Fix corner cases involving corrupt varint values in record headers.

FossilOrigin-Name: 3189116b42c5ecef5e30c8b317f4458bbf8b9086
author: drh <drh@noemail.net> 2015-06-19 20:08:39 +0000
committer: drh <drh@noemail.net> 2015-06-19 20:08:39 +0000
commit: eeab2c63a95af9a15f007edd90b37dab286097e4 (patch)
tree: d13a20052a237978f554558d65b88be34aa6628c /src
parent: 56cb04efc8027ac49af07c054bb40c8a3962425e (diff)
download: sqlite-eeab2c63a95af9a15f007edd90b37dab286097e4.tar.gz
sqlite-eeab2c63a95af9a15f007edd90b37dab286097e4.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/btree.c b/src/btree.c
index f35b05b26..e64139b80 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -1072,7 +1072,7 @@ static void btreeParseCellPtr(
   */
   nPayload = *pIter;
   if( nPayload>=0x80 ){
-    u8 *pEnd = &pIter[9];
+    u8 *pEnd = &pIter[8];
     nPayload &= 0x7f;
     do{
       nPayload = (nPayload<<7) | (*++pIter & 0x7f);
@@ -1133,7 +1133,7 @@ static void btreeParseCellPtrIndex(
   pIter = pCell + pPage->childPtrSize;
   nPayload = *pIter;
   if( nPayload>=0x80 ){
-    u8 *pEnd = &pIter[9];
+    u8 *pEnd = &pIter[8];
     nPayload &= 0x7f;
     do{
       nPayload = (nPayload<<7) | (*++pIter & 0x7f);
@@ -1194,7 +1194,7 @@ static u16 cellSizePtr(MemPage *pPage, u8 *pCell){
   assert( pPage->noPayload==0 );
   nSize = *pIter;
   if( nSize>=0x80 ){
-    pEnd = &pIter[9];
+    pEnd = &pIter[8];
     nSize &= 0x7f;
     do{
       nSize = (nSize<<7) | (*++pIter & 0x7f);
author	drh <drh@noemail.net>	2015-06-19 20:08:39 +0000
committer	drh <drh@noemail.net>	2015-06-19 20:08:39 +0000
commit	eeab2c63a95af9a15f007edd90b37dab286097e4 (patch)
tree	d13a20052a237978f554558d65b88be34aa6628c /src
parent	56cb04efc8027ac49af07c054bb40c8a3962425e (diff)
download	sqlite-eeab2c63a95af9a15f007edd90b37dab286097e4.tar.gz sqlite-eeab2c63a95af9a15f007edd90b37dab286097e4.zip