Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Avoid a buffer overwrite that can occur with a corrupt database if secure-delete is enabled. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
7bdb1e05faceddbb0b8e3efee7d070ad |
User & Date: | dan 2010-02-26 15:09:20.000 |
Context
2010-02-26
| ||
15:39 | Remove the compile_option pragma (retaining compile_options - with an "s"). Updates to documentation. (check-in: 733778df99 user: drh tags: trunk) | |
15:09 | Avoid a buffer overwrite that can occur with a corrupt database if secure-delete is enabled. (check-in: 7bdb1e05fa user: dan tags: trunk) | |
13:07 | Avoid incorrect compiler warnings by doing a couple of needless variable initializations. (check-in: 8f29490da6 user: drh tags: trunk) | |
Changes
Changes to src/btree.c.
︙ | ︙ | |||
5811 5812 5813 5814 5815 5816 5817 | ** ** Unless SQLite is compiled in secure-delete mode. In this case, ** the dropCell() routine will overwrite the entire cell with zeroes. ** In this case, temporarily copy the cell into the aOvflSpace[] ** buffer. It will be copied out again as soon as the aSpace[] buffer ** is allocated. */ if( pBt->secureDelete ){ | > > > > > > | | > | 5811 5812 5813 5814 5815 5816 5817 5818 5819 5820 5821 5822 5823 5824 5825 5826 5827 5828 5829 5830 5831 5832 5833 | ** ** Unless SQLite is compiled in secure-delete mode. In this case, ** the dropCell() routine will overwrite the entire cell with zeroes. ** In this case, temporarily copy the cell into the aOvflSpace[] ** buffer. It will be copied out again as soon as the aSpace[] buffer ** is allocated. */ if( pBt->secureDelete ){ int iOff = apDiv[i] - pParent->aData; if( (iOff+szNew[i])>pBt->usableSize ){ rc = SQLITE_CORRUPT_BKPT; memset(apOld, 0, (i+1)*sizeof(MemPage*)); goto balance_cleanup; }else{ memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]); apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData]; } } dropCell(pParent, i+nxDiv-pParent->nOverflow, szNew[i], &rc); } } /* Make nMaxCells a multiple of 4 in order to preserve 8-byte ** alignment */ |
︙ | ︙ |
Changes to test/corrupt.test.
︙ | ︙ | |||
67 68 69 70 71 72 73 | while {[string length $junk]<256} {append junk $junk} set junk [string range $junk 0 255] # Go through the database and write garbage data into each 256 segment # of the file. Then do various operations on the file to make sure that # the database engine can recover gracefully from the corruption. # | | | 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | while {[string length $junk]<256} {append junk $junk} set junk [string range $junk 0 255] # Go through the database and write garbage data into each 256 segment # of the file. Then do various operations on the file to make sure that # the database engine can recover gracefully from the corruption. # for {set i [expr {1*256}]} {$i<$fsize-256} {incr i 256} { set tn [expr {$i/256}] db close copy_file test.bu test.db set fd [open test.db r+] fconfigure $fd -translation binary seek $fd $i puts -nonewline $fd $junk |
︙ | ︙ | |||
325 326 327 328 329 330 331 332 | hexio_write test.db 2044 [hexio_render_int32 2] hexio_write test.db 24 [hexio_render_int32 45] catchsql { INSERT OR REPLACE INTO t1 VALUES(5, randomblob(1900)) } } {1 {database disk image is malformed}} finish_test | > > > > > > > > > > > > > > > > > > > | 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 | hexio_write test.db 2044 [hexio_render_int32 2] hexio_write test.db 24 [hexio_render_int32 45] catchsql { INSERT OR REPLACE INTO t1 VALUES(5, randomblob(1900)) } } {1 {database disk image is malformed}} db close file delete -force test.db test.db-journal do_test corrupt-8.2 { sqlite3 db test.db execsql { PRAGMA page_size = 1024; PRAGMA secure_delete = on; PRAGMA auto_vacuum = 0; CREATE TABLE t1(x INTEGER PRIMARY KEY, y); INSERT INTO t1 VALUES(5, randomblob(900)); INSERT INTO t1 VALUES(6, randomblob(900)); } hexio_write test.db 2047 FF hexio_write test.db 24 [hexio_render_int32 45] catchsql { INSERT INTO t1 VALUES(4, randomblob(1900)) } } {1 {database disk image is malformed}} finish_test |