Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | New database corruption test cases discovered by dbfuzz2. The new cases have been added to test/fuzzdata7.db, but have not yet all been fixed, so tests will not currently pass. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | dbfuzz2-cases |
Files: | files | file ages | folders |
SHA3-256: |
b4210d320c6426d2838d4cc08709fdfd |
User & Date: | drh 2018-12-13 03:36:13.086 |
Context
2018-12-13
| ||
15:52 | Merge the dbtotxt enhancement from trunk. (Closed-Leaf check-in: b386fce9a2 user: drh tags: dbfuzz2-cases) | |
03:36 | New database corruption test cases discovered by dbfuzz2. The new cases have been added to test/fuzzdata7.db, but have not yet all been fixed, so tests will not currently pass. (check-in: b4210d320c user: drh tags: dbfuzz2-cases) | |
2018-12-12
| ||
21:34 | Fix another problem found by Matthew Denton's new fuzzer. (check-in: 2b690dbdff user: drh tags: trunk) | |
Changes
Changes to src/btree.c.
︙ | ︙ | |||
1408 1409 1410 1411 1412 1413 1414 | /* This block handles pages with two or fewer free blocks and nMaxFrag ** or fewer fragmented bytes. In this case it is faster to move the ** two (or one) blocks of cells using memmove() and add the required ** offsets to each pointer in the cell-pointer array than it is to ** reconstruct the entire page. */ if( (int)data[hdr+7]<=nMaxFrag ){ int iFree = get2byte(&data[hdr+1]); | < < < < > > | < < < | | | | | | | 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 | /* This block handles pages with two or fewer free blocks and nMaxFrag ** or fewer fragmented bytes. In this case it is faster to move the ** two (or one) blocks of cells using memmove() and add the required ** offsets to each pointer in the cell-pointer array than it is to ** reconstruct the entire page. */ if( (int)data[hdr+7]<=nMaxFrag ){ int iFree = get2byte(&data[hdr+1]); /* If the initial freeblock offset were out of bounds, that would ** have been detected by btreeInitPage() when it was computing the ** number of free bytes on the page. */ assert( iFree<=usableSize-4 ); if( iFree ){ int iFree2 = get2byte(&data[iFree]); if( iFree2>usableSize-4 ) return SQLITE_CORRUPT_PAGE(pPage); if( 0==iFree2 || (data[iFree2]==0 && data[iFree2+1]==0) ){ u8 *pEnd = &data[cellOffset + nCell*2]; u8 *pAddr; int sz2 = 0; int sz = get2byte(&data[iFree+2]); int top = get2byte(&data[hdr+5]); if( top>=iFree ){ return SQLITE_CORRUPT_PAGE(pPage); } if( iFree2 ){ if( iFree+sz>iFree2 ) return SQLITE_CORRUPT_PAGE(pPage); sz2 = get2byte(&data[iFree2+2]); if( iFree2+sz2 > usableSize ) return SQLITE_CORRUPT_PAGE(pPage); memmove(&data[iFree+sz+sz2], &data[iFree+sz], iFree2-(iFree+sz)); sz += sz2; } cbrk = top+sz; assert( cbrk+(iFree-top) <= usableSize ); memmove(&data[cbrk], &data[top], iFree-top); for(pAddr=&data[cellOffset]; pAddr<pEnd; pAddr+=2){ |
︙ | ︙ |
Changes to test/fuzzdata7.db.
cannot compute difference between binary files