blob: 59c39dd201478f2e8b9904663767c2d2ffd51292 [file] [log] [blame]
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Darwin Huang <huangdarwin@chromium.org>
Date: Tue, 23 Jul 2019 15:11:19 -0700
Subject: [PATCH 5/8] Fix bad chrome_sqlite3_free
Backports https://www.sqlite.org/src/info/f60a83069168899d
Bug: 979950
---
third_party/sqlite/patched/src/btree.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/third_party/sqlite/patched/src/btree.c b/third_party/sqlite/patched/src/btree.c
index 23cb6bb3b083..887be63bd7d0 100644
--- a/third_party/sqlite/patched/src/btree.c
+++ b/third_party/sqlite/patched/src/btree.c
@@ -8724,7 +8724,12 @@ int sqlite3BtreeInsert(
** new entry uses overflow pages, as the insertCell() call below is
** necessary to add the PTRMAP_OVERFLOW1 pointer-map entry. */
assert( rc==SQLITE_OK ); /* clearCell never fails when nLocal==nPayload */
- if( oldCell+szNew > pPage->aDataEnd ) return SQLITE_CORRUPT_BKPT;
+ if( oldCell < pPage->aData+pPage->hdrOffset+10 ){
+ return SQLITE_CORRUPT_BKPT;
+ }
+ if( oldCell+szNew > pPage->aDataEnd ){
+ return SQLITE_CORRUPT_BKPT;
+ }
memcpy(oldCell, newCell, szNew);
return SQLITE_OK;
}
--
2.20.1 (Apple Git-117)