SQLite: Check-in [5eb5e828]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Fix a couple of assert() statments in btree.c that could fail with corrupt databases.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA3-256:	5eb5e8289fa71e5e29e081d33d4a59c64b463bf6b06d7070c05c46d77d808ad4
User & Date:	dan 2019-01-25 13:42:12

Context

2019-01-25
14:23		Extend fuzzcheck so that it can process dbsqlfuzz cases. Add a collection of interesting dbsqlfuzz cases to the standard test suite. check-in: e2991a7e user: drh tags: trunk
13:42		Fix a couple of assert() statments in btree.c that could fail with corrupt databases. check-in: 5eb5e828 user: dan tags: trunk
2019-01-24
17:41		Fix a buffer overread in fts3 that could occur in a prefix query on a corrupted database. check-in: d0d56893 user: dan tags: trunk

Changes

Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/btree.c.

    if( rc!=SQLITE_OK ){
      releasePage(*ppPage);
      *ppPage = 0;
    }
    TRACE(("ALLOCATE: %d from end of file\n", *pPgno));
  }

  assert( *pPgno!=PENDING_BYTE_PAGE(pBt) );

end_allocate_page:
  releasePage(pTrunk);
  releasePage(pPrevTrunk);
  assert( rc!=SQLITE_OK || sqlite3PagerPageRefcount((*ppPage)->pDbPage)<=1 );
  assert( rc!=SQLITE_OK || (*ppPage)->isInit==0 );
  return rc;
................................................................................
    u8 *pOut = &pSpace[4];
    u8 *pCell = pPage->apOvfl[0];
    u16 szCell = pPage->xCellSize(pPage, pCell);
    u8 *pStop;
    CellArray b;

    assert( sqlite3PagerIswriteable(pNew->pDbPage) );
    assert( pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
    zeroPage(pNew, PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF);
    b.nCell = 1;
    b.pRef = pPage;
    b.apCell = &pCell;
    b.szCell = &szCell;
    b.apEnd[0] = pPage->aDataEnd;
    b.ixNx[0] = 2;

    if( rc!=SQLITE_OK ){
      releasePage(*ppPage);
      *ppPage = 0;
    }
    TRACE(("ALLOCATE: %d from end of file\n", *pPgno));
  }

  assert( CORRUPT_DB || *pPgno!=PENDING_BYTE_PAGE(pBt) );

end_allocate_page:
  releasePage(pTrunk);
  releasePage(pPrevTrunk);
  assert( rc!=SQLITE_OK || sqlite3PagerPageRefcount((*ppPage)->pDbPage)<=1 );
  assert( rc!=SQLITE_OK || (*ppPage)->isInit==0 );
  return rc;
................................................................................
    u8 *pOut = &pSpace[4];
    u8 *pCell = pPage->apOvfl[0];
    u16 szCell = pPage->xCellSize(pPage, pCell);
    u8 *pStop;
    CellArray b;

    assert( sqlite3PagerIswriteable(pNew->pDbPage) );
    assert( CORRUPT_DB || pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
    zeroPage(pNew, PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF);
    b.nCell = 1;
    b.pRef = pPage;
    b.apCell = &pCell;
    b.szCell = &szCell;
    b.apEnd[0] = pPage->aDataEnd;
    b.ixNx[0] = 2;

Changes to test/corruptL.test.

|    496: 02 03 07 04 01 01 01 03 04 02 05 04 09 01 ff fd   ................
| end crash-6b48ba69806134.db
}]} {}

do_catchsql_test 4.1 {
  INSERT INTO t3 SELECT * FROM t2;
} {1 {database disk image is malformed}}














































































































































































































finish_test










>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

|    496: 02 03 07 04 01 01 01 03 04 02 05 04 09 01 ff fd   ................
| end crash-6b48ba69806134.db
}]} {}

do_catchsql_test 4.1 {
  INSERT INTO t3 SELECT * FROM t2;
} {1 {database disk image is malformed}}


