Fix an assert() in btree routine freeSpace() that may be false if the database is corrupt.

FossilOrigin-Name: 00a473c56188cd60a74559effb114140e3fe8a8d

manifest

@@ -1,5 +1,5 @@
-C Fix\san\sfts4\smatchinf()\sproblem\striggered\sby\sdeferred\stokens\sthat\sare\spart\sof\sphrases\sthat\sare\spart\sof\sAND\sexpressions.
-D 2015-05-25T10:57:13.025
+C Fix\san\sassert()\sin\sbtree\sroutine\sfreeSpace()\sthat\smay\sbe\sfalse\sif\sthe\sdatabase\sis\scorrupt.
+D 2015-05-25T15:03:49.960
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 0a6ae26396ec696221021780dffbb894ff3cead7
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -192,7 +192,7 @@ F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240
 F src/backup.c ff743689c4d6c5cb55ad42ed9d174b2b3e71f1e3
 F src/bitvec.c 5eb7958c3bf65210211cbcfc44eff86d0ded7c9d
 F src/btmutex.c 45a968cc85afed9b5e6cf55bf1f42f8d18107f79
-F src/btree.c 148cbc4387f30f8082a32d0f7a07ea602db80945
+F src/btree.c 9114263de91fa983a7ae6bbd75bb044552e4a7fb
 F src/btree.h 969adc948e89e449220ff0ff724c94bb2a52e9f1
 F src/btreeInt.h 973a22a6fd61350b454ad614832b1f0a5e25a1e4
 F src/build.c d5d9090788118178190c5724c19f93953b8c7a4e
@@ -452,7 +452,7 @@ F test/corruptE.test 193b4ca4e927e77c1d5f4f56203ddc998432a7ee
 F test/corruptF.test be9fde98e4c93648f1ba52b74e5318edc8f59fe4
 F test/corruptG.test 1ab3bf97ee7bdba70e0ff3ba2320657df55d1804
 F test/corruptH.test 5dd4fa98c6c1ed33b178f9e8a48c4fdd3cfc9067
-F test/corruptI.test 221ad8b7f0a9ac6b80fc577e73b5ad8cdea31243
+F test/corruptI.test 08048e8f2743e1d4c0f8862699b72b8eb947d79b
 F test/corruptJ.test 9e29e7a81ee3b6ac50f77ea7a9e2f3fa03f32d91
 F test/cost.test 19d314526616ce4473eb4e4e450fcb94499ce318
 F test/count.test cb2e0f934c6eb33670044520748d2ecccd46259c
@@ -1278,7 +1278,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 4e4228c47f862c7f1fb078bf1b8c1d604f09d365
-R 342f9a9bdc1e4269db286539017c87a3
+P f1e942a1dda496a509741e9cc2a17e8b4dac63a3
+R 47c82c340b3278702bcb6251bfdf065a
 U dan
-Z d0a64384331038a61aab1eaa287d5c77
+Z 0ae4902a860647347b6e1ad08b782288

manifest.uuid

@@ -1 +1 @@
-f1e942a1dda496a509741e9cc2a17e8b4dac63a3
+00a473c56188cd60a74559effb114140e3fe8a8d

src/btree.c

@@ -1416,7 +1416,7 @@ static int freeSpace(MemPage *pPage, u16 iStart, u16 iSize){
 
   assert( pPage->pBt!=0 );
   assert( sqlite3PagerIswriteable(pPage->pDbPage) );
-  assert( iStart>=pPage->hdrOffset+6+pPage->childPtrSize );
+  assert( CORRUPT_DB || iStart>=pPage->hdrOffset+6+pPage->childPtrSize );
   assert( CORRUPT_DB || iEnd <= pPage->pBt->usableSize );
   assert( sqlite3_mutex_held(pPage->pBt->mutex) );
   assert( iSize>=4 );   /* Minimum cell size is 4 */

test/corruptI.test

@@ -105,4 +105,30 @@ if {[db one {SELECT sqlite_compileoption_used('ENABLE_OVERSIZE_CELL_CHECK')}]} {
      INSERT INTO t1 VALUES(9, 'klmnopqrst');
    } {1 {database disk image is malformed}}
 } ;# end-if !defined(ENABLE_OVERSIZE_CELL_CHECK)
+
+
+#-------------------------------------------------------------------------
+# Test that an assert() failure discovered by AFL corrupt database file
+# testing has been fixed.
+#
+reset_db
+do_execsql_test 4.0 {
+  PRAGMA page_size = 65536;
+  PRAGMA autovacuum = 0;
+  CREATE TABLE t1(a INTEGER PRIMARY KEY, b);
+  INSERT INTO t1 VALUES(-1, 'abcdefghij');
+  INSERT INTO t1 VALUES(0, 'abcdefghij');
+}
+
+set root [db one {SELECT rootpage FROM sqlite_master}]
+set offset [expr ($root-1) * 65536]
+
+do_test 4.1 {
+  db close
+  hexio_write test.db [expr $offset + 8 + 2] 0000
+  hexio_write test.db [expr $offset + 5] 0000
+  sqlite3 db test.db
+  execsql { DELETE FROM t1 WHERE a=0 }
+} {}
+
 finish_test