Provide an alternative "guaranteed-safe" method for overwriting the WAL index

on recovery, in case some platform is found for which memcpy() cannot do this
safely.

FossilOrigin-Name: 168cccbabbd4807bdb04953f395cd1a245c46e9d4816a09c9d024ecd5432759d

manifest

@@ -1,5 +1,5 @@
-C Fix\scompiler\swarnings\sin\sMSVC.
-D 2020-07-30T17:37:49.603
+C Provide\san\salternative\s"guaranteed-safe"\smethod\sfor\soverwriting\sthe\sWAL\sindex\non\srecovery,\sin\scase\ssome\splatform\sis\sfound\sfor\swhich\smemcpy()\scannot\sdo\sthis\nsafely.
+D 2020-07-30T22:33:36.214
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -619,7 +619,7 @@ F src/vdbetrace.c fa3bf238002f0bbbdfb66cc8afb0cea284ff9f148d6439bc1f6f2b4c3b7143
 F src/vdbevtab.c f99b275366c5fc5e2d99f734729880994ab9500bdafde7fae3b02d562b9d323c
 F src/vtab.c 5f5fc793092f53bbdfde296c50f563fb7bda58cf48e9cf6a8bdfbc5abd409845
 F src/vxworks.h d2988f4e5a61a4dfe82c6524dd3d6e4f2ce3cdb9
-F src/wal.c 093a1fdc83de217d31dae868314b49c324790677bbd99ac0f35c40fa10040749
+F src/wal.c 7482e90927fe3f59c8741bede5fa4f7d75edc967ce8a73175ade9126593f26e8
 F src/wal.h c3aa7825bfa2fe0d85bef2db94655f99870a285778baa36307c0a16da32b226a
 F src/walker.c 3df26a33dc4f54e8771600fb7fdebe1ece0896c2ad68c30ab40b017aa4395049
 F src/where.c 2ea911238674e9baaeddf105dddabed92692a01996073c4d4983f9a7efe481f9
@@ -1879,7 +1879,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 166e82dd20efbfd355ef3fb8b500bfebd8b946f1b13619b46722de96b57ed039
-R 6928e4a9c167feb9d28739421973440a
+P 96e3dba2ed3ab0c5b2ecf65a3408633e0767c884d48c270e9ef10ab9fa3ec051
+R 91259b30616b0ffd7a9557e53f6c300d
 U drh
-Z 797ffde4bfcf3888132ef0bf7565217f
+Z 5474c4e54268b05a6f800bd41ad114a7

manifest.uuid

@@ -1 +1 @@
-96e3dba2ed3ab0c5b2ecf65a3408633e0767c884d48c270e9ef10ab9fa3ec051
+168cccbabbd4807bdb04953f395cd1a245c46e9d4816a09c9d024ecd5432759d

src/wal.c

@@ -1282,7 +1282,34 @@ static int walIndexRecover(Wal *pWal){
       pWal->apWiData[iPg] = aShare;
       nHdr = (iPg==0 ? WALINDEX_HDR_SIZE : 0);
       nHdr32 = nHdr / sizeof(u32);
+#ifndef SQLITE_SAFER_WALINDEX_RECOVERY
+      /* Memcpy() should work fine here, on all reasonable implementations.
+      ** Technically, memcpy() might change the destination to some
+      ** intermediate value before setting to the final value, and that might
+      ** cause a concurrent reader to malfunction.  Memcpy() is allowed to
+      ** do that, according to the spec, but no memcpy() implementation that
+      ** we know of actually does that, which is why we say that memcpy()
+      ** is safe for this.  Memcpy() is certainly a lot faster.
+      */
       memcpy(&aShare[nHdr32], &aPrivate[nHdr32], WALINDEX_PGSZ-nHdr);
+#else
+      /* In the event that some platform is found for which memcpy()
+      ** changes the destination to some intermediate value before
+      ** setting the final value, this alternative copy routine is
+      ** provided.
+      */
+      {
+        int i;
+        for(i=nHdr32; i<WALINDEX_PGSZ/sizeof(u32); i++){
+          if( aShare[i]!=aPrivate[i] ){
+            /* Atomic memory operations are not required here because if
+            ** the value needs to be changed, that means it is not being
+            ** accessed concurrently. */
+            aShare[i] = aPrivate[i];
+          }
+        }
+      }
+#endif
       if( iFrame<=iLast ) break;
     }