#-------------------------------------------------------------------------
reset_db
do_test 5.0 {
  sqlite3 db {}
  db deserialize [decode_hexdb {
| size 192512 pagesize 4096 filename crash-9ae5502296c949.db
| page 1 offset 0
|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
|     16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 2f   .....@  ......./
|     32: 00 00 00 1b 00 00 00 13 00 00 00 03 00 00 00 04   ................
|     48: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 00   ................
|     64: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00   ................
|     96: 00 00 00 00 0d 00 00 00 04 0e e2 00 0f 96 0f 44   ...............D
|    112: 0f 10 0e e2 00 00 00 00 00 00 00 00 00 00 00 00   ................
|   3808: 00 00 2c 04 06 17 15 11 01 41 69 6e 64 65 78 74   ..,......Aindext
|   3824: 31 78 32 74 31 06 43 52 45 41 54 45 20 49 4e 44   1x2t1.CREATE IND
|   3840: 45 58 20 74 31 78 32 20 4f 4e 20 74 31 28 62 29   EX t1x2 ON t1(b)
|   3856: 32 03 06 17 15 11 01 4d 69 6e 64 65 78 74 31 78   2......Mindext1x
|   3872: 31 74 31 05 43 52 45 41 54 45 20 49 4e 44 45 58   1t1.CREATE INDEX
|   3888: 20 74 31 78 31 20 4f 4e 20 74 31 28 67 2b 68 2c    t1x1 ON t1(g+h,
|   3904: 6a 2c 6b 29 50 02 06 17 2b 2b 01 59 74 61 62 6c   j,k)P...++.Ytabl
|   3920: 65 73 71 6c 69 74 65 5f 73 65 71 75 65 6e 63 65   esqlite_sequence
|   3936: 73 71 6c 69 74 65 5f 73 65 71 75 65 6e 63 65 04   sqlite_sequence.
|   3952: 43 52 45 41 54 45 20 54 41 42 4c 45 20 73 71 6c   CREATE TABLE sql
|   3968: 69 74 65 5f 73 65 71 75 65 6e 63 65 28 6e 61 6d   ite_sequence(nam
|   3984: 65 2c 73 65 71 29 68 01 07 17 11 11 01 81 3b 74   e,seq)h.......;t
|   4000: 61 62 6c 65 74 31 74 31 03 43 52 45 41 54 45 20   ablet1t1.CREATE 
|   4016: 54 41 42 4c 45 20 74 31 28 61 20 49 4e 54 45 47   TABLE t1(a INTEG
|   4032: 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59 20 41   ER PRIMARY KEY A
|   4048: 55 54 4f 49 4e 43 52 45 4d 45 4e 54 2c 0a 62 2c   UTOINCREMENT,.b,
|   4064: 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 6a 2c 6b 2c   c,d,e,f,g,h,j,k,
|   4080: 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 29   l,m,n,o,p,q,r,s)
| page 2 offset 4096
|      0: 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01   ................
|     16: 00 00 00 00 02 10 00 00 00 05 00 00 00 03 02 00   ................
|     32: 00 00 00 05 00 00 00 03 02 00 00 00 00 05 00 00   ................
|     48: 00 03 02 00 00 00 00 05 00 00 00 03 02 00 00 00   ................
|     64: 00 05 00 00 00 03 02 00 00 00 00 05 00 00 00 03   ................
|     80: 02 00 00 00 00 05 00 00 00 03 02 00 00 00 00 05   ................
|     96: 00 00 00 03 02 00 00 00 00 05 00 00 00 03 05 00   ................
|    112: 00 00 03 03 00 00 00 23 02 00 00 00 00 03 00 00   .......#........
|    128: 00 23 02 00 00 00 00 03 00 00 00 23 02 00 00 00   .#.........#....
|    144: 00 03 00 00 00 23 02 00 00 00 00 03 00 00 00 23   .....#.........#
|    160: 05 00 00 00 06 05 00 00 00 06 02 00 00 00 00 03   ................
|    176: 00 00 00 06 02 00 00 00 00 03 00 00 00 24 02 00   .............$..
|    192: 00 00 00 03 00 00 00 24 02 00 00 00 00 03 00 00   .......$........
|    208: 00 24 02 00 00 00 00 02 00 00 00 00 03 00 00 00   .$..............
|    224: 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   $...............
| page 3 offset 8192
|      0: 05 00 00 00 09 0f d0 00 00 00 00 19 0f fb 0f f6   ................
|     16: 0f f1 0f ec 0f e7 0f e2 0f dc 0f d6 0f d0 0f a0   ................
|     32: 0f a0 0f a0 0f a0 0f a0 0f a0 0f a0 0f a0 0f a0   ................
|   1072: 00 97 4c 0a 14 00 ae 7c 00 00 00 00 00 00 00 00   ..L....|........
|   1088: 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00   ................
|   4000: 0f ac 00 06 00 00 00 00 00 30 00 00 00 00 00 00   .........0......
|   4048: 00 00 00 16 81 2a 00 00 00 14 81 16 00 00 00 12   .....*..........
|   4064: 81 02 00 00 00 10 6e 00 00 00 0e 5a 00 00 00 0c   ......n....Z....
|   4080: 46 00 00 00 0a 32 00 00 00 08 1e 00 00 00 18 0a   F....2..........
