/ Check-in [aa18c8e9]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Have the b-tree layer return SQLITE_CORRUPT to any attempt to open a cursor with a root page number less than 1.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: aa18c8e9d1676b1caa53bc5f5c1dc5f201089b88
User & Date: dan 2015-05-25 19:24:36
Context
2015-05-25
20:04
Fix a case of a corrupt database causing SQLite to read from up to 4 bytes before the start of a memory allocation. check-in: 7d2c4f7b user: dan tags: trunk
19:37
Merge the btree fixes out of trunk. check-in: f3cd8cec user: drh tags: fuzzcheck
19:24
Have the b-tree layer return SQLITE_CORRUPT to any attempt to open a cursor with a root page number less than 1. check-in: aa18c8e9 user: dan tags: trunk
18:47
Fix a couple of btree asserts that would fail when encountering 32-bit rollover in cell payload size fields (cell payloads this large always indicate corruption). check-in: 8fa0937a user: dan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/btree.c.

3884
3885
3886
3887
3888
3889
3890



3891
3892
3893

3894
3895
3896
3897
3898
3899
3900
  Btree *p,                                   /* The btree */
  int iTable,                                 /* Root page of table to open */
  int wrFlag,                                 /* 1 to write. 0 read-only */
  struct KeyInfo *pKeyInfo,                   /* First arg to xCompare() */
  BtCursor *pCur                              /* Write new cursor here */
){
  int rc;



  sqlite3BtreeEnter(p);
  rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
  sqlite3BtreeLeave(p);

  return rc;
}

/*
** Return the size of a BtCursor object in bytes.
**
** This interfaces is needed so that users of cursors can preallocate







>
>
>
|
|
|
>







3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
  Btree *p,                                   /* The btree */
  int iTable,                                 /* Root page of table to open */
  int wrFlag,                                 /* 1 to write. 0 read-only */
  struct KeyInfo *pKeyInfo,                   /* First arg to xCompare() */
  BtCursor *pCur                              /* Write new cursor here */
){
  int rc;
  if( iTable<1 ){
    rc = SQLITE_CORRUPT_BKPT;
  }else{
    sqlite3BtreeEnter(p);
    rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
    sqlite3BtreeLeave(p);
  }
  return rc;
}

/*
** Return the size of a BtCursor object in bytes.
**
** This interfaces is needed so that users of cursors can preallocate

Changes to test/corruptI.test.

200
201
202
203
204
205
206



207


















208
  db close
  hexio_write test.db 616 EAFFFFFF0202
  sqlite3 db test.db
  breakpoint
  execsql { DELETE FROM t1 WHERE rowid=2 }
} {}























finish_test







>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
  db close
  hexio_write test.db 616 EAFFFFFF0202
  sqlite3 db test.db
  breakpoint
  execsql { DELETE FROM t1 WHERE rowid=2 }
} {}

#-------------------------------------------------------------------------
# See what happens if the sqlite_master entry associated with a PRIMARY
# KEY or UNIQUE index is removed. 
#
reset_db
do_execsql_test 7.0 {
  CREATE TABLE t1(x PRIMARY KEY, y);
  INSERT INTO t1 VALUES('a', 'A');
  INSERT INTO t1 VALUES('b', 'A');
  INSERT INTO t1 VALUES('c', 'A');
  SELECT name FROM sqlite_master;
} {t1 sqlite_autoindex_t1_1}
do_execsql_test 7.1 {
  PRAGMA writable_schema = 1;
  DELETE FROM sqlite_master WHERE name = 'sqlite_autoindex_t1_1';
}
do_test 7.2 {
  db close
  sqlite3 db test.db
  catchsql { UPDATE t1 SET x='d' AND y='D' WHERE rowid = 2 }
} {1 {database disk image is malformed}}

finish_test