Avoid the possibility of integer overflow on a pointer comparison test for
corruption in the database file. FossilOrigin-Name: ff1b1ac3313ba9d70414e928ef3dd82913298a1a
This commit is contained in:
drh
parent
13969f5af0
commit
0b98207c5b
12
manifest
12
manifest
@ -1,5 +1,5 @@
|
||||
C Fix\sharmless\scompiler\swarnings.
|
||||
D 2016-03-21T22:28:51.426
|
||||
C Avoid\sthe\spossibility\sof\sinteger\soverflow\son\sa\spointer\scomparison\stest\sfor\ncorruption\sin\sthe\sdatabase\sfile.
|
||||
D 2016-03-22T14:10:45.052
|
||||
F Makefile.in f53429fb2f313c099283659d0df6f20f932c861f
|
||||
F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
|
||||
F Makefile.msc df0bf9ff7f8b3f4dd9fb4cc43f92fe58f6ec5c66
|
||||
@ -297,7 +297,7 @@ F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240
|
||||
F src/backup.c f60f0aa55d25d853ffde53d0b0370a7bb7ee41ce
|
||||
F src/bitvec.c 3ee4c8b2c94ed3a7377256e18199e6ff5cf33f63
|
||||
F src/btmutex.c bc87dd3b062cc26edfe79918de2200ccb8d41e73
|
||||
F src/btree.c 6eee126fe9d1f57118de9be2be840a4c6e691828
|
||||
F src/btree.c 5753da53071b5d5a8ace8fd9ea7a54cefeb8187b
|
||||
F src/btree.h a5008b9afe56e8e54ade6c436a910f112defcca9
|
||||
F src/btreeInt.h c18b7d2a3494695133e4e60ee36061d37f45d9a5
|
||||
F src/build.c 213cbf84e99dd834e6ea46615633656d7ef79321
|
||||
@ -1459,7 +1459,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||
P 3d076094ce411bffcfeb76c0284d15d0f83bd459
|
||||
R 8b7871914efe43742b6c5e5d156225cc
|
||||
P 25d776e4523aefeec007943fe29aa17c23ccb301
|
||||
R 7b06b50bff5ae9500629c34b0d5509bb
|
||||
U drh
|
||||
Z 74feddb89c21c363d080129c819f5a2b
|
||||
Z 3c0767287744fc9671f0ea1849fc5941
|
||||
|
||||
@ -1 +1 @@
|
||||
25d776e4523aefeec007943fe29aa17c23ccb301
|
||||
ff1b1ac3313ba9d70414e928ef3dd82913298a1a
|
||||
@ -4472,8 +4472,13 @@ static int accessPayload(
|
||||
#endif
|
||||
assert( offset+amt <= pCur->info.nPayload );
|
||||
|
||||
if( &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize] ){
|
||||
/* Trying to read or write past the end of the data is an error */
|
||||
assert( aPayload > pPage->aData );
|
||||
if( (aPayload - pPage->aData) > (pBt->usableSize - pCur->info.nLocal) ){
|
||||
/* Trying to read or write past the end of the data is an error. The
|
||||
** conditional above is really:
|
||||
** &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize]
|
||||
** but is recast into its current form to avoid integer overflow problems
|
||||
*/
|
||||
return SQLITE_CORRUPT_BKPT;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user