SQLite

Artifact [58ec333a]
Login
Check-ins Using Download Hex

Artifact 58ec333a01997fe655e34e5bea52b7a2a6b9704d:

# 2013-08-01
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl
set testprefix corruptG

# Do not use a codec for tests in this file, as the database file is
# manipulated directly using tcl scripts (using the [hexio_write] command).
#
do_not_use_codec

# These tests deal with corrupt database files
#
database_may_be_corrupt

# Create a simple database with a single entry.  Then corrupt the
# header-size varint on the index payload so that it maps into a
# negative number.  Try to use the database.
#

do_execsql_test 1.1 {
  PRAGMA page_size=512;
  CREATE TABLE t1(a,b,c);
  INSERT INTO t1(rowid,a,b,c) VALUES(52,'abc','xyz','123');
  CREATE INDEX t1abc ON t1(a,b,c);
}

set idxroot [db one {SELECT rootpage FROM sqlite_master WHERE name = 't1abc'}]

# Corrupt the file
db close
hexio_write test.db [expr {$idxroot*512 - 15}] 888080807f
sqlite3 db test.db

# Try to use the file.
do_test 1.2 {
  catchsql {
    SELECT c FROM t1 WHERE a>'abc';
  }
} {0 {}}
do_test 1.3 {
  catchsql {
     PRAGMA integrity_check
  }
} {0 ok}
do_test 1.4 {
  catchsql {
    SELECT c FROM t1 ORDER BY a;
  }
} {1 {database disk image is malformed}}

# Corrupt the same file in a slightly different way.  Make the record header
# sane, but corrupt one of the serial_type value to indicate a huge payload
# such that the payload begins in allocated space but overflows the buffer.
#
db close
hexio_write test.db [expr {$idxroot*512-15}] 0513ff7f01
sqlite3 db test.db

do_test 2.1 {
  catchsql {
    SELECT rowid FROM t1 WHERE a='abc' and b='xyz123456789XYZ';
  }
  # The following test result is brittle.  The point above is to try to
  # force a buffer overread by a corrupt database file.  If we get an
  # incorrect answer from a corrupt database file, that is OK.  If the
  # result below changes, that just means that "undefined behavior" has
  # changed.
} {/0 .*/}

finish_test