| page 4 offset 12288
|      0: 0d 00 00 00 01 0f f7 00 0f f7 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 07 01 03 11 02 74 31 00 be   ............t1..
| page 5 offset 16384
|      0: 0a 0f 7c 00 0a 0f 74 00 0f f9 0f eb 0f dd 0f cf   ..|...t.........
|     16: 0f c1 0f b3 0f a4 0f 94 0f 84 0f 74 0f 74 0f 74   ...........t.t.t
|     32: 0f 74 0f 74 0f 74 0f 74 0f 74 0f 74 0f 74 00 00   .t.t.t.t.t.t.t..
|   3952: 00 00 00 00 07 05 00 00 00 02 00 be 0f 8c 00 08   ................
|   3968: 00 00 00 00 07 05 00 00 00 02 00 aa 0f 9c 00 08   ................
|   3984: 00 00 00 00 07 05 00 00 00 02 00 96 0f ac 00 08   ................
|   4000: 00 00 00 00 07 05 00 00 00 02 00 82 0f ba 00 07   ................
|   4016: 00 00 00 06 05 00 00 00 01 6e 0f c8 00 07 00 00   .........n......
|   4032: 00 06 05 00 00 00 01 5a 0f d6 00 07 00 00 00 06   .......Z........
|   4048: 05 00 00 00 01 46 0f e4 00 07 00 00 00 06 05 00   .....F..........
|   4064: 00 00 01 32 0f f2 00 07 00 00 00 06 05 00 00 00   ...2............
|   4080: 01 1e 00 00 00 07 00 00 00 06 05 00 00 00 01 0a   ................
| page 6 offset 20480
|      0: 02 00 00 00 01 0e 0d 00 00 00 00 24 0e 0d 0c 1a   ...........$....
|     16: 06 55 04 66 02 77 00 88 00 00 00 00 00 00 00 00   .U.f.w..........
|    128: 00 00 00 00 00 00 00 00 97 3d 04 ae 7c 01 00 00   .........=..|...
|    624: 00 00 00 00 00 00 21 97 3d 04 ae 7c 01 00 00 00   ......!.=..|....
|   1120: 00 00 00 00 00 20 97 3d 04 ae 7c 01 00 00 00 00   ..... .=..|.....
|   1616: 00 00 00 00 1f 97 3d 04 ae 7c 01 00 00 00 00 00   ......=..|......
|   2112: 00 00 00 1e 97 3d 04 ae 7c 01 00 00 00 00 00 00   .....=..|.......
|   2608: 00 00 1d 97 3d 04 ae 7c 01 00 00 00 00 00 00 00   ....=..|........
|   3088: 00 00 00 00 00 00 00 00 00 00 00 00 01 f3 00 00   ................
|   3600: 23 97 3d 04 ae 7c 01 00 00 00 00 00 00 00 00 00   #.=..|..........
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26   ...............&
| page 8 offset 28672
|      0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
|   1072: 97 4d 1e 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .M....|.........
|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03   ................
| page 10 offset 36864
|    256: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
|   1072: 97 4d 32 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .M2...|.........
|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05   ................
| page 12 offset 45056
|      0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
|   1072: 97 4d 46 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .MF...|.........
|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07   ................
| page 14 offset 53248
|      0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
|   1072: 97 4d 5a 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .MZ...|.........
|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09   ................
| page 16 offset 61440
|      0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
|   1072: 97 4d 6e 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .Mn...|.........
|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b   ................
| page 18 offset 69632
|      0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00   ....../../......
|   1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97   ................
|   1072: 4d 81 02 14 00 ae 7c 00 00 00 00 00 00 00 00 00   M.....|.........
|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d   ................
| page 20 offset 77824
|      0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00   ....../../......
|   1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97   ................
|   1072: 4d 81 16 14 00 ae 7c 00 00 00 00 00 00 00 00 00   M.....|.........
|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f   ................
| page 22 offset 86016
|      0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00   ....../../......
|   1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97   ................
