Avoid use of uninitialized memory while running defragmentPage() on a

corrupt database file. dbsqlfuzz 4c45cecc0b255aaf2ea85453ccd17e814fd0b6b2 FossilOrigin-Name: 35e40d75754ec6fb93fe57c6ecbe731104e77c997d7e17ef1a22984837dfcab2
author: drh <> 2021-06-07 13:50:36 +0000
committer: drh <> 2021-06-07 13:50:36 +0000
commit: ccf0bb49bb850f1ce71c3942b6a076f4e4335a12 (patch)
tree: 60078c73f1949b3fc077c79af0d41f891d917e20 /src/btree.c
parent: fe972341a5a1993382aa75b3aa3eb0026c800ff2 (diff)
download: sqlite-ccf0bb49bb850f1ce71c3942b6a076f4e4335a12.tar.gz
sqlite-ccf0bb49bb850f1ce71c3942b6a076f4e4335a12.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/btree.c b/src/btree.c
index 371f8d15c..d1e84d0a6 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -1535,7 +1535,7 @@ static int defragmentPage(MemPage *pPage, int nMaxFrag){
     if( temp==0 ){
       if( cbrk==pc ) continue;
       temp = sqlite3PagerTempSpace(pPage->pBt->pPager);
-      memcpy(&temp[iCellStart], &data[iCellStart], (cbrk+size) - iCellStart);
+      memcpy(&temp[iCellStart], &data[iCellStart], usableSize - iCellStart);
       src = temp;
     }
     memcpy(&data[cbrk], &src[pc], size);
author	drh <>	2021-06-07 13:50:36 +0000
committer	drh <>	2021-06-07 13:50:36 +0000
commit	ccf0bb49bb850f1ce71c3942b6a076f4e4335a12 (patch)
tree	60078c73f1949b3fc077c79af0d41f891d917e20 /src/btree.c
parent	fe972341a5a1993382aa75b3aa3eb0026c800ff2 (diff)
download	sqlite-ccf0bb49bb850f1ce71c3942b6a076f4e4335a12.tar.gz sqlite-ccf0bb49bb850f1ce71c3942b6a076f4e4335a12.zip