SQLite

Artifact [e4b03d9d48]
Login

Artifact e4b03d9d4831cf0840a0f473281ab251b2f165f0:


# 2004 August 30
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.
#
# This file implements tests to make sure SQLite does not crash or
# segfault if it sees a corrupt database file.
#
# $Id: corrupt2.test,v 1.11 2008/07/08 14:31:15 danielk1977 Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# The following tests - corrupt2-1.* - create some databases corrupted in
# specific ways and ensure that SQLite detects them as corrupt.
#
do_test corrupt2-1.1 {
  execsql {
    CREATE TABLE abc(a, b, c);
  }
} {}

do_test corrupt2-1.2 {

  # Corrupt the 16 byte magic string at the start of the file
  file delete -force corrupt.db
  file delete -force corrupt.db-journal
  copy_file test.db corrupt.db
  set f [open corrupt.db RDWR]
  seek $f 8 start
  puts $f blah
  close $f

  sqlite3 db2 corrupt.db
  catchsql {
    SELECT * FROM sqlite_master;
  } db2
} {1 {file is encrypted or is not a database}}

do_test corrupt2-1.3 {
  db2 close

  # Corrupt the page-size (bytes 16 and 17 of page 1).
  file delete -force corrupt.db
  file delete -force corrupt.db-journal
  copy_file test.db corrupt.db
  set f [open corrupt.db RDWR]
  fconfigure $f -encoding binary
  seek $f 16 start
  puts -nonewline $f "\x00\xFF"
  close $f

  sqlite3 db2 corrupt.db
  catchsql {
    SELECT * FROM sqlite_master;
  } db2
} {1 {file is encrypted or is not a database}}

do_test corrupt2-1.4 {
  db2 close

  # Corrupt the free-block list on page 1.
  file delete -force corrupt.db
  file delete -force corrupt.db-journal
  copy_file test.db corrupt.db
  set f [open corrupt.db RDWR]
  fconfigure $f -encoding binary
  seek $f 101 start
  puts -nonewline $f "\xFF\xFF"
  close $f

  sqlite3 db2 corrupt.db
  catchsql {
    SELECT * FROM sqlite_master;
  } db2
} {1 {database disk image is malformed}}

do_test corrupt2-1.5 {
  db2 close

  # Corrupt the free-block list on page 1.
  file delete -force corrupt.db
  file delete -force corrupt.db-journal
  copy_file test.db corrupt.db
  set f [open corrupt.db RDWR]
  fconfigure $f -encoding binary
  seek $f 101 start
  puts -nonewline $f "\x00\xC8"
  seek $f 200 start
  puts -nonewline $f "\x00\x00"
  puts -nonewline $f "\x10\x00"
  close $f

  sqlite3 db2 corrupt.db
  catchsql {
    SELECT * FROM sqlite_master;
  } db2
} {1 {database disk image is malformed}}
db2 close

# Corrupt a database by having 2 indices of the same name:
do_test corrupt2-2.1 {

  file delete -force corrupt.db
  file delete -force corrupt.db-journal
  copy_file test.db corrupt.db

  sqlite3 db2 corrupt.db 
  execsql {
    CREATE INDEX a1 ON abc(a);
    CREATE INDEX a2 ON abc(b);
    PRAGMA writable_schema = 1;
    UPDATE sqlite_master 
      SET name = 'a3', sql = 'CREATE INDEX a3' || substr(sql, 16, 10000)
      WHERE type = 'index';
    PRAGMA writable_schema = 0;
  } db2

  db2 close
  sqlite3 db2 corrupt.db 
  catchsql {
    SELECT * FROM sqlite_master;
  } db2
} {1 {malformed database schema (a3) - index a3 already exists}}

db2 close

do_test corrupt2-3.1 {
  file delete -force corrupt.db
  file delete -force corrupt.db-journal
  sqlite3 db2 corrupt.db 

