/ Check-in [db4b4c2c]
Login
Home Timeline Branches Tags Tickets Wiki More...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a potential problem with "INSERT INTO ... SELECT * FROM" (or VACUUM) statements on a corrupted database.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:db4b4c2c1e9f1adacfb1b2fedb717a4d8bb0a299c3b11835404a99fcd67bf24b
User & Date: dan 2019-01-24 15:16:17
Context
2019-01-24
15:51
Make sure the column name flags are restored correctly after an error inside of sqlite3ResultSetOfSelect(). check-in: b1601db7 user: drh tags: trunk
15:16
Fix a potential problem with "INSERT INTO ... SELECT * FROM" (or VACUUM) statements on a corrupted database. check-in: db4b4c2c user: dan tags: trunk
14:16
Change a integer variable in sqlite3VdbeRecordUnpack() to unsigned in order to avoid any possibility of an integer overflow. check-in: 1b536f6f user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/btree.c. 

800
801
802
803
804
805
806

807
808
809
810
811
812
813
814
815
816
817
818

  int bias,           /* Bias search to the high end */
  int *pRes           /* Write search results here */
){
  int rc;                    /* Status code */
  UnpackedRecord *pIdxKey;   /* Unpacked index key */

  if( pKey ){

    assert( nKey==(i64)(int)nKey );
    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
    if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
    sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
    if( pIdxKey->nField==0 ){
      rc = SQLITE_CORRUPT_BKPT;
      goto moveto_done;
    }
  }else{
    pIdxKey = 0;
  }
  rc = sqlite3BtreeMovetoUnpacked(pCur, pIdxKey, nKey, bias, pRes);








>

|

|
|








800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819

  int bias,           /* Bias search to the high end */
  int *pRes           /* Write search results here */
){
  int rc;                    /* Status code */
  UnpackedRecord *pIdxKey;   /* Unpacked index key */

  if( pKey ){
    KeyInfo *pKeyInfo = pCur->pKeyInfo;
    assert( nKey==(i64)(int)nKey );
    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pKeyInfo);
    if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
    sqlite3VdbeRecordUnpack(pKeyInfo, (int)nKey, pKey, pIdxKey);
    if( pIdxKey->nField==0 || pIdxKey->nField>pKeyInfo->nAllField ){
      rc = SQLITE_CORRUPT_BKPT;
      goto moveto_done;
    }
  }else{
    pIdxKey = 0;
  }
  rc = sqlite3BtreeMovetoUnpacked(pCur, pIdxKey, nKey, bias, pRes);

Changes to test/corruptL.test. 

225
226
227
228
229
230
231
232


















































































































































233

do_execsql_test 2.1 {
  INSERT INTO t1(b) VALUES(X'a0fee3669f9fddefc5cba913e4225d4b6ce2b04f26b87fad3ee6f9b7d90a1ea62a169bf41e5d32707a6ca5c3d05e4bde05c9d89eaaa8c50e74333d2e9fcd7dfe95528a3a016aac1102d825c5cd70cf99d8a88e0ea7f798d4334386518b7ad359beb168b93aba059a2a3bd93112d65b44c12b9904ea786b204d80531cdf0504bf9b203dbe927061974caf7b9f30cbc3397b61f802e732012a6663d41c3607d6f1c0dbcfd489adac05ca500c0b04439d894cd93a840159225ef73b627e178b9f84b3ffe66cf22a963a8368813ff7961fc47f573211ccec95e0220dcbb3bf429f4a50ba54d7a53784ac51bfef346e6ac8ae0d0e7c3175946e62ba2b');
}

do_catchsql_test 2.2 {
  SELECT b,c FROM t1 ORDER BY a;
} {1 {database disk image is malformed}}



















































































































































finish_test









>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379

do_execsql_test 2.1 {
  INSERT INTO t1(b) VALUES(X'a0fee3669f9fddefc5cba913e4225d4b6ce2b04f26b87fad3ee6f9b7d90a1ea62a169bf41e5d32707a6ca5c3d05e4bde05c9d89eaaa8c50e74333d2e9fcd7dfe95528a3a016aac1102d825c5cd70cf99d8a88e0ea7f798d4334386518b7ad359beb168b93aba059a2a3bd93112d65b44c12b9904ea786b204d80531cdf0504bf9b203dbe927061974caf7b9f30cbc3397b61f802e732012a6663d41c3607d6f1c0dbcfd489adac05ca500c0b04439d894cd93a840159225ef73b627e178b9f84b3ffe66cf22a963a8368813ff7961fc47f573211ccec95e0220dcbb3bf429f4a50ba54d7a53784ac51bfef346e6ac8ae0d0e7c3175946e62ba2b');
}

do_catchsql_test 2.2 {
  SELECT b,c FROM t1 ORDER BY a;
} {1 {database disk image is malformed}}

