projects
/
platform
/
framework
/
web
/
crosswalk.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Upstream version 5.34.104.0
[platform/framework/web/crosswalk.git]
/
src
/
third_party
/
sqlite
/
amalgamation
/
sqlite3.c
diff --git
a/src/third_party/sqlite/amalgamation/sqlite3.c
b/src/third_party/sqlite/amalgamation/sqlite3.c
index
5dfdd2c
..
c0315ff
100644
(file)
--- a/
src/third_party/sqlite/amalgamation/sqlite3.c
+++ b/
src/third_party/sqlite/amalgamation/sqlite3.c
@@
-111521,6
+111521,7
@@
static int ValidateError(){
/* Setup the cursor for reading the information from cell iCell. */
static int leafCursorCellDecode(RecoverLeafCursor *pCursor){
const unsigned char *pPageHeader; /* Header of current page. */
/* Setup the cursor for reading the information from cell iCell. */
static int leafCursorCellDecode(RecoverLeafCursor *pCursor){
const unsigned char *pPageHeader; /* Header of current page. */
+ const unsigned char *pPageEnd; /* Byte after end of current page. */
const unsigned char *pCellOffsets; /* Pointer to page's cell offsets. */
unsigned iCellOffset; /* Offset of current cell (iCell). */
const unsigned char *pCell; /* Pointer to data at iCellOffset. */
const unsigned char *pCellOffsets; /* Pointer to page's cell offsets. */
unsigned iCellOffset; /* Offset of current cell (iCell). */
const unsigned char *pCell; /* Pointer to data at iCellOffset. */
@@
-111543,6
+111544,10
@@
static int leafCursorCellDecode(RecoverLeafCursor *pCursor){
/* Find the offset to the row. */
pPageHeader = PageHeader(pCursor->pPage);
pCellOffsets = pPageHeader + knPageLeafHeaderBytes;
/* Find the offset to the row. */
pPageHeader = PageHeader(pCursor->pPage);
pCellOffsets = pPageHeader + knPageLeafHeaderBytes;
+ pPageEnd = PageData(pCursor->pPage, pCursor->nPageSize);
+ if( pCellOffsets + pCursor->iCell*2 + 2 > pPageEnd ){
+ return ValidateError();
+ }
iCellOffset = decodeUnsigned16(pCellOffsets + pCursor->iCell*2);
if( iCellOffset>=pCursor->nPageSize ){
return ValidateError();
iCellOffset = decodeUnsigned16(pCellOffsets + pCursor->iCell*2);
if( iCellOffset>=pCursor->nPageSize ){
return ValidateError();
@@
-111584,7
+111589,7
@@
static int leafCursorCellDecode(RecoverLeafCursor *pCursor){
/* Check that no other cell starts within this cell. */
iEndOffset = pCursor->iRecordOffset + pCursor->nLocalRecordBytes;
/* Check that no other cell starts within this cell. */
iEndOffset = pCursor->iRecordOffset + pCursor->nLocalRecordBytes;
- for( i=0; i<pCursor->nCells; ++i ){
+ for( i=0; i<pCursor->nCells
&& pCellOffsets + i*2 + 2 <= pPageEnd
; ++i ){
const unsigned iOtherOffset = decodeUnsigned16(pCellOffsets + i*2);
if( iOtherOffset>iCellOffset && iOtherOffset<iEndOffset ){
return ValidateError();
const unsigned iOtherOffset = decodeUnsigned16(pCellOffsets + i*2);
if( iOtherOffset>iCellOffset && iOtherOffset<iEndOffset ){
return ValidateError();