f0b5ba10b7e6fb703ffe5dd592c532a965e7d50b7d2d70a5f
+R 6de34bc043d0c829fd93ff6edfd1a32a
+U dan
+Z 14bc5457646dbc84d7522f7a51ce7645
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index 38fcb5123962fdb5c2f4f213468b8508559edf1a..f84abf38002e3189f699e727687bbd93b37ec30f 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-fa6374fe3ae1530f0b5ba10b7e6fb703ffe5dd592c532a965e7d50b7d2d70a5f
+b4b9dc632b06f932759bc2fceeb6fa1dd6e0de329106ae1d34be874ea1695859

diff --git a/src/pcache1.c b/src/pcache1.c
index 39607328f39f68455c73ccfd14034b78b019c94b..39a37062e8646a5057aa15348e371220b9fa3298 100644 (file)
--- a/src/pcache1.c
+++ b/src/pcache1.c
@@ -309,22 +309,24 @@ static int pcache1InitBulk(PCache1 *pCache){
   if( szBulk > pCache->szAlloc*(i64)pCache->nMax ){
     szBulk = pCache->szAlloc*(i64)pCache->nMax;
   }
-  zBulk = pCache->pBulk = sqlite3Malloc( szBulk );
-  sqlite3EndBenignMalloc();
-  if( zBulk ){
-    int nBulk = sqlite3MallocSize(zBulk)/pCache->szAlloc;
-    do{
-      PgHdr1 *pX = (PgHdr1*)&zBulk[pCache->szPage];
-      pX->page.pBuf = zBulk;
-      pX->page.pExtra = (u8*)pX + ROUND8(sizeof(*pX));
-      assert( EIGHT_BYTE_ALIGNMENT( pX->page.pExtra ) );
-      pX->isBulkLocal = 1;
-      pX->isAnchor = 0;
-      pX->pNext = pCache->pFree;
-      pX->pLruPrev = 0;           /* Initializing this saves a valgrind error */
-      pCache->pFree = pX;
-      zBulk += pCache->szAlloc;
-    }while( --nBulk );
+  if( szBulk>=pCache->szAlloc ){
+    zBulk = pCache->pBulk = sqlite3Malloc( szBulk );
+    sqlite3EndBenignMalloc();
+    if( zBulk ){
+      int nBulk = sqlite3MallocSize(zBulk)/pCache->szAlloc;
+      do{
+        PgHdr1 *pX = (PgHdr1*)&zBulk[pCache->szPage];
+        pX->page.pBuf = zBulk;
+        pX->page.pExtra = (u8*)pX + ROUND8(sizeof(*pX));
+        assert( EIGHT_BYTE_ALIGNMENT( pX->page.pExtra ) );
+        pX->isBulkLocal = 1;
+        pX->isAnchor = 0;
+        pX->pNext = pCache->pFree;
+        pX->pLruPrev = 0;    /* Initializing this saves a valgrind error */
+        pCache->pFree = pX;
+        zBulk += pCache->szAlloc;
+      }while( --nBulk );
+    }
   }
   return pCache->pFree!=0;
 }

diff --git a/test/pcache2.test b/test/pcache2.test
index a0d7496c865de19801257b455dd1f5bee20cf681..1297ed423ce706653470e39626785c8073958065 100644 (file)
--- a/test/pcache2.test
+++ b/test/pcache2.test
@@ -71,6 +71,25 @@ do_test pcache2-1.4 {
   sqlite3_status SQLITE_STATUS_PAGECACHE_USED 0
 } {0 13 13}
 
+# Check that a small (1KB) bulk cache allocation is handled.
+#
+do_test pcache2-2.1 {
+  catch {db2 close}
+  db close
+  sqlite3_reset_auto_extension
+  sqlite3_shutdown
+  sqlite3_config_pagecache 0 -1
+  sqlite3_config singlethread
+  sqlite3_initialize
+  autoinstall_test_functions
+} {0}
+
+reset_db
+do_execsql_test pcache2-2.2 {
+  PRAGMA page_size = 4096;
+  CREATE TABLE t1(x);
+}
+
 db close
 catch {db2 close}
 sqlite3_reset_auto_extension