From c05e08decb9167c66a4be5ae784d7e3b897ee73f Mon Sep 17 00:00:00 2001
From: Jelle Raaijmakers <jelle@gmta.nl>
Date: Tue, 13 Jun 2023 21:52:10 +0200
Subject: [PATCH] LibSQL: Prevent writing to free heap blocks

Each block index should have been requested before a write happens to
it. If this is not the case, return an error.
---
 Tests/LibSQL/TestSqlHeap.cpp       | 1 +
 Userland/Libraries/LibSQL/Heap.cpp | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Tests/LibSQL/TestSqlHeap.cpp b/Tests/LibSQL/TestSqlHeap.cpp
index eb02d58e2f9..2de40038d45 100644
--- a/Tests/LibSQL/TestSqlHeap.cpp
+++ b/Tests/LibSQL/TestSqlHeap.cpp
@@ -186,6 +186,7 @@ TEST_CASE(heap_free_storage)
     TRY_OR_FAIL(heap->free_storage(storage_block_id));
 
     // Again, write some large storage spanning multiple blocks
+    storage_block_id = heap->request_new_block_index();
     TRY_OR_FAIL(heap->write_storage(storage_block_id, long_string.bytes()));
     MUST(heap->flush());
     auto new_heap_size = MUST(heap->file_size_in_bytes());
diff --git a/Userland/Libraries/LibSQL/Heap.cpp b/Userland/Libraries/LibSQL/Heap.cpp
index efa4eab37bd..eaa568d049d 100644
--- a/Userland/Libraries/LibSQL/Heap.cpp
+++ b/Userland/Libraries/LibSQL/Heap.cpp
@@ -118,8 +118,12 @@ ErrorOr<ByteBuffer> Heap::read_storage(Block::Index index)
 ErrorOr<void> Heap::write_storage(Block::Index index, ReadonlyBytes data)
 {
     dbgln_if(SQL_DEBUG, "{}({}, {} bytes)", __FUNCTION__, index, data.size());
-    VERIFY(index > 0);
-    VERIFY(data.size() > 0);
+    if (index == 0)
+        return Error::from_string_view("Writing to zero block is not allowed"sv);
+    if (data.is_empty())
+        return Error::from_string_view("Writing empty data is not allowed"sv);
+    if (m_free_block_indices.contains_slow(index))
+        return Error::from_string_view("Invalid write to a free block index"sv);
 
     // Split up the storage across multiple blocks if necessary, creating a chain
     u32 remaining_size = static_cast<u32>(data.size());