Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a couple of assert() statments in btree.c that could fail with corrupt databases. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
5eb5e8289fa71e5e29e081d33d4a59c6 |
| User & Date: | dan 2019-01-25 13:42:12.343 |
Context
|
2019-01-25
| ||
| 14:23 | Extend fuzzcheck so that it can process dbsqlfuzz cases. Add a collection of interesting dbsqlfuzz cases to the standard test suite. (check-in: e2991a7ecf user: drh tags: trunk) | |
| 13:42 | Fix a couple of assert() statments in btree.c that could fail with corrupt databases. (check-in: 5eb5e8289f user: dan tags: trunk) | |
|
2019-01-24
| ||
| 17:41 | Fix a buffer overread in fts3 that could occur in a prefix query on a corrupted database. (check-in: d0d5689371 user: dan tags: trunk) | |
Changes
Changes to src/btree.c.
| ︙ | ︙ | |||
6106 6107 6108 6109 6110 6111 6112 |
if( rc!=SQLITE_OK ){
releasePage(*ppPage);
*ppPage = 0;
}
TRACE(("ALLOCATE: %d from end of file\n", *pPgno));
}
| | | 6106 6107 6108 6109 6110 6111 6112 6113 6114 6115 6116 6117 6118 6119 6120 |
if( rc!=SQLITE_OK ){
releasePage(*ppPage);
*ppPage = 0;
}
TRACE(("ALLOCATE: %d from end of file\n", *pPgno));
}
assert( CORRUPT_DB || *pPgno!=PENDING_BYTE_PAGE(pBt) );
end_allocate_page:
releasePage(pTrunk);
releasePage(pPrevTrunk);
assert( rc!=SQLITE_OK || sqlite3PagerPageRefcount((*ppPage)->pDbPage)<=1 );
assert( rc!=SQLITE_OK || (*ppPage)->isInit==0 );
return rc;
|
| ︙ | ︙ | |||
7171 7172 7173 7174 7175 7176 7177 |
u8 *pOut = &pSpace[4];
u8 *pCell = pPage->apOvfl[0];
u16 szCell = pPage->xCellSize(pPage, pCell);
u8 *pStop;
CellArray b;
assert( sqlite3PagerIswriteable(pNew->pDbPage) );
| | | 7171 7172 7173 7174 7175 7176 7177 7178 7179 7180 7181 7182 7183 7184 7185 |
u8 *pOut = &pSpace[4];
u8 *pCell = pPage->apOvfl[0];
u16 szCell = pPage->xCellSize(pPage, pCell);
u8 *pStop;
CellArray b;
assert( sqlite3PagerIswriteable(pNew->pDbPage) );
assert( CORRUPT_DB || pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
zeroPage(pNew, PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF);
b.nCell = 1;
b.pRef = pPage;
b.apCell = &pCell;
b.szCell = &szCell;
b.apEnd[0] = pPage->aDataEnd;
b.ixNx[0] = 2;
|
| ︙ | ︙ |
Changes to test/corruptL.test.
| ︙ | ︙ | |||
370 371 372 373 374 375 376 377 378 379 |
| 496: 02 03 07 04 01 01 01 03 04 02 05 04 09 01 ff fd ................
| end crash-6b48ba69806134.db
}]} {}
do_catchsql_test 4.1 {
INSERT INTO t3 SELECT * FROM t2;
} {1 {database disk image is malformed}}
finish_test
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 |
| 496: 02 03 07 04 01 01 01 03 04 02 05 04 09 01 ff fd ................
| end crash-6b48ba69806134.db
}]} {}
do_catchsql_test 4.1 {
INSERT INTO t3 SELECT * FROM t2;
} {1 {database disk image is malformed}}
#-------------------------------------------------------------------------
reset_db
do_test 5.0 {
sqlite3 db {}
db deserialize [decode_hexdb {
| size 192512 pagesize 4096 filename crash-9ae5502296c949.db
| page 1 offset 0
| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3.
| 16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 2f .....@ ......./
| 32: 00 00 00 1b 00 00 00 13 00 00 00 03 00 00 00 04 ................
| 48: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 00 ................
