SQLite

Check-in [460353df]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a bug in PRAGMA integrity_check introduced by enhancement (8a) in release 3.42.0 and first reported by forum post ee4f6fa5ab.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 460353dfff8f2fb03f9c8666d0c367ec7be4cfa96dfcb0cea10f144d043223bb
User & Date: drh 2024-02-13 18:41:46
Context
2024-02-16
11:41
Handle an OOM case in fts5 code to query tokendata=1 tables. (check-in: 01222d96 user: dan tags: trunk)
2024-02-13
18:44
Fix a bug in PRAGMA integrity_check introduced by enhancement (8a) in release 3.42.0. (check-in: 60dccb23 user: drh tags: branch-3.45)
18:41
Fix a bug in PRAGMA integrity_check introduced by enhancement (8a) in release 3.42.0 and first reported by forum post ee4f6fa5ab. (check-in: 460353df user: drh tags: trunk)
17:11
Changes to vtabCallConstructor() to avoid a harmless static analyzer warning and to help prove that the UAF reported by forum post cafbe582e8 is a false-positive. (check-in: 4892440b user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/pragma.c.
1893
1894
1895
1896
1897
1898
1899

1900
1901
1902
1903
1904
1905
1906
            }else{
              sqlite3VdbeChangeP5(v, 0x0d); /* INT, TEXT, or BLOB */
              /* OP_IsType does not detect NaN values in the database file
              ** which should be treated as a NULL.  So if the header type
              ** is REAL, we have to load the actual data using OP_Column
              ** to reliably determine if the value is a NULL. */
              sqlite3VdbeAddOp3(v, OP_Column, p1, p3, 3);

              jmp3 = sqlite3VdbeAddOp2(v, OP_NotNull, 3, labelOk);
              VdbeCoverage(v);
            }           
            zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
                                pCol->zCnName);
            sqlite3VdbeAddOp4(v, OP_String8, 0, 3, 0, zErr, P4_DYNAMIC);
            if( doTypeCheck ){







>







1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
            }else{
              sqlite3VdbeChangeP5(v, 0x0d); /* INT, TEXT, or BLOB */
              /* OP_IsType does not detect NaN values in the database file
              ** which should be treated as a NULL.  So if the header type
              ** is REAL, we have to load the actual data using OP_Column
              ** to reliably determine if the value is a NULL. */
              sqlite3VdbeAddOp3(v, OP_Column, p1, p3, 3);
              sqlite3ColumnDefault(v, pTab, j, 3);
              jmp3 = sqlite3VdbeAddOp2(v, OP_NotNull, 3, labelOk);
              VdbeCoverage(v);
            }           
            zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
                                pCol->zCnName);
            sqlite3VdbeAddOp4(v, OP_String8, 0, 3, 0, zErr, P4_DYNAMIC);
            if( doTypeCheck ){
Changes to test/pragma.test.
552
553
554
555
556
557
558















559
560
561
562
563
564
565
  } {{non-unique entry in index t1a} {NULL value in t1x.a} {non-unique entry in index t1a}}
  do_execsql_test pragma-3.22 {
    PRAGMA integrity_check(2);
  } {{non-unique entry in index t1a} {NULL value in t1x.a}}
  do_execsql_test pragma-3.23 {
    PRAGMA integrity_check(1);
  } {{non-unique entry in index t1a}}















}

# PRAGMA integrity check (or more specifically the sqlite3BtreeCount()
# interface) used to leave index cursors in an inconsistent state
# which could result in an assertion fault in sqlite3BtreeKey()
# called from saveCursorPosition() if content is removed from the
# index while the integrity_check is still running.  This test verifies







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
  } {{non-unique entry in index t1a} {NULL value in t1x.a} {non-unique entry in index t1a}}
  do_execsql_test pragma-3.22 {
    PRAGMA integrity_check(2);
  } {{non-unique entry in index t1a} {NULL value in t1x.a}}
  do_execsql_test pragma-3.23 {
    PRAGMA integrity_check(1);
  } {{non-unique entry in index t1a}}

  # forum post https://sqlite.org/forum/forumpost/ee4f6fa5ab
  do_execsql_test pragma-3.24 {
    DROP TABLE IF EXISTS t1;
    CREATE TABLE t1(a);
    INSERT INTO t1 VALUES (1);
    ALTER TABLE t1 ADD COLUMN b NOT NULL DEFAULT 0.25;
    SELECT * FROM t1;
    PRAGMA integrity_check(t1);
  } {1 0.25 ok}
  do_execsql_test pragma-3.25 {
    ALTER TABLE t1 ADD COLUMN c CHECK (1);
    SELECT * FROM t1;
    PRAGMA integrity_check(t1);
  } {1 0.25 {} ok}
}

# PRAGMA integrity check (or more specifically the sqlite3BtreeCount()
# interface) used to leave index cursors in an inconsistent state
# which could result in an assertion fault in sqlite3BtreeKey()
# called from saveCursorPosition() if content is removed from the
# index while the integrity_check is still running.  This test verifies