Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Added test cases for corrupt SerialTypeLen header values, and additional check to improve detection of corrupt values. (CVS 5101) |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
530c6360610f737e85608b23ede2646d |
| User & Date: | shane 2008-05-07 18:59:29 |
Context
|
2008-05-07
| ||
| 19:11 | Fix some problems with multi-file transactions in persistent journal mode. (CVS 5102) (check-in: e98a7f87 user: danielk1977 tags: trunk) | |
| 18:59 | Added test cases for corrupt SerialTypeLen header values, and additional check to improve detection of corrupt values. (CVS 5101) (check-in: 530c6360 user: shane tags: trunk) | |
| 15:44 | Modify the header comment in jrnlmode2.test. No code or test changes. (CVS 5100) (check-in: ed728104 user: danielk1977 tags: trunk) | |
Changes
Changes to src/vdbe.c.
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
....
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
|
** ** Various scripts scan this source file in order to generate HTML ** documentation, headers files, or other derived files. The formatting ** of the code in this file is, therefore, important. See other comments ** in this file for details. If in doubt, do not deviate from existing ** commenting and indentation practices when changing or adding code. ** ** $Id: vdbe.c,v 1.737 2008/04/29 00:15:21 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> #include "vdbeInt.h" /* ** The following global variable is incremented every time a cursor ................................................................................ } } sqlite3VdbeMemRelease(&sMem); sMem.flags = MEM_Null; /* If we have read more header data than was contained in the header, ** or if the end of the last field appears to be past the end of the ** record, then we must be dealing with a corrupt database. */ if( zIdx>zEndHdr || offset>payloadSize ){ rc = SQLITE_CORRUPT_BKPT; goto op_column_out; } } /* Get the column information. If aOffset[p2] is non-zero, then ** deserialize the value from the record. If aOffset[p2] is zero, |
|
>
>
|
|
|
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
....
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
|
** ** Various scripts scan this source file in order to generate HTML ** documentation, headers files, or other derived files. The formatting ** of the code in this file is, therefore, important. See other comments ** in this file for details. If in doubt, do not deviate from existing ** commenting and indentation practices when changing or adding code. ** ** $Id: vdbe.c,v 1.738 2008/05/07 18:59:29 shane Exp $ */ #include "sqliteInt.h" #include <ctype.h> #include "vdbeInt.h" /* ** The following global variable is incremented every time a cursor ................................................................................ } } sqlite3VdbeMemRelease(&sMem); sMem.flags = MEM_Null; /* If we have read more header data than was contained in the header, ** or if the end of the last field appears to be past the end of the ** record, or if the end of the last field appears to be before the end ** of the record (when all fields present), then we must be dealing ** with a corrupt database. */ if( zIdx>zEndHdr || offset>payloadSize || (zIdx==zEndHdr && offset!=payloadSize) ){ rc = SQLITE_CORRUPT_BKPT; goto op_column_out; } } /* Get the column information. If aOffset[p2] is non-zero, then ** deserialize the value from the record. If aOffset[p2] is zero, |
Added test/corrupt6.test.
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# 2008 May 6 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: # # May you do good and not evil. # May you find forgiveness for yourself and forgive others. # May you share freely, never taking more than you give. # #*********************************************************************** # This file implements regression tests for SQLite library. # # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. It specifically focuses # on corrupt SerialTypeLen values. # # $Id: corrupt6.test,v 1.1 2008/05/07 18:59:29 shane Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl # We must have the page_size pragma for these tests to work. # ifcapable !pager_pragmas { finish_test return } # Create a simple, small database. # do_test corrupt6-1.1 { execsql { PRAGMA auto_vacuum=OFF; PRAGMA page_size=1024; CREATE TABLE t1(x); INSERT INTO t1(x) VALUES('varint32-01234567890123456789012345678901234567890123456789'); INSERT INTO t1(x) VALUES('varint32-01234567890123456789012345678901234567890123456789'); } file size test.db } [expr {1024*2}] # Verify that the file format is as we expect. The page size # should be 1024 bytes. # do_test corrupt6-1.2 { hexio_get_int [hexio_read test.db 16 2] } 1024 ;# The page size is 1024 do_test corrupt6-1.3 { hexio_get_int [hexio_read test.db 20 1] } 0 ;# Unused bytes per page is 0 integrity_check corrupt6-1.4 # Verify SerialTypeLen for first field of two records as we expect. # SerialTypeLen = (len*2+12) = 60*2+12 = 132 do_test corrupt6-1.5.1 { hexio_read test.db 1923 2 } 8103 ;# First text field size if 81 03 == 131 do_test corrupt6-1.5.2 { hexio_read test.db 1987 2 } 8103 ;# Second text field size if 81 03 == 131 # Verify simple query results as expected. do_test corrupt6-1.6 { db close sqlite3 db test.db catchsql { SELECT substr(x,1,8) FROM t1 } } [list 0 {varint32 varint32} ] integrity_check corrupt6-1.7 # Adjust value of record 1 / field 1 SerialTypeLen and see if the # corruption is detected. # Increase SerialTypeLen by 2. do_test corrupt6-1.8.1 { db close hexio_write test.db 1923 8105 sqlite3 db test.db catchsql { SELECT substr(x,1,8) FROM t1 } } [list 1 {database disk image is malformed}] # Adjust value of record 1 / field 1 SerialTypeLen and see if the # corruption is detected. # Decrease SerialTypeLen by 2. do_test corrupt6-1.8.2 { db close hexio_write test.db 1923 8101 sqlite3 db test.db catchsql { SELECT substr(x,1,8) FROM t1 } } [list 1 {database disk image is malformed}] # Put value of record 1 / field 1 SerialTypeLen back. do_test corrupt6-1.8.3 { db close hexio_write test.db 1923 8103 sqlite3 db test.db catchsql { SELECT substr(x,1,8) FROM t1 } } [list 0 {varint32 varint32} ] integrity_check corrupt6-1.8.4 # Adjust value of record 2 / field 1 SerialTypeLen and see if the # corruption is detected. # Increase SerialTypeLen by 2. do_test corrupt6-1.9.1 { db close hexio_write test.db 1987 8105 sqlite3 db test.db catchsql { SELECT substr(x,1,8) FROM t1 } } [list 1 {database disk image is malformed}] # Adjust value of record 2 / field 2 SerialTypeLen and see if the # corruption is detected. # Decrease SerialTypeLen by 2. do_test corrupt6-1.9.2 { db close hexio_write test.db 1987 8101 sqlite3 db test.db catchsql { SELECT substr(x,1,8) FROM t1 } } [list 1 {database disk image is malformed}] # Put value of record 1 / field 2 SerialTypeLen back. do_test corrupt6-1.9.3 { db close hexio_write test.db 1987 8103 sqlite3 db test.db catchsql { SELECT substr(x,1,8) FROM t1 } } [list 0 {varint32 varint32} ] integrity_check corrupt6-1.9.4 finish_test |