From 0d7f0e49a405484b8fa7fcad76f55b648ad8574b Mon Sep 17 00:00:00 2001
From: dan <Dan Kennedy>
Date: Wed, 20 Dec 2023 19:33:41 +0000
Subject: Fix SQLITE_ENABLE_SETLK_TIMEOUT assert() statements in os_unix.c to
 avoid reading past the end of the unixShmNode.aMutex[] array.

FossilOrigin-Name: 029a05cd2928d43d81e4549cce5388c432e2c9e75e3fa0b2fe6e91021b2fb9ac
---
 src/os_unix.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'src/os_unix.c')

diff --git a/src/os_unix.c b/src/os_unix.c
index 7362a1320..21bbd9769 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -4434,9 +4434,15 @@ static int unixShmSystemLock(
 
   pShmNode = pFile->pInode->pShmNode;
 
-  /* Assert that the correct mutex or mutexes are held. */
-  if( pShmNode->nRef==0 ){
-    assert( ofst==UNIX_SHM_DMS && n==1 && unixMutexHeld() );
+  /* Assert that the parameters are within expected range and that the
+  ** correct mutex or mutexes are held. */
+  assert( pShmNode->nRef>=0 );
+  assert( (ofst==UNIX_SHM_DMS && n==1)
+       || (ofst>=UNIX_SHM_BASE && ofst+n<=(UNIX_SHM_BASE+SQLITE_SHM_NLOCK))
+  );
+  if( ofst==UNIX_SHM_DMS ){
+    assert( pShmNode->nRef>0 || unixMutexHeld() );
+    assert( pShmNode->nRef==0 || sqlite3_mutex_held(pShmNode->pShmMutex) );
   }else{
 #ifdef SQLITE_ENABLE_SETLK_TIMEOUT
     int ii;
-- 
cgit v1.2.3