| 64: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 96: 00 00 00 00 0d 00 00 00 04 0e e2 00 0f 96 0f 44 ...............D
| 112: 0f 10 0e e2 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 3808: 00 00 2c 04 06 17 15 11 01 41 69 6e 64 65 78 74 ..,......Aindext
| 3824: 31 78 32 74 31 06 43 52 45 41 54 45 20 49 4e 44 1x2t1.CREATE IND
| 3840: 45 58 20 74 31 78 32 20 4f 4e 20 74 31 28 62 29 EX t1x2 ON t1(b)
| 3856: 32 03 06 17 15 11 01 4d 69 6e 64 65 78 74 31 78 2......Mindext1x
| 3872: 31 74 31 05 43 52 45 41 54 45 20 49 4e 44 45 58 1t1.CREATE INDEX
| 3888: 20 74 31 78 31 20 4f 4e 20 74 31 28 67 2b 68 2c t1x1 ON t1(g+h,
| 3904: 6a 2c 6b 29 50 02 06 17 2b 2b 01 59 74 61 62 6c j,k)P...++.Ytabl
| 3920: 65 73 71 6c 69 74 65 5f 73 65 71 75 65 6e 63 65 esqlite_sequence
| 3936: 73 71 6c 69 74 65 5f 73 65 71 75 65 6e 63 65 04 sqlite_sequence.
| 3952: 43 52 45 41 54 45 20 54 41 42 4c 45 20 73 71 6c CREATE TABLE sql
| 3968: 69 74 65 5f 73 65 71 75 65 6e 63 65 28 6e 61 6d ite_sequence(nam
| 3984: 65 2c 73 65 71 29 68 01 07 17 11 11 01 81 3b 74 e,seq)h.......;t
| 4000: 61 62 6c 65 74 31 74 31 03 43 52 45 41 54 45 20 ablet1t1.CREATE
| 4016: 54 41 42 4c 45 20 74 31 28 61 20 49 4e 54 45 47 TABLE t1(a INTEG
| 4032: 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59 20 41 ER PRIMARY KEY A
| 4048: 55 54 4f 49 4e 43 52 45 4d 45 4e 54 2c 0a 62 2c UTOINCREMENT,.b,
| 4064: 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 6a 2c 6b 2c c,d,e,f,g,h,j,k,
| 4080: 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 29 l,m,n,o,p,q,r,s)
| page 2 offset 4096
| 0: 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 ................
| 16: 00 00 00 00 02 10 00 00 00 05 00 00 00 03 02 00 ................
| 32: 00 00 00 05 00 00 00 03 02 00 00 00 00 05 00 00 ................
| 48: 00 03 02 00 00 00 00 05 00 00 00 03 02 00 00 00 ................
| 64: 00 05 00 00 00 03 02 00 00 00 00 05 00 00 00 03 ................
| 80: 02 00 00 00 00 05 00 00 00 03 02 00 00 00 00 05 ................
| 96: 00 00 00 03 02 00 00 00 00 05 00 00 00 03 05 00 ................
| 112: 00 00 03 03 00 00 00 23 02 00 00 00 00 03 00 00 .......#........
| 128: 00 23 02 00 00 00 00 03 00 00 00 23 02 00 00 00 .#.........#....
| 144: 00 03 00 00 00 23 02 00 00 00 00 03 00 00 00 23 .....#.........#
| 160: 05 00 00 00 06 05 00 00 00 06 02 00 00 00 00 03 ................
| 176: 00 00 00 06 02 00 00 00 00 03 00 00 00 24 02 00 .............$..
| 192: 00 00 00 03 00 00 00 24 02 00 00 00 00 03 00 00 .......$........
| 208: 00 24 02 00 00 00 00 02 00 00 00 00 03 00 00 00 .$..............
| 224: 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 $...............
| page 3 offset 8192
| 0: 05 00 00 00 09 0f d0 00 00 00 00 19 0f fb 0f f6 ................
| 16: 0f f1 0f ec 0f e7 0f e2 0f dc 0f d6 0f d0 0f a0 ................
| 32: 0f a0 0f a0 0f a0 0f a0 0f a0 0f a0 0f a0 0f a0 ................
| 1072: 00 97 4c 0a 14 00 ae 7c 00 00 00 00 00 00 00 00 ..L....|........
| 1088: 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 ................
| 4000: 0f ac 00 06 00 00 00 00 00 30 00 00 00 00 00 00 .........0......
| 4048: 00 00 00 16 81 2a 00 00 00 14 81 16 00 00 00 12 .....*..........
| 4064: 81 02 00 00 00 10 6e 00 00 00 0e 5a 00 00 00 0c ......n....Z....
| 4080: 46 00 00 00 0a 32 00 00 00 08 1e 00 00 00 18 0a F....2..........
| page 4 offset 12288
| 0: 0d 00 00 00 01 0f f7 00 0f f7 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 07 01 03 11 02 74 31 00 be ............t1..
| page 5 offset 16384
| 0: 0a 0f 7c 00 0a 0f 74 00 0f f9 0f eb 0f dd 0f cf ..|...t.........
