Earlier detection of freelist corruption in the page allocation routines. (CVS 6718)
FossilOrigin-Name: e557c8e5846f9c4eaaeb3bd07614ac101bb0b3d0
This commit is contained in:
drh
parent
d46b6c23d3
commit
1662b5a6f9
12
manifest
12
manifest
@ -1,5 +1,5 @@
|
|||||||
C Fix\san\sassertion\sfault\sin\sbalance_quick()\sthat\soccurs\swhen\san\sinterior\nbtree\snode\shas\szero\scells\sdue\sto\sdatabase\scorruption.\s\sAlso\supdate\sthe\ncorrupt7.test\sresult\svectors\sfor\sa\scouple\sof\scases\swhere\sthe\serror\sreport\non\sdatabase\scorruption\schanged\sdue\sto\searlier\sdetection.\s(CVS\s6717)
|
C Earlier\sdetection\sof\sfreelist\scorruption\sin\sthe\spage\sallocation\sroutines.\s(CVS\s6718)
|
||||||
D 2009-06-04T17:02:51
|
D 2009-06-04T19:06:10
|
||||||
F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
|
F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
|
||||||
F Makefile.in 8b8fb7823264331210cddf103831816c286ba446
|
F Makefile.in 8b8fb7823264331210cddf103831816c286ba446
|
||||||
F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
|
F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
|
||||||
@ -106,7 +106,7 @@ F src/auth.c 98db07c2088455797678eb1031f42d4d94d18a71
|
|||||||
F src/backup.c ff50af53184a5fd7bdee4d620b5dabef74717c79
|
F src/backup.c ff50af53184a5fd7bdee4d620b5dabef74717c79
|
||||||
F src/bitvec.c 0ef0651714728055d43de7a4cdd95e703fac0119
|
F src/bitvec.c 0ef0651714728055d43de7a4cdd95e703fac0119
|
||||||
F src/btmutex.c 9b899c0d8df3bd68f527b0afe03088321b696d3c
|
F src/btmutex.c 9b899c0d8df3bd68f527b0afe03088321b696d3c
|
||||||
F src/btree.c a55ea6bd9be8d3028e6608c35689c9530d05b331
|
F src/btree.c 17ab7af7d250ba51d3b76eaf8b3885cbd8d91f47
|
||||||
F src/btree.h f70b694e8c163227369a66863b01fbff9009f323
|
F src/btree.h f70b694e8c163227369a66863b01fbff9009f323
|
||||||
F src/btreeInt.h df64030d632f8c8ac217ed52e8b6b3eacacb33a5
|
F src/btreeInt.h df64030d632f8c8ac217ed52e8b6b3eacacb33a5
|
||||||
F src/build.c 20e02fd72249159ff6829009f3029d16d59cdff5
|
F src/build.c 20e02fd72249159ff6829009f3029d16d59cdff5
|
||||||
@ -733,7 +733,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
|
|||||||
F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
|
F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
|
||||||
F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
|
F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
|
||||||
F tool/vdbe-compress.tcl 672f81d693a03f80f5ae60bfefacd8a349e76746
|
F tool/vdbe-compress.tcl 672f81d693a03f80f5ae60bfefacd8a349e76746
|
||||||
P 52b02ca5f3e5fdf2f3e02e9d8e016028d0842818
|
P 1335e4440f5a3d24ce9ce187e0e23fc9b166ca98
|
||||||
R 6c3f5ed82b6f0cfc3861b316c101e250
|
R 6fa526d3fc2cd5b05a7afb7c2a31b3a3
|
||||||
U drh
|
U drh
|
||||||
Z b07c4782c8d564fc8dd4dab980a2bcd9
|
Z 24570d1925b89f9799c0bf39f48794de
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
1335e4440f5a3d24ce9ce187e0e23fc9b166ca98
|
e557c8e5846f9c4eaaeb3bd07614ac101bb0b3d0
|
||||||
27
src/btree.c
27
src/btree.c
@ -9,7 +9,7 @@
|
|||||||
** May you share freely, never taking more than you give.
|
** May you share freely, never taking more than you give.
|
||||||
**
|
**
|
||||||
*************************************************************************
|
*************************************************************************
|
||||||
** $Id: btree.c,v 1.616 2009/06/04 17:02:51 drh Exp $
|
** $Id: btree.c,v 1.617 2009/06/04 19:06:10 drh Exp $
|
||||||
**
|
**
|
||||||
** This file implements a external (disk-based) database using BTrees.
|
** This file implements a external (disk-based) database using BTrees.
|
||||||
** See the header comment on "btreeInt.h" for additional information.
|
