36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
|
From b9338e8475463b29b7f05fb28c78c3f35a7ce814 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Dan Kennedy <danielk1977@gmail.com>
|
||
|
|
Date: Thu, 24 Jan 2019 15:16:17 +0000
|
||
|
|
Subject: [PATCH 0830/1009] Fix a potential problem with "INSERT INTO ...
|
||
|
|
SELECT * FROM" (or VACUUM) statements on a corrupted database.
|
||
|
|
|
||
|
|
https://github.com/mackyle/sqlite/commit/b9338e8475463b29b7f05fb28c78c3f35a7ce814
|
||
|
|
|
||
|
|
---
|
||
|
|
src/btree.c | 7 +--
|
||
|
|
1 files changed, 4 insertions(+), 3 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/btree.c b/src/btree.c
|
||
|
|
index b68bca1..401f02e 100644
|
||
|
|
--- a/src/btree.c
|
||
|
|
+++ b/src/btree.c
|
||
|
|
@@ -804,11 +804,12 @@ static int btreeMoveto(
|
||
|
|
UnpackedRecord *pIdxKey; /* Unpacked index key */
|
||
|
|
|
||
|
|
if( pKey ){
|
||
|
|
+ KeyInfo *pKeyInfo = pCur->pKeyInfo;
|
||
|
|
assert( nKey==(i64)(int)nKey );
|
||
|
|
- pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
|
||
|
|
+ pIdxKey = sqlite3VdbeAllocUnpackedRecord(pKeyInfo);
|
||
|
|
if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
|
||
|
|
- sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
|
||
|
|
- if( pIdxKey->nField==0 ){
|
||
|
|
+ sqlite3VdbeRecordUnpack(pKeyInfo, (int)nKey, pKey, pIdxKey);
|
||
|
|
+ if( pIdxKey->nField==0 || pIdxKey->nField>pKeyInfo->nAllField ){
|
||
|
|
rc = SQLITE_CORRUPT_BKPT;
|
||
|
|
goto moveto_done;
|
||
|
|
}
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|