Earlier detection of corruption in sqlite3BtreeDelete(). Fix for

the assertion fault reported by [forum:/forumpost/9d78389221|forum post 9d78389221]. FossilOrigin-Name: 13e9ff9e84a114374b49986484dbee05953a496f3017dd5089fba6f495a17c40
2022-01-02 11:25:51 +00:00 · 2022-01-02 11:25:51 +00:00 · 2dfe9664a9
commit 2dfe9664a9
parent 24a82eadb3
3 changed files with 16 additions and 9 deletions
--- a/12
+++ b/12
@ -1,5 +1,5 @@
-C Do\snot\sraise\san\sSQLITE_SCHEMA\serror\sif\sin\ssqlite3Init().\s\sFix\sfor\sPoC\s#2\sin\n[forum:/forumpost/b03d86f951|forum\spost\sb03d86f951].\s\sSee\sTH3\sfor\stest\ncases.
-D 2022-01-01T22:55:31.616
+C Earlier\sdetection\sof\scorruption\sin\ssqlite3BtreeDelete().\s\sFix\sfor\nthe\sassertion\sfault\sreported\sby\n[forum:/forumpost/9d78389221|forum\spost\s9d78389221].
+D 2022-01-02T11:25:51.036
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@ -491,7 +491,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf
 F src/backup.c 3014889fa06e20e6adfa0d07b60097eec1f6e5b06671625f476a714d2356513d
 F src/bitvec.c 7c849aac407230278445cb069bebc5f89bf2ddd87c5ed9459b070a9175707b3d
 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
-F src/btree.c ea774b39e4515a2fc3dd49288ec01d2939063645124a906876b45b9d9b74787f
+F src/btree.c fab3d2a9e2a187373c393b9f35e68e996010a1aae1354763f7c5846915a99b83
 F src/btree.h 74d64b8f28cfa4a894d14d4ed64fa432cd697b98b61708d4351482ae15913e22
 F src/btreeInt.h ee9348c4cb9077243b049edc93a82c1f32ca48baeabf2140d41362b9f9139ff7
 F src/build.c 6e16f7b539bfc55149a039bf0cda26b089640339df6147070b072df2d1c4f771
@ -1936,8 +1936,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 1d1fe03c752267f03f015ada975876f65e2a7b967e19f057b5c73f95d7df8a9c
-R f15a1845feed9e7d6592a8459d433a16
+P e199a851e316bd471bfc54204b8c250d3ae93b829261214158a2c74acad4093e
+R c8fd3582e0c7f6d2a8919913e7670fb0
 U drh
-Z c10bc7ddd6a7f2304a3228c439a3f0e6
+Z 02df45f52682e2fefdb79cf7aae0eb67
 # Remove this line to create a well-formed Fossil manifest.
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-e199a851e316bd471bfc54204b8c250d3ae93b829261214158a2c74acad4093e
+13e9ff9e84a114374b49986484dbee05953a496f3017dd5089fba6f495a17c40
--- a/src/btree.c
+++ b/src/btree.c
@ -6819,13 +6819,15 @@ static void dropCell(MemPage *pPage, int idx, int sz, int *pRC){
  int hdr;        /* Beginning of the header.  0 most pages.  100 page 1 */

  if( *pRC ) return;
-  assert( idx>=0 && idx<pPage->nCell );
+  assert( idx>=0 );
+  assert( idx<pPage->nCell );
  assert( CORRUPT_DB || sz==cellSize(pPage, idx) );
  assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  assert( pPage->nFree>=0 );
  data = pPage->aData;
  ptr = &pPage->aCellIdx[2*idx];
+  assert( pPage->pBt->usableSize > (int)(ptr-data) );
  pc = get2byte(ptr);
  hdr = pPage->hdrOffset;
  testcase( pc==(u32)get2byte(&data[hdr+5]) );
@ -9254,7 +9256,12 @@ int sqlite3BtreeDelete(BtCursor *pCur, u8 flags){
  iCellIdx = pCur->ix;
  pPage = pCur->pPage;
  pCell = findCell(pPage, iCellIdx);
-  if( pPage->nFree<0 && btreeComputeFreeSpace(pPage) ) return SQLITE_CORRUPT;
+  if( pPage->nFree<0 && btreeComputeFreeSpace(pPage) ){
+    return SQLITE_CORRUPT_BKPT;
+  }
+  if( pPage->nCell<=iCellIdx ){
+    return SQLITE_CORRUPT_BKPT;
+  }

  /* If the bPreserve flag is set to true, then the cursor position must
  ** be preserved following this delete operation. If the current delete