blob: af210255706f4e0aa64c2478499b44e2bcc15ba0 [file] [log] [blame]
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Darwin Huang <huangdarwin@chromium.org>
Date: Fri, 17 May 2019 16:03:01 -0700
Subject: [PATCH 8/8] Initialize 18-byte overrun area for btree
Backports https://sqlite.org/src/info/4b05caeb1b9767ba
Bug: 962083
---
third_party/sqlite/patched/src/btree.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/third_party/sqlite/patched/src/btree.c b/third_party/sqlite/patched/src/btree.c
index 70c26373baa2..9cbb6c271984 100644
--- a/third_party/sqlite/patched/src/btree.c
+++ b/third_party/sqlite/patched/src/btree.c
@@ -5516,6 +5516,7 @@ int sqlite3BtreeMovetoUnpacked(
** case this happens. */
void *pCellKey;
u8 * const pCellBody = pCell - pPage->childPtrSize;
+ const int nOverrun = 18; /* Size of the overrun padding */
pPage->xParseCell(pPage, pCellBody, &pCur->info);
nCell = (int)pCur->info.nKey;
testcase( nCell<0 ); /* True if key size is 2^32 or more */
@@ -5526,13 +5527,14 @@ int sqlite3BtreeMovetoUnpacked(
rc = SQLITE_CORRUPT_PAGE(pPage);
goto moveto_finish;
}
- pCellKey = sqlite3Malloc( nCell+18 );
+ pCellKey = sqlite3Malloc( nCell+nOverrun );
if( pCellKey==0 ){
rc = SQLITE_NOMEM_BKPT;
goto moveto_finish;
}
pCur->ix = (u16)idx;
rc = accessPayload(pCur, 0, nCell, (unsigned char*)pCellKey, 0);
+ memset(((u8*)pCellKey)+nCell,0,nOverrun); /* Fix uninit warnings */
pCur->curFlags &= ~BTCF_ValidOvfl;
if( rc ){
sqlite3_free(pCellKey);
--
2.21.0