SQLite

Check-in [89f0bbfde4]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix another bad assert() in btree - one that can be false on a corrupt database file.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 89f0bbfde4d86a7b15e93aab9c487b4355c6fb2d
User & Date: drh 2015-05-22 23:39:29.128
Context
2015-05-22
23:45
Fix a bug in fuzzershell caused by an uninitialized local variable. (check-in: 745deab87a user: drh tags: trunk)
23:39
Fix another bad assert() in btree - one that can be false on a corrupt database file. (check-in: 89f0bbfde4 user: drh tags: trunk)
23:17
Fix incorrect validation of the size of the BLOB returned by a geometry function on the RHS of a MATCH operator in RTree. The old code worked for 64-bit systems (by chance) but fails on 32-bit. (check-in: 10cc44f5a6 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/btree.c.
6163
6164
6165
6166
6167
6168
6169
6170

6171
6172
6173
6174
6175
6176
6177
    if( pCell>aData && pCell<pEnd ){
      pCell = &pTmp[pCell - aData];
    }
    pData -= szCell[i];
    memcpy(pData, pCell, szCell[i]);
    put2byte(pCellptr, (pData - aData));
    pCellptr += 2;
    assert( szCell[i]==cellSizePtr(pPg, pCell) );

  }

  /* The pPg->nFree field is now set incorrectly. The caller will fix it. */
  pPg->nCell = nCell;
  pPg->nOverflow = 0;

  put2byte(&aData[hdr+1], 0);







|
>







6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
    if( pCell>aData && pCell<pEnd ){
      pCell = &pTmp[pCell - aData];
    }
    pData -= szCell[i];
    memcpy(pData, pCell, szCell[i]);
    put2byte(pCellptr, (pData - aData));
    pCellptr += 2;
    assert( szCell[i]==cellSizePtr(pPg, pCell) || CORRUPT_DB );
    testcase( szCell[i]!=cellSizePtr(pPg,pCell) );
  }

  /* The pPg->nFree field is now set incorrectly. The caller will fix it. */
  pPg->nCell = nCell;
  pPg->nOverflow = 0;

  put2byte(&aData[hdr+1], 0);