Index: src/btree.c ================================================================== --- src/btree.c +++ src/btree.c @@ -1304,11 +1304,11 @@ CellInfo info; if( *pRC ) return; assert( pCell!=0 ); pPage->xParseCell(pPage, pCell, &info); if( info.nLocalpBt, ovfl, PTRMAP_OVERFLOW1, pPage->pgno, pRC); } } #endif @@ -3344,13 +3344,13 @@ if( eType==PTRMAP_OVERFLOW1 ){ CellInfo info; pPage->xParseCell(pPage, pCell, &info); if( info.nLocalaData+pPage->maskPage - && iFrom==get4byte(pCell+info.nSize-4) + && iFrom==get4byte(pCell+OvflOffset(&info)) ){ - put4byte(pCell+info.nSize-4, iTo); + put4byte(pCell+OvflOffset(&info), iTo); break; } }else{ if( get4byte(pCell)==iFrom ){ put4byte(pCell, iTo); @@ -6853,11 +6853,11 @@ u8 *z; z = findCell(pPage, j); pPage->xParseCell(pPage, z, &info); if( info.nLocalpgno && e==PTRMAP_OVERFLOW1 ); } if( !pPage->leaf ){ Pgno child = get4byte(z); Index: src/btreeInt.h ================================================================== --- src/btreeInt.h +++ src/btreeInt.h @@ -470,10 +470,17 @@ u8 *pPayload; /* Pointer to the start of payload */ u32 nPayload; /* Bytes of payload */ u16 nLocal; /* Amount of payload held locally, not on overflow */ u16 nSize; /* Size of the cell content on the main b-tree page */ }; + +/* If X is a pointer to a CellInfo object for a cell, then OvflOffset(X) is +** the offset from the start of that cell to the first overflow page number +** for for that cell. +*/ +#define OvflOffset(X) ((X)->nSize-4) + /* ** Maximum depth of an SQLite B-Tree structure. Any B-Tree deeper than ** this will be declared corrupt. This value is calculated based on a ** maximum database size of 2^31 pages a minimum fanout of 2 for a