| 16: 0f c1 0f b3 0f a4 0f 94 0f 84 0f 74 0f 74 0f 74 ...........t.t.t
| 32: 0f 74 0f 74 0f 74 0f 74 0f 74 0f 74 0f 74 00 00 .t.t.t.t.t.t.t..
| 3952: 00 00 00 00 07 05 00 00 00 02 00 be 0f 8c 00 08 ................
| 3968: 00 00 00 00 07 05 00 00 00 02 00 aa 0f 9c 00 08 ................
| 3984: 00 00 00 00 07 05 00 00 00 02 00 96 0f ac 00 08 ................
| 4000: 00 00 00 00 07 05 00 00 00 02 00 82 0f ba 00 07 ................
| 4016: 00 00 00 06 05 00 00 00 01 6e 0f c8 00 07 00 00 .........n......
| 4032: 00 06 05 00 00 00 01 5a 0f d6 00 07 00 00 00 06 .......Z........
| 4048: 05 00 00 00 01 46 0f e4 00 07 00 00 00 06 05 00 .....F..........
| 4064: 00 00 01 32 0f f2 00 07 00 00 00 06 05 00 00 00 ...2............
| 4080: 01 1e 00 00 00 07 00 00 00 06 05 00 00 00 01 0a ................
| page 6 offset 20480
| 0: 02 00 00 00 01 0e 0d 00 00 00 00 24 0e 0d 0c 1a ...........$....
| 16: 06 55 04 66 02 77 00 88 00 00 00 00 00 00 00 00 .U.f.w..........
| 128: 00 00 00 00 00 00 00 00 97 3d 04 ae 7c 01 00 00 .........=..|...
| 624: 00 00 00 00 00 00 21 97 3d 04 ae 7c 01 00 00 00 ......!.=..|....
| 1120: 00 00 00 00 00 20 97 3d 04 ae 7c 01 00 00 00 00 ..... .=..|.....
| 1616: 00 00 00 00 1f 97 3d 04 ae 7c 01 00 00 00 00 00 ......=..|......
| 2112: 00 00 00 1e 97 3d 04 ae 7c 01 00 00 00 00 00 00 .....=..|.......
| 2608: 00 00 1d 97 3d 04 ae 7c 01 00 00 00 00 00 00 00 ....=..|........
| 3088: 00 00 00 00 00 00 00 00 00 00 00 00 01 f3 00 00 ................
| 3600: 23 97 3d 04 ae 7c 01 00 00 00 00 00 00 00 00 00 #.=..|..........
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 ...............&
| page 8 offset 28672
| 0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00 ......0..0......
| 1072: 97 4d 1e 14 00 ae 7c 00 00 00 00 00 00 00 00 00 .M....|.........
| 1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 ................
| page 10 offset 36864
| 256: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00 ......0..0......
| 1072: 97 4d 32 14 00 ae 7c 00 00 00 00 00 00 00 00 00 .M2...|.........
| 1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 ................
| page 12 offset 45056
| 0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00 ......0..0......
| 1072: 97 4d 46 14 00 ae 7c 00 00 00 00 00 00 00 00 00 .MF...|.........
| 1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 ................
| page 14 offset 53248
| 0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00 ......0..0......
| 1072: 97 4d 5a 14 00 ae 7c 00 00 00 00 00 00 00 00 00 .MZ...|.........
| 1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 ................
| page 16 offset 61440
| 0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00 ......0..0......
| 1072: 97 4d 6e 14 00 ae 7c 00 00 00 00 00 00 00 00 00 .Mn...|.........
| 1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b ................
| page 18 offset 69632
| 0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00 ....../../......
| 1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 ................
| 1072: 4d 81 02 14 00 ae 7c 00 00 00 00 00 00 00 00 00 M.....|.........
| 1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d ................
| page 20 offset 77824
| 0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00 ....../../......
| 1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 ................
| 1072: 4d 81 16 14 00 ae 7c 00 00 00 00 00 00 00 00 00 M.....|.........
| 1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f ................
| page 22 offset 86016
| 0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00 ....../../......
| 1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 ................
| 1072: 4d 81 2a 14 00 ae 7c 00 00 00 00 00 00 00 00 00 M.*...|.........
| 1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 ................
| page 24 offset 94208
| 0: 0d 00 00 00 01 04 31 00 04 31 00 00 00 00 00 00 ......1..1......
| 1072: 00 97 4c 0a 14 00 ae 7c 00 00 00 00 00 00 00 00 ..L....|........
| 1088: 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 ................
