Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Prevent a crash during an UPDATE when the cell offset is corrupt. (CVS 5886) |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
99d4172ed6825c7efb6cbb28eb00d983 |
| User & Date: | shane 2008-11-11 20:51:51 |
Context
|
2008-11-11
| ||
| 22:18 | Fixed crash during an UPDATE when free cell size is corrupt. (CVS 5887) check-in: ec18667e user: shane tags: trunk | |
| 20:51 | Prevent a crash during an UPDATE when the cell offset is corrupt. (CVS 5886) check-in: 99d4172e user: shane tags: trunk | |
| 18:55 | Send the "Incomplete SQL" error message of the CLI to stderr instead of stdout. Ticket #3476. (CVS 5885) check-in: dacae200 user: drh tags: trunk | |
Changes
Changes to src/btree.c.
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
....
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
|
** a legal notice, here is a blessing: ** ** May you do good and not evil. ** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** $Id: btree.c,v 1.529 2008/11/11 17:36:30 shane Exp $ ** ** This file implements a external (disk-based) database using BTrees. ** See the header comment on "btreeInt.h" for additional information. ** Including a description of file format and an overview of operation. */ #include "btreeInt.h" ................................................................................ assert( idx>=0 && idx<pPage->nCell ); assert( sz==cellSize(pPage, idx) ); assert( sqlite3PagerIswriteable(pPage->pDbPage) ); assert( sqlite3_mutex_held(pPage->pBt->mutex) ); data = pPage->aData; ptr = &data[pPage->cellOffset + 2*idx]; pc = get2byte(ptr); assert( pc>10 && pc+sz<=pPage->pBt->usableSize ); freeSpace(pPage, pc, sz); for(i=idx+1; i<pPage->nCell; i++, ptr+=2){ ptr[0] = ptr[2]; ptr[1] = ptr[3]; } pPage->nCell--; |
|
>
|
|
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
....
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
|
** a legal notice, here is a blessing: ** ** May you do good and not evil. ** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** $Id: btree.c,v 1.530 2008/11/11 20:51:51 shane Exp $ ** ** This file implements a external (disk-based) database using BTrees. ** See the header comment on "btreeInt.h" for additional information. ** Including a description of file format and an overview of operation. */ #include "btreeInt.h" ................................................................................ assert( idx>=0 && idx<pPage->nCell ); assert( sz==cellSize(pPage, idx) ); assert( sqlite3PagerIswriteable(pPage->pDbPage) ); assert( sqlite3_mutex_held(pPage->pBt->mutex) ); data = pPage->aData; ptr = &data[pPage->cellOffset + 2*idx]; /* mask the cell offset to ensure a corrupt db does not result in a crash */ pc = pPage->maskPage & get2byte(ptr); assert( pc>10 && pc+sz<=pPage->pBt->usableSize ); freeSpace(pPage, pc, sz); for(i=idx+1; i<pPage->nCell; i++, ptr+=2){ ptr[0] = ptr[2]; ptr[1] = ptr[3]; } pPage->nCell--; |
Changes to test/corruptC.test.