#-------------------------------------------------------------------------
reset_db
do_execsql_test 3.0 {
  CREATE TABLE t1(a, b, c, d INTEGER PRIMARY KEY);
  CREATE TABLE t2(a, b, c, d INTEGER PRIMARY KEY);

  INSERT INTO t1(a, b, c, d) VALUES (1, 2, 3, 100), (4, 5, 6, 101);
  INSERT INTO t2(a, b, c, d) VALUES (1, 100, 3, 1000), (4, 101, 6, 1001);

  CREATE INDEX t1a ON t1(a);
  CREATE INDEX t2a ON t2(a, b, c);

  PRAGMA writable_schema = 1;
  UPDATE sqlite_master SET sql = 'CREATE INDEX t2a ON t2(a)' WHERE name='t2a';
}

db close
sqlite3 db test.db

do_catchsql_test 3.1 {
  INSERT INTO t1 SELECT * FROM t2;
} {1 {database disk image is malformed}}

#-------------------------------------------------------------------------
reset_db
do_test 4.0 {
  sqlite3 db {}
  db deserialize [decode_hexdb {
| size 4096 pagesize 512 filename crash-6b48ba69806134.db
| page 1 offset 0
|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
|     16: 02 00 01 01 00 40 20 20 00 ff ff ff ff 00 00 07   .....@  ........
|     32: 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 04   ................
|     48: 00 00 00 00 00 00 00 05 00 eb 00 01 00 00 00 00   ................
|     80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c   ................
|     96: 00 2e 2c 50 0d 00 00 00 06 01 06 00 01 da 01 b0   ..,P............
|    112: 05 56 01 86 01 2a 01 06 00 00 00 00 00 00 00 00   .V...*..........
|    128: 00 ff 00 00 ff ff ff e1 00 00 00 00 00 00 00 00   ................
|    144: 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00   ................
|    160: 00 00 00 00 00 00 00 00 f2 00 00 00 00 00 00 00   ................
|    176: 00 00 f9 ff ff ff ff ff ff ff 00 00 00 00 00 fb   ................
|    208: 00 00 00 00 00 00 00 00 1e 00 00 00 fe 00 00 00   ................
|    224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 00   ................
|    256: 00 00 00 00 ef ff 22 07 06 17 11 11 01 31 74 61   .............1ta
|    272: 62 6c 65 74 38 38 74 04 43 52 45 41 54 45 20 54   blet88t.CREATE T
|    288: 41 42 4c 45 20 74 34 28 87 29 2a 06 06 17 13 11   ABLE t4(.)*.....
|    304: 01 3f 69 4f 64 65 78 74 33 78 74 33 05 43 52 45   .?iOdext3xt3.CRE
|    320: 41 54 45 20 49 6e 44 45 58 20 74 33 78 20 4f 4e   ATE InDEX t3x ON
|    336: 20 74 33 28 78 29 2e 04 06 17 15 11 01 45 69 6e    t3(x).......Ein
|    352: 64 65 2e 74 32 63 64 74 3d 05 43 52 45 41 54 45   de.t2cdt=.CREATE
|    368: 20 49 4e 44 45 58 20 74 32 63 64 20 4f 4e 20 74    INDEX t2cd ON t
|    384: 32 28 0a 0c 44 29 28 05 06 17 11 11 01 3d 74 61   2(..D)(......=ta
|    400: 62 6c 65 d4 33 74 33 04 43 52 45 41 54 45 20 54   ble.3t3.CREATE T
|    416: 41 42 4c 45 20 74 33 28 63 2c 78 2c 65 2c 66 29   ABLE t3(c,x,e,f)
|    432: 28 02 06 17 11 11 01 3d 74 61 62 6c 65 74 32 74   (......=tablet2t
|    448: 32 03 43 52 45 41 54 45 20 54 41 42 4c 45 20 74   2.CREATE TABLE t
|    464: 32 28 63 2c 64 2c 65 2c 66 29 24 01 06 17 11 11   2(c,d,e,f)$.....
|    480: 01 35 74 60 62 6c 65 74 31 74 31 02 43 52 45 41   .5t`blet1t1.CREA
|    496: 54 45 20 54 41 42 4c 45 20 74 30 28 61 2c 62 29   TE TABLE t0(a,b)
| page 2 offset 512
|      0: 0d 00 ff 11 04 01 cf 00 01 fa 01 f3 01 de 01 cf   ................
|     32: 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 13   ................
|     48: 00 00 00 00 00 00 00 00 00 00 00 01 00 20 00 00   ............. ..
|     64: 00 00 00 00 00 00 f8 ff ff ff 00 00 00 00 00 00   ................
|    160: 01 64 00 00 00 00 00 80 ff ff ff 00 00 00 00 00   .d..............
|    176: 00 00 00 00 00 00 00 00 1f 00 00 00 00 00 00 03   ................
|    192: 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00   ..@.............
|    288: 00 00 00 00 00 00 ff ff ff e9 00 00 00 00 00 00   ................
|    336: 01 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00   ................
|    368: 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ...............
|    384: 00 de ff 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
|    464: 00 00 00 00 00 13 76 65 6e 65 69 67 68 74 13 03   ......veneight..
|    480: 03 40 07 07 14 00 54 45 20 49 4e 44 45 58 20 74   .@....TE INDEX t
|    496: 32 63 64 20 4f 4e 20 74 32 28 0a 0c 44 09 01 02   2cd ON t2(..D...
| page 3 offset 1024
|      0: 0d 00 00 00 48 01 54 00 01 f7 01 ec 01 c5 01 aa   ....H.T.........
|     16: 30 34 28 87 29 2a 06 06 17 13 11 01 3f 69 4f 64   04(.)*......?iOd
|     32: 65 79 74 33 78 74 33 6d 6d 6d 6d 6d 6d 7d 6d 6d   eyt3xt3mmmmmm.mm
|     48: 6d 41 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d   mAmmmmmmmmmmmmmm