|   1072: 4d 81 2a 14 00 ae 7c 00 00 00 00 00 00 00 00 00   M.*...|.........
|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11   ................
| page 24 offset 94208
|      0: 0d 00 00 00 01 04 31 00 04 31 00 00 00 00 00 00   ......1..1......
|   1072: 00 97 4c 0a 14 00 ae 7c 00 00 00 00 00 00 00 00   ..L....|........
|   1088: 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00   ................
| page 25 offset 98304
|      0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00   ....../../......
|   1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97   ................
|   1072: 4d 81 3e 14 00 ae 7c 00 00 00 00 00 00 00 00 00   M.>...|.........
|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13   ................
| page 26 offset 102400
|   2512: 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 00   ................
| page 27 offset 106496
|      0: 00 00 00 00 00 00 00 12 00 00 00 07 00 00 00 1d   ................
|     16: 00 00 00 09 00 00 00 1f 00 00 00 0b 00 00 00 21   ...............!
|     32: 00 00 00 0d 00 00 00 25 00 00 00 0f 00 00 00 19   .......%........
|     48: 00 00 00 11 00 00 00 29 00 00 00 13 00 00 00 2b   .......).......+
|     64: 00 00 00 15 00 00 00 2d 00 00 00 2e 00 00 00 17   .......-........
| page 28 offset 110592
|   2512: 00 00 00 00 00 00 00 1e 00 00 00 00 00 00 00 00   ................
| page 30 offset 118784
|   2512: 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 00   .......2........
| page 32 offset 126976
|   2512: 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00   .......F........
| page 34 offset 135168
|   2512: 00 00 00 00 00 00 00 5a 00 00 00 00 00 00 00 00   .......Z........
| page 35 offset 139264
|      0: 0a 08 44 00 05 02 77 00 0e 11 0a 33 06 55 02 77   ..D...w....3.U.w
|     16: 04 66 00 88 00 88 00 88 00 00 00 00 00 00 00 00   .f..............
|    128: 00 00 00 00 00 00 00 00 04 66 01 ef 00 00 00 00   .........f......
|    624: 00 00 00 00 00 00 00 97 3d 04 ae 7c 01 00 00 00   ........=..|....
|   1120: 00 00 00 00 00 20 97 3d 04 ae 7c 01 00 00 00 00   ..... .=..|.....
|   1616: 00 00 00 00 22 97 3d 04 ae 7c 01 00 00 00 00 00   ......=..|......
|   2112: 00 00 00 1e 0c 22 01 ef 00 00 00 00 00 00 00 00   ................
|   2608: 00 00 00 97 3d 04 ae 7c 01 00 00 00 00 00 00 00   ....=..|........
|   3104: 00 1c 00 00 01 ef 00 00 00 00 00 00 00 00 00 00   ................
|   3600: 00 97 3d 04 ae 7c 01 00 00 00 00 00 00 00 00 00   ..=..|..........
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a   ................
| page 36 offset 143360
|      0: 0a 08 44 00 04 02 77 00 06 55 02 77 04 66 0e 11   ..D...w..U.w.f..
|     16: 00 88 00 88 00 88 0e 11 00 00 00 00 00 00 00 00   ................
|    128: 00 00 00 00 00 00 00 00 04 76 01 ef 00 00 00 00   .........v......
|    624: 00 00 00 00 00 00 00 97 3e 04 ae 7c 02 00 00 00   ........>..|....
|   1120: 00 00 00 00 00 2a 97 3e 04 ae 7c 02 00 00 00 00   .....*.>..|.....
|   1616: 00 00 00 00 2c 97 3e 04 ae 7c 02 00 00 00 00 00   ....,.>..|......
|   2112: 00 00 00 28 00 00 05 cd 00 00 00 00 00 00 00 00   ...(............
|   3600: 00 97 3e 04 ae 7c 02 00 00 00 00 00 00 00 00 00   ..>..|..........
|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2f   .............../
| page 38 offset 151552
|   2512: 00 00 00 00 00 00 00 6e 00 00 00 00 00 00 00 00   .......n........
| page 40 offset 159744
|   2512: 00 00 00 00 00 00 00 00 82 00 00 00 00 00 00 00   ................
| page 42 offset 167936
|   2512: 00 00 00 00 00 00 00 00 96 00 00 00 00 00 00 00   ................
| page 44 offset 176128
|   2512: 00 00 00 00 00 00 00 00 aa 00 00 00 00 00 00 00   ................
| page 47 offset 188416
|   2512: 00 00 00 00 00 00 00 00 be 00 00 00 00 00 00 00   ................
| end crash-9ae5502296c949.db
}]} {}

do_catchsql_test 5.1 {
  INSERT INTO t1(b) VALUES(zeroblob(40000));
} {1 {database disk image is malformed}}

do_catchsql_test 5.2 {
  DROP INDEX t1x2;
} {0 {}}

do_catchsql_test 5.3 {
  INSERT INTO t1(b) VALUES(zeroblob(40000));
} {1 {database disk image is malformed}}



finish_test