diff options
| author | drh <drh@noemail.net> | 2019-05-02 15:56:39 +0000 |
|---|---|---|
| committer | drh <drh@noemail.net> | 2019-05-02 15:56:39 +0000 |
| commit | e12ca5abf6750b38061f16742e71cb93eab3a7d9 (patch) | |
| tree | 6a6c840f12faa788fabd8850dbe762c427bcfe7e /src | |
| parent | cf1747b78259462caad907eecb10750993ee7e4e (diff) | |
| download | sqlite-e12ca5abf6750b38061f16742e71cb93eab3a7d9.tar.gz sqlite-e12ca5abf6750b38061f16742e71cb93eab3a7d9.zip | |
Earlier detection of a database corruption case in balance_nonroot(), to
prevent a possible use of an uninitialized variable.
FossilOrigin-Name: c509d8a8aebe0da4847e95cf737c21313a665de9a540da2db57b8ed22f98a402
Diffstat (limited to 'src')
| -rw-r--r-- | src/btree.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/btree.c b/src/btree.c index e282ff4ed..e98cb7b05 100644 --- a/src/btree.c +++ b/src/btree.c @@ -7636,6 +7636,7 @@ static int balance_nonroot( u16 maskPage = pOld->maskPage; u8 *piCell = aData + pOld->cellOffset; u8 *piEnd; + VVA_ONLY( int nCellAtStart = b.nCell; ) /* Verify that all sibling pages are of the same "type" (table-leaf, ** table-interior, index-leaf, or index-interior). @@ -7664,6 +7665,10 @@ static int balance_nonroot( */ memset(&b.szCell[b.nCell], 0, sizeof(b.szCell[0])*(limit+pOld->nOverflow)); if( pOld->nOverflow>0 ){ + if( limit<pOld->aiOvfl[0] ){ + rc = SQLITE_CORRUPT_BKPT; + goto balance_cleanup; + } limit = pOld->aiOvfl[0]; for(j=0; j<limit; j++){ b.apCell[b.nCell] = aData + (maskPage & get2byteAligned(piCell)); @@ -7683,6 +7688,7 @@ static int balance_nonroot( piCell += 2; b.nCell++; } + assert( (b.nCell-nCellAtStart)==(pOld->nCell+pOld->nOverflow) ); cntOld[i] = b.nCell; if( i<nOld-1 && !leafData){ |