Fixed crash during an UPDATE when free cell size is corrupt. (CVS 5887)

FossilOrigin-Name: ec18667e2d2826a27f2c052ba3790ab5b8cf0bc4
author: shane <shane@noemail.net> 2008-11-11 22:18:20 +0000
committer: shane <shane@noemail.net> 2008-11-11 22:18:20 +0000
commit: 34ac18daf552fd08ff7a4ad7deb1b969c5ff700d (patch)
tree: e91bbeefb81983e37edf233cb44a69c7d38d2a75 /src
parent: 826d5b7e1c7058c0e84a4a7b552fa0ec09a8d0e2 (diff)
download: sqlite-34ac18daf552fd08ff7a4ad7deb1b969c5ff700d.tar.gz
sqlite-34ac18daf552fd08ff7a4ad7deb1b969c5ff700d.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/btree.c b/src/btree.c
index c3de4ea26..2519a3f2e 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -9,7 +9,7 @@
 **    May you share freely, never taking more than you give.
 **
 *************************************************************************
-** $Id: btree.c,v 1.530 2008/11/11 20:51:51 shane Exp $
+** $Id: btree.c,v 1.531 2008/11/11 22:18:20 shane Exp $
 **
 ** This file implements a external (disk-based) database using BTrees.
 ** See the header comment on "btreeInt.h" for additional information.
@@ -4651,6 +4651,8 @@ static int insertCell(
     idx = allocateSpace(pPage, sz);
     assert( idx>0 );
     assert( end <= get2byte(&data[hdr+5]) );
+    if (idx+sz > pPage->pBt->usableSize) 
+      return SQLITE_CORRUPT_BKPT;
     pPage->nCell++;
     pPage->nFree -= 2;
     memcpy(&data[idx+nSkip], pCell+nSkip, sz-nSkip);
author	shane <shane@noemail.net>	2008-11-11 22:18:20 +0000
committer	shane <shane@noemail.net>	2008-11-11 22:18:20 +0000
commit	34ac18daf552fd08ff7a4ad7deb1b969c5ff700d (patch)
tree	e91bbeefb81983e37edf233cb44a69c7d38d2a75 /src
parent	826d5b7e1c7058c0e84a4a7b552fa0ec09a8d0e2 (diff)
download	sqlite-34ac18daf552fd08ff7a4ad7deb1b969c5ff700d.tar.gz sqlite-34ac18daf552fd08ff7a4ad7deb1b969c5ff700d.zip