|     64: 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 66 6d 6d 6d 6d   mmmmmmmmmmmfmmmm
|     80: 6d 4e 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d   mNmmmmmmmmmmmmmm
|     96: 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d   mmmmmmmmmmmmmmmm
|    112: 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d   mmmmmmmmmmmmmmmm
|    128: 6d 6d 6d 6d 6d 00 00 00 00 00 00 00 00 00 00 00   mmmmm...........
|    160: 80 00 00 00 00 00 00 03 00 00 00 ff e4 00 00 00   ................
|    208: 00 00 00 00 00 00 00 00 00 00 00 00 00 c5 00 00   ................
|    240: 14 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00   ................
|    256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f ec   ................
|    304: 00 00 00 00 19 08 05 17 17 17 17 65 69 67 68 74   ...........eight
|    320: 65 69 67 68 74 73 65 00 00 00 00 00 00 00 00 00   eightse.........
|    336: 00 00 00 00 19 08 05 17 17 17 17 65 69 67 68 74   ...........eight
|    352: 65 69 67 68 74 73 65 01 65 6e 00 00 00 10 25 07   eightse.en....%.
|    368: 07 6e 25 07 07 07 40 18 00 00 00 00 00 00 40 18   .n%...@.......@.
|    384: 00 00 00 00 00 00 40 14 00 00 00 00 00 00 40 14   ......@.......@.
|    400: 00 00 00 00 00 00 09 06 05 01 01 01 01 04 04 03   ................
|    416: 03 07 05 05 01 01 09 09 02 02 19 04 05 17 17 17   ................
|    432: 17 10 65 76 65 6e 65 69 67 68 74 65 69 67 68 74   ..eveneighteight
|    448: 73 65 76 65 6e 25 03 05 07 07 07 07 40 14 00 00   seven%......@...
|    464: 00 00 00 00 40 18 00 00 00 00 00 00 40 18 00 00   ....@.......@...
|    480: 00 00 00 00 40 14 00 00 00 00 e8 f6 09 02 00 00   ....@...........
|    496: 00 00 00 00 00 00 00 00 00 00 64 00 00 00 00 02   ..........d.....
| page 4 offset 1536
|      0: 0d 00 00 00 00 02 00 00 00 00 00 00 00 00 00 fa   ................
|     16: 1f a1 07 00 00 00 00 00 01 00 00 00 00 00 00 00   ................
|     32: 00 00 00 00 00 00 00 00 00 00 00 00 00 73 69 6d   .............sim
|     48: 70 6c 65 00 00 00 00 00 00 00 00 00 00 00 00 00   ple.............
|     80: 00 00 00 00 00 10 00 00 00 00 00 00 01 00 00 00   ................
|     96: 00 00 00 00 00 00 00 00 00 00 00 00 00 fe ff ff   ................
|    112: ff 00 00 00 00 00 00 00 00 00 00 00 4a 00 00 00   ............J...
|    144: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00   ................
|    176: e5 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00   ................
|    208: 00 00 00 00 00 00 00 00 00 00 36 36 00 00 00 00   ..........66....
|    240: 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 00   ...l............
|    256: 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
|    320: 00 00 00 00 00 00 00 00 01 00 00 02 00 80 00 00   ................
|    336: 00 00 00 00 00 19 08 05 17 17 17 17 65 69 67 68   ............eigh
|    352: 74 65 69 67 68 74 73 65 76 65 6e 73 65 76 65 6e   teightsevenseven
|    368: 25 07 05 07 07 07 07 40 18 00 00 00 00 00 00 40   %......@.......@
|    384: 18 00 20 00 00 00 40 00 14 00 00 00 00 00 00 40   .. ...@........@
|    400: 14 00 00 00 00 00 1c 09 06 05 01 01 01 01 04 04   ................
|    416: 03 03 07 05 05 01 01 00 00 00 00 00 00 00 00 00   ................
|    448: 74 73 65 76 65 6e 00 80 ff ff 00 00 00 00 00 aa   tseven..........
|    464: 00 9e 00 00 00 00 00 00 00 00 00 00 00 70 6f 72   .............por
|    480: 74 65 72 00 00 00 00 00 00 00 00 00 00 00 00 00   ter.............
|    496: 00 00 00 00 00 00 29 00 00 00 00 00 00 00 00 00   ......).........
| page 5 offset 2048
|      0: 0a 00 00 00 08 01 96 00 01 fa 01 c5 01 f2 01 bc   ................
|     16: 01 dc 01 a6 01 96 01 cc 00 00 00 00 00 00 00 00   ................
|    112: 00 00 00 09 00 00 00 00 01 00 00 00 00 00 00 00   ................
|    160: 74 72 69 67 62 ff ff ff ff fc 00 00 00 00 00 00   trigb...........
|    240: 00 00 00 00 00 00 00 00 00 00 ff 00 00 00 00 00   ................
|    256: e5 ff ff ff 00 00 54 00 00 00 00 00 00 00 00 00   ......T.........
|    304: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00   ................
|    400: 00 00 00 00 00 09 00 00 00 00 01 00 00 00 00 00   ................
|    448: 00 00 74 72 69 67 62 ff ff ff ff fc 00 00 07 05   ..trigb.........
|    464: 05 01 01 09 09 02 02 19 04 05 17 17 17 17 10 65   ...............e
|    480: 76 65 6e 65 69 67 68 74 65 40 18 00 00 00 00 01   veneighte@......
|    496: 02 03 07 04 01 01 01 03 04 02 05 04 09 01 ff fd   ................
| end crash-6b48ba69806134.db
}]} {}

