Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SQLite: fix fuzzer discovered crash in recovery module
The header size which is encoded as a varint should include the size of the varint encoding. Therefore if this number is smaller than the size of the varint encoding the record must be corrupt. For example (the only example I can think of, given the implementation of ParseVarint) the number is 0 and the encoding for 0 is 1 byte long. Bug: 1468734 Change-Id: I24d4b353e8932cb1e609577c8f4e22ee09895fd7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4794001 Commit-Queue: Evan Stade <estade@chromium.org> Reviewed-by: Austin Sullivan <asully@chromium.org> Cr-Commit-Position: refs/heads/main@{#1185547}
- Loading branch information