diff options
Diffstat (limited to 'src/btree.c')
| -rw-r--r-- | src/btree.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/btree.c b/src/btree.c index e282ff4ed..e98cb7b05 100644 --- a/src/btree.c +++ b/src/btree.c @@ -7636,6 +7636,7 @@ static int balance_nonroot( u16 maskPage = pOld->maskPage; u8 *piCell = aData + pOld->cellOffset; u8 *piEnd; + VVA_ONLY( int nCellAtStart = b.nCell; ) /* Verify that all sibling pages are of the same "type" (table-leaf, ** table-interior, index-leaf, or index-interior). @@ -7664,6 +7665,10 @@ static int balance_nonroot( */ memset(&b.szCell[b.nCell], 0, sizeof(b.szCell[0])*(limit+pOld->nOverflow)); if( pOld->nOverflow>0 ){ + if( limit<pOld->aiOvfl[0] ){ + rc = SQLITE_CORRUPT_BKPT; + goto balance_cleanup; + } limit = pOld->aiOvfl[0]; for(j=0; j<limit; j++){ b.apCell[b.nCell] = aData + (maskPage & get2byteAligned(piCell)); @@ -7683,6 +7688,7 @@ static int balance_nonroot( piCell += 2; b.nCell++; } + assert( (b.nCell-nCellAtStart)==(pOld->nCell+pOld->nOverflow) ); cntOld[i] = b.nCell; if( i<nOld-1 && !leafData){ |