do_catchsql_test 4.1 {
  INSERT INTO t3 SELECT * FROM t2;
} {1 {database disk image is malformed}}


finish_test

Changes to test/dbfuzz001.test. 

343
344
345
346
347
348
349
350
351
352

353

354




355

|     16: 01 e0 01 d4 01 cb 01 c2 00 00 00 00 00 00 00 00   ................
|    448: 00 00 07 08 02 17 65 69 67 68 74 07 07 02 17 65   ......eight....e
|    464: 69 67 68 74 0a 06 02 07 40 18 00 00 00 00 00 00   ight....@.......
|    480: 0a 05 02 07 40 18 00 00 00 00 00 00 03 04 02 01   ....@...........
|    496: 04 03 03 02 01 04 03 02 02 01 02 03 01 02 01 02   ................
| end x/c02.db
  }]
  execsql {
    DELETE FROM t3 WHERE x IN (SELECT x FROM t4);
  }

} {}






finish_test








|
<
|
>
|
>

>
>
>
>


343
344
345
346
347
348
349
350

351
352
353
354
355
356
357
358
359
360

|     16: 01 e0 01 d4 01 cb 01 c2 00 00 00 00 00 00 00 00   ................
|    448: 00 00 07 08 02 17 65 69 67 68 74 07 07 02 17 65   ......eight....e
|    464: 69 67 68 74 0a 06 02 07 40 18 00 00 00 00 00 00   ight....@.......
|    480: 0a 05 02 07 40 18 00 00 00 00 00 00 03 04 02 01   ....@...........
|    496: 04 03 03 02 01 04 03 02 02 01 02 03 01 02 01 02   ................
| end x/c02.db
  }]
} {}


do_catchsql_test dbfuzz001-120 {
  PRAGMA integrity_check;
} {1 {database disk image is malformed}}

do_catchsql_test dbfuzz001-130 {
  DELETE FROM t3 WHERE x IN (SELECT x FROM t4);
} {1 {database disk image is malformed}}

finish_test

This page was generated in about 0.012s by Fossil 2.9 [7abfca6752] 2019-03-18 12:04:02