** See the header comment on "btreeInt.h" for additional information.
|
||||||
@ -4397,10 +4397,15 @@ static int allocateBtreePage(
|
|||||||
int k; /* Number of leaves on the trunk of the freelist */
|
int k; /* Number of leaves on the trunk of the freelist */
|
||||||
MemPage *pTrunk = 0;
|
MemPage *pTrunk = 0;
|
||||||
MemPage *pPrevTrunk = 0;
|
MemPage *pPrevTrunk = 0;
|
||||||
|
Pgno mxPage; /* Total size of the database file */
|
||||||
|
|
||||||
assert( sqlite3_mutex_held(pBt->mutex) );
|
assert( sqlite3_mutex_held(pBt->mutex) );
|
||||||
pPage1 = pBt->pPage1;
|
pPage1 = pBt->pPage1;
|
||||||
|
mxPage = pagerPagecount(pBt);
|
||||||
n = get4byte(&pPage1->aData[36]);
|
n = get4byte(&pPage1->aData[36]);
|
||||||
|
if( n>mxPage ){
|
||||||
|
return SQLITE_CORRUPT_BKPT;
|
||||||
|
}
|
||||||
if( n>0 ){
|
if( n>0 ){
|
||||||
/* There are pages on the freelist. Reuse one of those pages. */
|
/* There are pages on the freelist. Reuse one of those pages. */
|
||||||
Pgno iTrunk;
|
Pgno iTrunk;
|
||||||
@ -4411,7 +4416,7 @@ static int allocateBtreePage(
|
|||||||
** the entire-list will be searched for that page.
|
** the entire-list will be searched for that page.
|
||||||
*/
|
*/
|
||||||
#ifndef SQLITE_OMIT_AUTOVACUUM
|
#ifndef SQLITE_OMIT_AUTOVACUUM
|
||||||
if( exact && nearby<=pagerPagecount(pBt) ){
|
if( exact && nearby<=mxPage ){
|
||||||
u8 eType;
|
u8 eType;
|
||||||
assert( nearby>0 );
|
assert( nearby>0 );
|
||||||
assert( pBt->autoVacuum );
|
assert( pBt->autoVacuum );
|
||||||
@ -4442,13 +4447,21 @@ static int allocateBtreePage(
|
|||||||
}else{
|
}else{
|
||||||
iTrunk = get4byte(&pPage1->aData[32]);
|
iTrunk = get4byte(&pPage1->aData[32]);
|
||||||
}
|
}
|
||||||
rc = sqlite3BtreeGetPage(pBt, iTrunk, &pTrunk, 0);
|
if( iTrunk>mxPage ){
|
||||||
|
rc = SQLITE_CORRUPT_BKPT;
|
||||||
|
}else{
|
||||||
|
rc = sqlite3BtreeGetPage(pBt, iTrunk, &pTrunk, 0);
|
||||||
|
}
|
||||||
if( rc ){
|
if( rc ){
|
||||||
pTrunk = 0;
|
pTrunk = 0;
|
||||||
goto end_allocate_page;
|
goto end_allocate_page;
|
||||||
}
|
}
|
||||||
|
|
||||||
k = get4byte(&pTrunk->aData[4]);
|
k = get4byte(&pTrunk->aData[4]);
|
||||||
|
if( k>mxPage ){
|
||||||
|
rc = SQLITE_CORRUPT_BKPT;
|
||||||
|
goto end_allocate_page;
|
||||||
|
}
|
||||||
if( k==0 && !searchList ){
|
if( k==0 && !searchList ){
|
||||||
/* The trunk has no leaves and the list is not being searched.
|
/* The trunk has no leaves and the list is not being searched.
|
||||||
** So extract the trunk page itself and use it as the newly
|
** So extract the trunk page itself and use it as the newly
|
||||||
@ -4492,6 +4505,10 @@ static int allocateBtreePage(
|
|||||||
*/
|
*/
|
||||||
MemPage *pNewTrunk;
|
MemPage *pNewTrunk;
|
||||||
Pgno iNewTrunk = get4byte(&pTrunk->aData[8]);
|
Pgno iNewTrunk = get4byte(&pTrunk->aData[8]);
|
||||||
|
if( iNewTrunk>mxPage ){
|
||||||
|
rc = SQLITE_CORRUPT_BKPT;
|
||||||
|
goto end_allocate_page;
|
||||||
|
}
|
||||||
rc = sqlite3BtreeGetPage(pBt, iNewTrunk, &pNewTrunk, 0);
|
rc = sqlite3BtreeGetPage(pBt, iNewTrunk, &pNewTrunk, 0);
|
||||||
if( rc!=SQLITE_OK ){
|
if( rc!=SQLITE_OK ){
|
||||||
goto end_allocate_page;
|
goto end_allocate_page;
|
||||||
@ -4546,6 +4563,10 @@ static int allocateBtreePage(
|
|||||||
}
|
}
|
||||||
|
|
||||||
iPage = get4byte(&aData[8+closest*4]);
|
iPage = get4byte(&aData[8+closest*4]);
|
||||||
|
if( iPage>mxPage ){
|
||||||
|
rc = SQLITE_CORRUPT_BKPT;
|
||||||
|
goto end_allocate_page;
|
||||||
|
}
|
||||||
if( !searchList || iPage==nearby ){
|
if( !searchList || iPage==nearby ){
|
||||||
int noContent;
|
int noContent;
|
||||||
Pgno nPage;
|
Pgno nPage;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user