From b9338e8475463b29b7f05fb28c78c3f35a7ce814 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 24 Jan 2019 15:16:17 +0000
Subject: [PATCH 0830/1009] Fix a potential problem with "INSERT INTO ...
 SELECT * FROM" (or VACUUM) statements on a corrupted database.

https://github.com/mackyle/sqlite/commit/b9338e8475463b29b7f05fb28c78c3f35a7ce814

---
 src/btree.c         |   7 +--
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/btree.c b/src/btree.c
index b68bca1..401f02e 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -804,11 +804,12 @@ static int btreeMoveto(
   UnpackedRecord *pIdxKey;   /* Unpacked index key */
 
   if( pKey ){
+    KeyInfo *pKeyInfo = pCur->pKeyInfo;
     assert( nKey==(i64)(int)nKey );
-    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
+    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pKeyInfo);
     if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
-    sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
-    if( pIdxKey->nField==0 ){
+    sqlite3VdbeRecordUnpack(pKeyInfo, (int)nKey, pKey, pIdxKey);
+    if( pIdxKey->nField==0 || pIdxKey->nField>pKeyInfo->nAllField ){
       rc = SQLITE_CORRUPT_BKPT;
       goto moveto_done;
     }
-- 
1.8.3.1