Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Added test cases for corrupt SerialTypeLen header values, and additional check to improve detection of corrupt values. (CVS 5101) |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
530c6360610f737e85608b23ede2646d |
| User & Date: | shane 2008-05-07 18:59:29.000 |
Context
|
2008-05-07
| ||
| 19:11 | Fix some problems with multi-file transactions in persistent journal mode. (CVS 5102) (check-in: e98a7f87f9 user: danielk1977 tags: trunk) | |
| 18:59 | Added test cases for corrupt SerialTypeLen header values, and additional check to improve detection of corrupt values. (CVS 5101) (check-in: 530c636061 user: shane tags: trunk) | |
| 15:44 | Modify the header comment in jrnlmode2.test. No code or test changes. (CVS 5100) (check-in: ed728104c8 user: danielk1977 tags: trunk) | |
Changes
Changes to src/vdbe.c.
| ︙ | ︙ | |||
39 40 41 42 43 44 45 | ** ** Various scripts scan this source file in order to generate HTML ** documentation, headers files, or other derived files. The formatting ** of the code in this file is, therefore, important. See other comments ** in this file for details. If in doubt, do not deviate from existing ** commenting and indentation practices when changing or adding code. ** | | | 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | ** ** Various scripts scan this source file in order to generate HTML ** documentation, headers files, or other derived files. The formatting ** of the code in this file is, therefore, important. See other comments ** in this file for details. If in doubt, do not deviate from existing ** commenting and indentation practices when changing or adding code. ** ** $Id: vdbe.c,v 1.738 2008/05/07 18:59:29 shane Exp $ */ #include "sqliteInt.h" #include <ctype.h> #include "vdbeInt.h" /* ** The following global variable is incremented every time a cursor |
| ︙ | ︙ | |||
2043 2044 2045 2046 2047 2048 2049 |
}
}
sqlite3VdbeMemRelease(&sMem);
sMem.flags = MEM_Null;
/* If we have read more header data than was contained in the header,
** or if the end of the last field appears to be past the end of the
| > > | | | 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 |
}
}
sqlite3VdbeMemRelease(&sMem);
sMem.flags = MEM_Null;
/* If we have read more header data than was contained in the header,
** or if the end of the last field appears to be past the end of the
** record, or if the end of the last field appears to be before the end
** of the record (when all fields present), then we must be dealing
** with a corrupt database.
*/
if( zIdx>zEndHdr || offset>payloadSize || (zIdx==zEndHdr && offset!=payloadSize) ){
rc = SQLITE_CORRUPT_BKPT;
goto op_column_out;
}
}
/* Get the column information. If aOffset[p2] is non-zero, then
** deserialize the value from the record. If aOffset[p2] is zero,
|
| ︙ | ︙ |
Added test/corrupt6.test.
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# 2008 May 6
#
# The author disclaims copyright to this source code. In place of
# a legal notice, here is a blessing:
#
# May you do good and not evil.
# May you find forgiveness for yourself and forgive others.
# May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.
#
# This file implements tests to make sure SQLite does not crash or
# segfault if it sees a corrupt database file. It specifically focuses
# on corrupt SerialTypeLen values.
#
# $Id: corrupt6.test,v 1.1 2008/05/07 18:59:29 shane Exp $
set testdir [file dirname $argv0]
source $testdir/tester.tcl
# We must have the page_size pragma for these tests to work.
#
ifcapable !pager_pragmas {
finish_test
return
}
# Create a simple, small database.
#
do_test corrupt6-1.1 {
execsql {
PRAGMA auto_vacuum=OFF;
PRAGMA page_size=1024;
CREATE TABLE t1(x);
INSERT INTO t1(x) VALUES('varint32-01234567890123456789012345678901234567890123456789');
INSERT INTO t1(x) VALUES('varint32-01234567890123456789012345678901234567890123456789');
}
file size test.db
} [expr {1024*2}]
# Verify that the file format is as we expect. The page size
# should be 1024 bytes.
#
do_test corrupt6-1.2 {
hexio_get_int [hexio_read test.db 16 2]
} 1024 ;# The page size is 1024
do_test corrupt6-1.3 {
hexio_get_int [hexio_read test.db 20 1]
} 0 ;# Unused bytes per page is 0
integrity_check corrupt6-1.4
# Verify SerialTypeLen for first field of two records as we expect.
# SerialTypeLen = (len*2+12) = 60*2+12 = 132
do_test corrupt6-1.5.1 {
hexio_read test.db 1923 2
} 8103 ;# First text field size if 81 03 == 131
do_test corrupt6-1.5.2 {
hexio_read test.db 1987 2
} 8103 ;# Second text field size if 81 03 == 131
# Verify simple query results as expected.
do_test corrupt6-1.6 {
db close
sqlite3 db test.db
catchsql {
SELECT substr(x,1,8) FROM t1
}
} [list 0 {varint32 varint32} ]
integrity_check corrupt6-1.7
# Adjust value of record 1 / field 1 SerialTypeLen and see if the
# corruption is detected.
# Increase SerialTypeLen by 2.
do_test corrupt6-1.8.1 {
db close
hexio_write test.db 1923 8105
sqlite3 db test.db
catchsql {
SELECT substr(x,1,8) FROM t1
}
} [list 1 {database disk image is malformed}]
# Adjust value of record 1 / field 1 SerialTypeLen and see if the
# corruption is detected.
# Decrease SerialTypeLen by 2.
do_test corrupt6-1.8.2 {
db close
hexio_write test.db 1923 8101
sqlite3 db test.db
catchsql {
SELECT substr(x,1,8) FROM t1
}
} [list 1 {database disk image is malformed}]
# Put value of record 1 / field 1 SerialTypeLen back.
do_test corrupt6-1.8.3 {
db close
hexio_write test.db 1923 8103
sqlite3 db test.db
catchsql {
SELECT substr(x,1,8) FROM t1
}
} [list 0 {varint32 varint32} ]
integrity_check corrupt6-1.8.4
# Adjust value of record 2 / field 1 SerialTypeLen and see if the
# corruption is detected.
# Increase SerialTypeLen by 2.
do_test corrupt6-1.9.1 {
db close
hexio_write test.db 1987 8105
sqlite3 db test.db
catchsql {
SELECT substr(x,1,8) FROM t1
}
} [list 1 {database disk image is malformed}]
# Adjust value of record 2 / field 2 SerialTypeLen and see if the
# corruption is detected.
# Decrease SerialTypeLen by 2.
do_test corrupt6-1.9.2 {
db close
hexio_write test.db 1987 8101
sqlite3 db test.db
catchsql {
SELECT substr(x,1,8) FROM t1
}
} [list 1 {database disk image is malformed}]
# Put value of record 1 / field 2 SerialTypeLen back.
do_test corrupt6-1.9.3 {
db close
hexio_write test.db 1987 8103
sqlite3 db test.db
catchsql {
SELECT substr(x,1,8) FROM t1
}
} [list 0 {varint32 varint32} ]
integrity_check corrupt6-1.9.4
finish_test
|