diff options
| author | dan <dan@noemail.net> | 2019-02-06 20:49:49 +0000 |
|---|---|---|
| committer | dan <dan@noemail.net> | 2019-02-06 20:49:49 +0000 |
| commit | e385d33a296bd9cfbb2fbb97a31420dfe6017ef1 (patch) | |
| tree | ba88a8df70bf95ce9ea06e274f7b2301e9d4c8d8 /src | |
| parent | 922b35801d8bdbb9365cbde7d44e66293f616e13 (diff) | |
| download | sqlite-e385d33a296bd9cfbb2fbb97a31420dfe6017ef1.tar.gz sqlite-e385d33a296bd9cfbb2fbb97a31420dfe6017ef1.zip | |
Ensure all bytes of the PgHdr1 structure are initialized. This avoids a valgrind error when running corruptI.test.
FossilOrigin-Name: a505e34d4ec31159a4508ec827fcffed0cf3bd5ea5ef0ac293016da02367a53a
Diffstat (limited to 'src')
| -rw-r--r-- | src/pcache1.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/pcache1.c b/src/pcache1.c index 72e81bb2b..5f502d57b 100644 --- a/src/pcache1.c +++ b/src/pcache1.c @@ -92,12 +92,22 @@ typedef struct PGroup PGroup; ** structure. Unless SQLITE_PCACHE_SEPARATE_HEADER is defined, a buffer of ** PgHdr1.pCache->szPage bytes is allocated directly before this structure ** in memory. +** +** Note: Variables isBulkLocal and isAnchor were once type "u8". That works, +** but causes a 2-byte gap in the structure for most architectures (since +** pointers must be either 4 or 8-byte aligned). As this structure is located +** in memory directly after the associated page data, if the database is +** corrupt, code at the b-tree layer may overread the page buffer and +** read part of this structure before the corruption is detected. This +** can cause a valgrind error if the unitialized gap is accessed. Using u16 +** ensures there is no such gap, and therefore no bytes of unitialized memory +** in the structure. */ struct PgHdr1 { sqlite3_pcache_page page; /* Base class. Must be first. pBuf & pExtra */ unsigned int iKey; /* Key value (page number) */ - u8 isBulkLocal; /* This page from bulk local storage */ - u8 isAnchor; /* This is the PGroup.lru element */ + u16 isBulkLocal; /* This page from bulk local storage */ + u16 isAnchor; /* This is the PGroup.lru element */ PgHdr1 *pNext; /* Next in hash table chain */ PCache1 *pCache; /* Cache that currently owns this page */ PgHdr1 *pLruNext; /* Next in LRU list of unpinned pages */ @@ -303,6 +313,7 @@ static int pcache1InitBulk(PCache1 *pCache){ pX->isBulkLocal = 1; pX->isAnchor = 0; pX->pNext = pCache->pFree; + pX->pLruPrev = 0; /* Initializing this saves a valgrind error */ pCache->pFree = pX; zBulk += pCache->szAlloc; }while( --nBulk ); |