Enhance the sqlite3BtreeTransferRow() routine so that it does more careful

checks for corrupt database pages. FossilOrigin-Name: 85952e71175dae73c4e587a3b80783825d91fe8567a819e072da651c1ff4131b
author: drh <drh@noemail.net> 2020-12-16 21:09:45 +0000
committer: drh <drh@noemail.net> 2020-12-16 21:09:45 +0000
commit: 0a8b6a9f8f5a1b446cb4217efa37529bcc37bc1d (patch)
tree: adc8eb8ddb843676540a207bae558629ebb9940a /src/btree.c
parent: e5baf5c28351cfaa8daa605e7f066894eac9eef6 (diff)
download: sqlite-0a8b6a9f8f5a1b446cb4217efa37529bcc37bc1d.tar.gz
sqlite-0a8b6a9f8f5a1b446cb4217efa37529bcc37bc1d.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/btree.c b/src/btree.c
index 9b8005037..a587332ce 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -8973,6 +8973,9 @@ int sqlite3BtreeTransferRow(BtCursor *pDest, BtCursor *pSrc, i64 iKey){
   if( pDest->pKeyInfo==0 ) aOut += putVarint(aOut, iKey);
   nIn = pSrc->info.nLocal;
   aIn = pSrc->info.pPayload;
+  if( aIn+nIn>pSrc->pPage->aDataEnd ){
+    return SQLITE_CORRUPT_BKPT;
+  }
   nRem = pSrc->info.nPayload;
   if( nIn==nRem && nIn<pDest->pPage->maxLocal ){
     memcpy(aOut, aIn, nIn);
@@ -8993,6 +8996,9 @@ int sqlite3BtreeTransferRow(BtCursor *pDest, BtCursor *pSrc, i64 iKey){
     }
   
     if( nRem>nIn ){
+      if( aIn+nIn+4>pSrc->pPage->aDataEnd ){
+        return SQLITE_CORRUPT_BKPT;
+      }
       ovflIn = get4byte(&pSrc->info.pPayload[nIn]);
     }
author	drh <drh@noemail.net>	2020-12-16 21:09:45 +0000
committer	drh <drh@noemail.net>	2020-12-16 21:09:45 +0000
commit	0a8b6a9f8f5a1b446cb4217efa37529bcc37bc1d (patch)
tree	adc8eb8ddb843676540a207bae558629ebb9940a /src/btree.c
parent	e5baf5c28351cfaa8daa605e7f066894eac9eef6 (diff)
download	sqlite-0a8b6a9f8f5a1b446cb4217efa37529bcc37bc1d.tar.gz sqlite-0a8b6a9f8f5a1b446cb4217efa37529bcc37bc1d.zip