diff options
Diffstat (limited to 'src/btree.c')
| -rw-r--r-- | src/btree.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/btree.c b/src/btree.c index a6b4a551b..8ebe0ccb3 100644 --- a/src/btree.c +++ b/src/btree.c @@ -1647,9 +1647,12 @@ static int allocateSpace(MemPage *pPage, int nByte, int *pIdx){ if( (data[hdr+2] || data[hdr+1]) && gap+2<=top ){ u8 *pSpace = pageFindSlot(pPage, nByte, &rc); if( pSpace ){ - assert( pSpace>=data && (pSpace - data)<65536 ); - *pIdx = (int)(pSpace - data); - return SQLITE_OK; + assert( pSpace+nByte<=data+pPage->pBt->usableSize ); + if( (*pIdx = (int)(pSpace-data))<=gap ){ + return SQLITE_CORRUPT_PAGE(pPage); + }else{ + return SQLITE_OK; + } }else if( rc ){ return rc; } @@ -6896,7 +6899,7 @@ static int rebuildPage( assert( i<iEnd ); j = get2byte(&aData[hdr+5]); - if( j>(u32)usableSize ){ j = 0; } + if( NEVER(j>(u32)usableSize) ){ j = 0; } memcpy(&pTmp[j], &aData[j], usableSize - j); for(k=0; pCArray->ixNx[k]<=i && ALWAYS(k<NB*2); k++){} |