  execsql {
    PRAGMA auto_vacuum = 1;
    PRAGMA page_size = 1024;
    CREATE TABLE t1(a, b, c);
    CREATE TABLE t2(a, b, c);
    INSERT INTO t2 VALUES(randomblob(100), randomblob(100), randomblob(100));
    INSERT INTO t2 SELECT * FROM t2;
    INSERT INTO t2 SELECT * FROM t2;
    INSERT INTO t2 SELECT * FROM t2;
    INSERT INTO t2 SELECT * FROM t2;
  } db2

  db2 close

  # On the root page of table t2 (page 4), set one of the child page-numbers
  # to 0. This corruption will be detected when SQLite attempts to update
  # the pointer-map after moving the content of page 4 to page 3 as part
  # of the DROP TABLE operation below.
  #
  set fd [open corrupt.db r+]
  fconfigure $fd -encoding binary -translation binary
  seek $fd [expr 1024*3 + 12]
  set zCelloffset [read $fd 2]
  binary scan $zCelloffset S iCelloffset
  seek $fd [expr 1024*3 + $iCelloffset]
  puts -nonewline $fd "\00\00\00\00" 
  close $fd

  sqlite3 db2 corrupt.db 
  catchsql {
    DROP TABLE t1;
  } db2
} {1 {database disk image is malformed}}

do_test corrupt2-4.1 {
  catchsql {
    SELECT * FROM t2;
  } db2
} {1 {database disk image is malformed}}

do_test corrupt2-5.1 {
  file delete -force corrupt.db
  file delete -force corrupt.db-journal
  sqlite3 db2 corrupt.db 

  execsql {
    PRAGMA page_size = 1024;
    CREATE TABLE t1(a, b, c);
    CREATE TABLE t2(a, b, c);
    INSERT INTO t2 VALUES(randomblob(100), randomblob(100), randomblob(100));
    INSERT INTO t2 SELECT * FROM t2;
    INSERT INTO t2 SELECT * FROM t2;
    INSERT INTO t2 SELECT * FROM t2;
    INSERT INTO t2 SELECT * FROM t2;
    INSERT INTO t1 SELECT * FROM t2;
  } db2

  db2 close

  # This block links a page from table t2 into the t1 table structure.
  #
  set fd [open corrupt.db r+]
  fconfigure $fd -encoding binary -translation binary
  seek $fd [expr 1024 + 12]
  set zCelloffset [read $fd 2]
  binary scan $zCelloffset S iCelloffset
  seek $fd [expr 1024 + $iCelloffset]
  set zChildPage [read $fd 4]
  seek $fd [expr 2*1024 + 12]
  set zCelloffset [read $fd 2]
  binary scan $zCelloffset S iCelloffset
  seek $fd [expr 2*1024 + $iCelloffset]
  puts -nonewline $fd $zChildPage
  close $fd

  sqlite3 db2 corrupt.db 
  db2 eval {SELECT rowid FROM t1} {
    set result [db2 eval {pragma integrity_check}]
    break
  }
  set result
} {{*** in database main ***
Page 10: sqlite3BtreeInitPage() returns error code 11
On tree page 3 cell 1: Child page depth differs
On tree page 2 cell 0: 2nd reference to page 10
On tree page 2 cell 1: Child page depth differs
Page 4 is never used}}

db2 close

proc corruption_test {args} {
  array set A $args

  catch {db close}
  file delete -force corrupt.db
  file delete -force corrupt.db-journal

  sqlite3 db corrupt.db 
  db eval $A(-sqlprep)
  db close

  eval $A(-corrupt)

  sqlite3 db corrupt.db
  eval $A(-test)
}

ifcapable autovacuum {
  # The tests within this block - corrupt2-6.* - aim to test corruption
  # detection within an incremental-vacuum. When an incremental-vacuum
  # step is executed, the last non-free page of the database file is 
  # moved into a free space in the body of the file. After doing so,
  # the page reference in the parent page must be updated to refer
  # to the new location. These tests test the outcome of corrupting
  # that page reference before performing the incremental vacuum.
  #

