diff options
| author | drh <> | 2021-06-07 13:50:36 +0000 |
|---|---|---|
| committer | drh <> | 2021-06-07 13:50:36 +0000 |
| commit | ccf0bb49bb850f1ce71c3942b6a076f4e4335a12 (patch) | |
| tree | 60078c73f1949b3fc077c79af0d41f891d917e20 | |
| parent | fe972341a5a1993382aa75b3aa3eb0026c800ff2 (diff) | |
| download | sqlite-ccf0bb49bb850f1ce71c3942b6a076f4e4335a12.tar.gz sqlite-ccf0bb49bb850f1ce71c3942b6a076f4e4335a12.zip | |
Avoid use of uninitialized memory while running defragmentPage() on a
corrupt database file.
dbsqlfuzz 4c45cecc0b255aaf2ea85453ccd17e814fd0b6b2
FossilOrigin-Name: 35e40d75754ec6fb93fe57c6ecbe731104e77c997d7e17ef1a22984837dfcab2
| -rw-r--r-- | manifest | 12 | ||||
| -rw-r--r-- | manifest.uuid | 2 | ||||
| -rw-r--r-- | src/btree.c | 2 |
3 files changed, 8 insertions, 8 deletions
@@ -1,5 +1,5 @@ -C Fix\san\sassert()\sin\sthe\sOP_ParseSchema\sopcode\sthat\smight\sfail\son\sa\scorrupt\ndatabase\sfile\swhen\srunning\swith\sPRAGMA\swritable_schema=ON.\ndbsqlfuzz\se7d743ca65f2767e415095f0c5a49166a0f55eea. -D 2021-06-07T11:50:23.565 +C Avoid\suse\sof\suninitialized\smemory\swhile\srunning\sdefragmentPage()\son\sa\ncorrupt\sdatabase\sfile.\ndbsqlfuzz\s4c45cecc0b255aaf2ea85453ccd17e814fd0b6b2 +D 2021-06-07T13:50:36.893 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -485,7 +485,7 @@ F src/auth.c 08954fdc4cc2da5264ba5b75cfd90b67a6fc7d1710a02ccf917c38eadec77853 F src/backup.c 3014889fa06e20e6adfa0d07b60097eec1f6e5b06671625f476a714d2356513d F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 -F src/btree.c 6b24d93490ea4450a6800eef046fedf29e5e5ba00efc896eef2da5bb2869ea2e +F src/btree.c 399e1ebcd6c4f9ad47f5457bfe3623441db287f0923433cf6539497791557be8 F src/btree.h 096cc53baa58be22b02c896d1cf933c38cfc6d65f9253c1367ece8cc88a24de5 F src/btreeInt.h 7bc15a24a02662409ebcd6aeaa1065522d14b7fda71573a2b0568b458f514ae0 F src/build.c d766f04ddd88822c2c10cf3c0dfb34b068c45f103f442222038b9eeff02312ca @@ -1918,7 +1918,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 17e26a1f5e3cc4e96b9265dcdbf54f376304b0908f3ff0a0d3df33653e77e5b6 -R 2008131d3502f721f33346d6e5ea4f59 +P 10801f65af495a999ef61741322ea82dc20bd92ea8e55e4016c409096f38b0d1 +R 87c6ad819f9b16a006d2ce2c64be3689 U drh -Z 608a44948c135ddd98aa43f877710cc1 +Z ca5dd7010823297422d198ffa35c5cd5 diff --git a/manifest.uuid b/manifest.uuid index 0e8715fd0..b29868188 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -10801f65af495a999ef61741322ea82dc20bd92ea8e55e4016c409096f38b0d1
\ No newline at end of file +35e40d75754ec6fb93fe57c6ecbe731104e77c997d7e17ef1a22984837dfcab2
\ No newline at end of file diff --git a/src/btree.c b/src/btree.c index 371f8d15c..d1e84d0a6 100644 --- a/src/btree.c +++ b/src/btree.c @@ -1535,7 +1535,7 @@ static int defragmentPage(MemPage *pPage, int nMaxFrag){ if( temp==0 ){ if( cbrk==pc ) continue; temp = sqlite3PagerTempSpace(pPage->pBt->pPager); - memcpy(&temp[iCellStart], &data[iCellStart], (cbrk+size) - iCellStart); + memcpy(&temp[iCellStart], &data[iCellStart], usableSize - iCellStart); src = temp; } memcpy(&data[cbrk], &src[pc], size); |