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 .. 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 .. 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 ... 130 131 132 133 134 135 136 137 138 139 140 141 142 143 ... 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 |
# This file implements regression tests for SQLite library. # # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. It creates a base # data base file, then tests that single byte corruptions in # increasingly larger quantities are handled gracefully. # # $Id: corruptC.test,v 1.2 2008/11/11 17:36:30 shane Exp $ catch {file delete -force test.db test.db-journal test.bu} set testdir [file dirname $argv0] source $testdir/tester.tcl # Set a uniform random seed ................................................................................ expr srand(0) # Construct a compact, dense database for testing. # do_test corruptC-1.1 { execsql { BEGIN; CREATE TABLE t1(x); INSERT INTO t1 VALUES(1); INSERT OR IGNORE INTO t1 SELECT x*2 FROM t1; INSERT OR IGNORE INTO t1 SELECT x*3 FROM t1; INSERT OR IGNORE INTO t1 SELECT x*5 FROM t1; INSERT OR IGNORE INTO t1 SELECT x*7 FROM t1; INSERT OR IGNORE INTO t1 SELECT x*11 FROM t1; INSERT OR IGNORE INTO t1 SELECT x*13 FROM t1; CREATE INDEX t1i1 ON t1(x); CREATE TABLE t2 AS SELECT * FROM t1 WHERE rowid%5!=0; COMMIT; } } {} ifcapable {integrityck} { integrity_check corruptC-1.2 } ................................................................................ puts -nonewline $t [read $f [file size $from]] close $t close $f } # Setup for the tests. Make a backup copy of the good database in test.bu. # copy_file test.db test.bu set fsize [file size test.db] # # first test some specific corruption tests found from earlier runs # # test that a corrupt content offset size is handled (seed 5577) do_test corruptC-2.1 { db close copy_file test.bu test.db # insert corrupt byte(s) hexio_write test.db 2053 04 sqlite3 db test.db catchsql {PRAGMA integrity_check} } {0 {{*** in database main *** Corruption detected in header on page 3 Multiple uses for byte 604 of page 3}}} # # now test for a series of quasi-random seeds # for {set tn 0} {$tn<=1024} {incr tn 1} { # Set a quasi-random random seed expr srand($tn) # setup for test db close copy_file test.bu test.db # Seek to a random location in the file, and write a random single byte # value. Then do various operations on the file to make sure that # the database engine can handle the corruption gracefully. # set last 0 for {set i 1} {$i<=1024 && !$last} {incr i 1} { # insert random byte at random location hexio_write test.db [random $fsize] [format %02x [random 255]] # do a few random operations to make sure that if # they error, they error gracefully instead of crashing. do_test corruptC-3.$tn.$i.1 { sqlite3 db test.db catchsql {SELECT count(*) FROM sqlite_master} set x {} } {} do_test corruptC-3.$tn.$i.2 { catchsql {SELECT count(*) FROM t1} set x {} } {} ................................................................................ do_test corruptC-3.$tn.$i.4 { catchsql {SELECT count(*) FROM t2} set x {} } {} do_test corruptC-3.$tn.$i.5 { catchsql {SELECT count(*) FROM t2 WHERE x<13} set x {} } {} # check the integrity of the database. # once the corruption is detected, we can stop. ifcapable {integrityck} { set res [ catchsql {PRAGMA integrity_check} ] set ans [lindex $res 1] ................................................................................ ifcapable {!integrityck} { if { $i > 5 } { set last -1 } } # Check that no page references were leaked. do_test corruptC-3.$tn.$i.6 { set bt [btree_from_db db] db_enter db array set stats [btree_pager_stats $bt] db_leave db set stats(ref) } {0} } # end for i } # end for tn finish_test |
| | | | | | | | | | > > | > > > > > > > > > > > > > > > > > > > > > > > < > > > > > > > > | < |
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 .. 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 .. 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 ... 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 ... 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 |