  # The last page in the database page is the second page 
  # in an overflow chain.
  #
  corruption_test -sqlprep {
    PRAGMA auto_vacuum = incremental;
    PRAGMA page_size = 1024;
    CREATE TABLE t1(a, b);
    INSERT INTO t1 VALUES(1, randomblob(2500));
    INSERT INTO t1 VALUES(2, randomblob(2500));
    DELETE FROM t1 WHERE a = 1;
  } -corrupt {
    hexio_write corrupt.db [expr 1024*5] 00000008
  } -test {
    do_test corrupt2-6.1 {
      catchsql { pragma incremental_vacuum = 1 }
    } {1 {database disk image is malformed}}
  }

  # The last page in the database page is a non-root b-tree page.
  #
  corruption_test -sqlprep {
    PRAGMA auto_vacuum = incremental;
    PRAGMA page_size = 1024;
    CREATE TABLE t1(a INTEGER PRIMARY KEY, b);
    INSERT INTO t1 VALUES(1, randomblob(2500));
    INSERT INTO t1 VALUES(2, randomblob(50));
    INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
    INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
    INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
    INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
    DELETE FROM t1 WHERE a = 1;
  } -corrupt {
    hexio_write corrupt.db [expr 1024*2 + 8] 00000009
  } -test {
    do_test corrupt2-6.2 {
      catchsql { pragma incremental_vacuum = 1 }
    } {1 {database disk image is malformed}}
  }

  # Set up a pointer-map entry so that the last page of the database
  # file appears to be a b-tree root page. This should be detected
  # as corruption.
  #
  corruption_test -sqlprep {
    PRAGMA auto_vacuum = incremental;
    PRAGMA page_size = 1024;
    CREATE TABLE t1(a INTEGER PRIMARY KEY, b);
    INSERT INTO t1 VALUES(1, randomblob(2500));
    INSERT INTO t1 VALUES(2, randomblob(2500));
    INSERT INTO t1 VALUES(3, randomblob(2500));
    DELETE FROM t1 WHERE a = 1;
  } -corrupt {
    set nPage [expr [file size corrupt.db] / 1024]
    hexio_write corrupt.db [expr 1024 + ($nPage-3)*5] 010000000
  } -test {
    do_test corrupt2-6.3 {
      catchsql { pragma incremental_vacuum = 1 }
    } {1 {database disk image is malformed}}
  }

  corruption_test -sqlprep {
    PRAGMA auto_vacuum = 1;
    PRAGMA page_size = 1024;
    CREATE TABLE t1(a INTEGER PRIMARY KEY, b);
    INSERT INTO t1 VALUES(1, randomblob(2500));
    DELETE FROM t1 WHERE a = 1;
  } -corrupt {
    set nAppend [expr 1024*207 - [file size corrupt.db]]
    set fd [open corrupt.db r+]
    seek $fd 0 end
    puts -nonewline $fd [string repeat x $nAppend]
    close $fd
  } -test {
    do_test corrupt2-6.4 {
      catchsql { 
        BEGIN EXCLUSIVE;
        COMMIT;
      }
    } {1 {database disk image is malformed}}
  }
}

corruption_test -sqlprep {
  PRAGMA page_size = 1024;
  CREATE TABLE t1(a INTEGER PRIMARY KEY, b);
  CREATE INDEX i1 ON t1(b);
  INSERT INTO t1 VALUES(1, randomblob(50));
  INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
  INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
  INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
  INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
  INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
  INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1;
} -corrupt {
  # Set the page-flags of one of the leaf pages of the index B-Tree to
  # 0x0D (interpreted by SQLite as "leaf page of a table B-Tree").
  #
  set fd [open corrupt.db r+]
  fconfigure $fd -translation binary -encoding binary
  seek $fd [expr 1024*2 + 8] 
  set zRightChild [read $fd 4]
  binary scan $zRightChild I iRightChild
  seek $fd [expr 1024*($iRightChild-1)]
  puts -nonewline $fd "\x0D"
  close $fd
} -test {
  do_test corrupt2-7.1 {
    catchsql { SELECT b FROM t1 ORDER BY b }
  } {1 {database disk image is malformed}}
}

finish_test