| page 25 offset 98304
| 0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00 ....../../......
| 1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 ................
| 1072: 4d 81 3e 14 00 ae 7c 00 00 00 00 00 00 00 00 00 M.>...|.........
| 1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 ................
| page 26 offset 102400
| 2512: 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 00 ................
| page 27 offset 106496
| 0: 00 00 00 00 00 00 00 12 00 00 00 07 00 00 00 1d ................
| 16: 00 00 00 09 00 00 00 1f 00 00 00 0b 00 00 00 21 ...............!
| 32: 00 00 00 0d 00 00 00 25 00 00 00 0f 00 00 00 19 .......%........
| 48: 00 00 00 11 00 00 00 29 00 00 00 13 00 00 00 2b .......).......+
| 64: 00 00 00 15 00 00 00 2d 00 00 00 2e 00 00 00 17 .......-........
| page 28 offset 110592
| 2512: 00 00 00 00 00 00 00 1e 00 00 00 00 00 00 00 00 ................
| page 30 offset 118784
| 2512: 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 00 .......2........
| page 32 offset 126976
| 2512: 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 .......F........
| page 34 offset 135168
| 2512: 00 00 00 00 00 00 00 5a 00 00 00 00 00 00 00 00 .......Z........
| page 35 offset 139264
| 0: 0a 08 44 00 05 02 77 00 0e 11 0a 33 06 55 02 77 ..D...w....3.U.w
| 16: 04 66 00 88 00 88 00 88 00 00 00 00 00 00 00 00 .f..............
| 128: 00 00 00 00 00 00 00 00 04 66 01 ef 00 00 00 00 .........f......
| 624: 00 00 00 00 00 00 00 97 3d 04 ae 7c 01 00 00 00 ........=..|....
| 1120: 00 00 00 00 00 20 97 3d 04 ae 7c 01 00 00 00 00 ..... .=..|.....
| 1616: 00 00 00 00 22 97 3d 04 ae 7c 01 00 00 00 00 00 ......=..|......
| 2112: 00 00 00 1e 0c 22 01 ef 00 00 00 00 00 00 00 00 ................
| 2608: 00 00 00 97 3d 04 ae 7c 01 00 00 00 00 00 00 00 ....=..|........
| 3104: 00 1c 00 00 01 ef 00 00 00 00 00 00 00 00 00 00 ................
| 3600: 00 97 3d 04 ae 7c 01 00 00 00 00 00 00 00 00 00 ..=..|..........
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a ................
| page 36 offset 143360
| 0: 0a 08 44 00 04 02 77 00 06 55 02 77 04 66 0e 11 ..D...w..U.w.f..
| 16: 00 88 00 88 00 88 0e 11 00 00 00 00 00 00 00 00 ................
| 128: 00 00 00 00 00 00 00 00 04 76 01 ef 00 00 00 00 .........v......
| 624: 00 00 00 00 00 00 00 97 3e 04 ae 7c 02 00 00 00 ........>..|....
| 1120: 00 00 00 00 00 2a 97 3e 04 ae 7c 02 00 00 00 00 .....*.>..|.....
| 1616: 00 00 00 00 2c 97 3e 04 ae 7c 02 00 00 00 00 00 ....,.>..|......
| 2112: 00 00 00 28 00 00 05 cd 00 00 00 00 00 00 00 00 ...(............
| 3600: 00 97 3e 04 ae 7c 02 00 00 00 00 00 00 00 00 00 ..>..|..........
| 4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2f .............../
| page 38 offset 151552
| 2512: 00 00 00 00 00 00 00 6e 00 00 00 00 00 00 00 00 .......n........
| page 40 offset 159744
| 2512: 00 00 00 00 00 00 00 00 82 00 00 00 00 00 00 00 ................
| page 42 offset 167936
| 2512: 00 00 00 00 00 00 00 00 96 00 00 00 00 00 00 00 ................
| page 44 offset 176128
| 2512: 00 00 00 00 00 00 00 00 aa 00 00 00 00 00 00 00 ................
| page 47 offset 188416
| 2512: 00 00 00 00 00 00 00 00 be 00 00 00 00 00 00 00 ................
| end crash-9ae5502296c949.db
}]} {}
do_catchsql_test 5.1 {
INSERT INTO t1(b) VALUES(zeroblob(40000));
} {1 {database disk image is malformed}}
do_catchsql_test 5.2 {
DROP INDEX t1x2;
} {0 {}}
do_catchsql_test 5.3 {
INSERT INTO t1(b) VALUES(zeroblob(40000));
} {1 {database disk image is malformed}}
finish_test
|