# This file implements regression tests for SQLite library. # # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. It creates a base # data base file, then tests that single byte corruptions in # increasingly larger quantities are handled gracefully. # # $Id: corruptC.test,v 1.3 2008/11/11 20:51:51 shane Exp $ catch {file delete -force test.db test.db-journal test.bu} set testdir [file dirname $argv0] source $testdir/tester.tcl # Set a uniform random seed ................................................................................ expr srand(0) # Construct a compact, dense database for testing. # do_test corruptC-1.1 { execsql { BEGIN; CREATE TABLE t1(x,y); INSERT INTO t1 VALUES(1,1); INSERT OR IGNORE INTO t1 SELECT x*2,y FROM t1; INSERT OR IGNORE INTO t1 SELECT x*3,y FROM t1; INSERT OR IGNORE INTO t1 SELECT x*5,y FROM t1; INSERT OR IGNORE INTO t1 SELECT x*7,y FROM t1; INSERT OR IGNORE INTO t1 SELECT x*11,y FROM t1; INSERT OR IGNORE INTO t1 SELECT x*13,y FROM t1; CREATE INDEX t1i1 ON t1(x); CREATE TABLE t2 AS SELECT x,2 FROM t1 WHERE rowid%5!=0; COMMIT; } } {} ifcapable {integrityck} { integrity_check corruptC-1.2 } ................................................................................ puts -nonewline $t [read $f [file size $from]] close $t close $f } # Setup for the tests. Make a backup copy of the good database in test.bu. # db close copy_file test.db test.bu sqlite3 db test.db set fsize [file size test.db] # # first test some specific corruption tests found from earlier runs # # test that a corrupt content offset size is handled (seed 5577) do_test corruptC-2.1 { db close copy_file test.bu test.db # insert corrupt byte(s) hexio_write test.db 2053 [format %02x 0x04] sqlite3 db test.db catchsql {PRAGMA integrity_check} } {0 {{*** in database main *** Corruption detected in header on page 3 Multiple uses for byte 604 of page 3}}} # test that a corrupt content offset size is handled (seed 5649) do_test corruptC-2.2 { db close copy_file test.bu test.db # insert corrupt byte(s) hexio_write test.db 27 [format %02x 0x08] hexio_write test.db 233 [format %02x 0x6a] hexio_write test.db 328 [format %02x 0x67] hexio_write test.db 750 [format %02x 0x1f] hexio_write test.db 1132 [format %02x 0x52] hexio_write test.db 1133 [format %02x 0x84] hexio_write test.db 1220 [format %02x 0x01] hexio_write test.db 3688 [format %02x 0xc1] hexio_write test.db 3714 [format %02x 0x58] hexio_write test.db 3746 [format %02x 0x9a] sqlite3 db test.db catchsql {UPDATE t1 SET y=1} } {0 {}} # # now test for a series of quasi-random seeds # for {set tn 0} {$tn<=1024} {incr tn 1} { # Set a quasi-random random seed expr srand($tn) # setup for test db close copy_file test.bu test.db sqlite3 db test.db # Seek to a random location in the file, and write a random single byte # value. Then do various operations on the file to make sure that # the database engine can handle the corruption gracefully. # set last 0 for {set i 1} {$i<=1024 && !$last} {incr i 1} { # insert random byte at random location db close hexio_write test.db [random $fsize] [format %02x [random 255]] sqlite3 db test.db # do a few random operations to make sure that if # they error, they error gracefully instead of crashing. do_test corruptC-3.$tn.$i.1 { catchsql {SELECT count(*) FROM sqlite_master} set x {} } {} do_test corruptC-3.$tn.$i.2 { catchsql {SELECT count(*) FROM t1} set x {} } {} ................................................................................ do_test corruptC-3.$tn.$i.4 { catchsql {SELECT count(*) FROM t2} set x {} } {} do_test corruptC-3.$tn.$i.5 { catchsql {SELECT count(*) FROM t2 WHERE x<13} set x {} } {} do_test corruptC-3.$tn.$i.6 { catchsql {UPDATE t1 SET y=1} set x {} } {} do_test corruptC-3.$tn.$i.7 { catchsql {UPDATE t2 SET y=2} set x {} } {} # check the integrity of the database. # once the corruption is detected, we can stop. ifcapable {integrityck} { set res [ catchsql {PRAGMA integrity_check} ] set ans [lindex $res 1] ................................................................................ ifcapable {!integrityck} { if { $i > 5 } { set last -1 } } # Check that no page references were leaked. do_test corruptC-3.$tn.$i.8 { set bt [btree_from_db db] db_enter db array set stats [btree_pager_stats $bt] db_leave db set stats(ref) } {0} } # end for i } # end for tn finish_test |