/ Check-in [5eb5e828]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a couple of assert() statments in btree.c that could fail with corrupt databases.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 5eb5e8289fa71e5e29e081d33d4a59c64b463bf6b06d7070c05c46d77d808ad4
User & Date: dan 2019-01-25 13:42:12
Context
2019-01-25
14:23
Extend fuzzcheck so that it can process dbsqlfuzz cases. Add a collection of interesting dbsqlfuzz cases to the standard test suite. check-in: e2991a7e user: drh tags: trunk
13:42
Fix a couple of assert() statments in btree.c that could fail with corrupt databases. check-in: 5eb5e828 user: dan tags: trunk
2019-01-24
17:41
Fix a buffer overread in fts3 that could occur in a prefix query on a corrupted database. check-in: d0d56893 user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

  6106   6106       if( rc!=SQLITE_OK ){
  6107   6107         releasePage(*ppPage);
  6108   6108         *ppPage = 0;
  6109   6109       }
  6110   6110       TRACE(("ALLOCATE: %d from end of file\n", *pPgno));
  6111   6111     }
  6112   6112   
  6113         -  assert( *pPgno!=PENDING_BYTE_PAGE(pBt) );
         6113  +  assert( CORRUPT_DB || *pPgno!=PENDING_BYTE_PAGE(pBt) );
  6114   6114   
  6115   6115   end_allocate_page:
  6116   6116     releasePage(pTrunk);
  6117   6117     releasePage(pPrevTrunk);
  6118   6118     assert( rc!=SQLITE_OK || sqlite3PagerPageRefcount((*ppPage)->pDbPage)<=1 );
  6119   6119     assert( rc!=SQLITE_OK || (*ppPage)->isInit==0 );
  6120   6120     return rc;
................................................................................
  7171   7171       u8 *pOut = &pSpace[4];
  7172   7172       u8 *pCell = pPage->apOvfl[0];
  7173   7173       u16 szCell = pPage->xCellSize(pPage, pCell);
  7174   7174       u8 *pStop;
  7175   7175       CellArray b;
  7176   7176   
  7177   7177       assert( sqlite3PagerIswriteable(pNew->pDbPage) );
  7178         -    assert( pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
         7178  +    assert( CORRUPT_DB || pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
  7179   7179       zeroPage(pNew, PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF);
  7180   7180       b.nCell = 1;
  7181   7181       b.pRef = pPage;
  7182   7182       b.apCell = &pCell;
  7183   7183       b.szCell = &szCell;
  7184   7184       b.apEnd[0] = pPage->aDataEnd;
  7185   7185       b.ixNx[0] = 2;

Changes to test/corruptL.test.

   370    370   |    496: 02 03 07 04 01 01 01 03 04 02 05 04 09 01 ff fd   ................
   371    371   | end crash-6b48ba69806134.db
   372    372   }]} {}
   373    373   
   374    374   do_catchsql_test 4.1 {
   375    375     INSERT INTO t3 SELECT * FROM t2;
   376    376   } {1 {database disk image is malformed}}
          377  +
          378  +
          379  +#-------------------------------------------------------------------------
          380  +reset_db
          381  +do_test 5.0 {
          382  +  sqlite3 db {}
          383  +  db deserialize [decode_hexdb {
          384  +| size 192512 pagesize 4096 filename crash-9ae5502296c949.db
          385  +| page 1 offset 0
          386  +|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
          387  +|     16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 2f   .....@  ......./
          388  +|     32: 00 00 00 1b 00 00 00 13 00 00 00 03 00 00 00 04   ................
          389  +|     48: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 00   ................
          390  +|     64: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00   ................
          391  +|     96: 00 00 00 00 0d 00 00 00 04 0e e2 00 0f 96 0f 44   ...............D
          392  +|    112: 0f 10 0e e2 00 00 00 00 00 00 00 00 00 00 00 00   ................
          393  +|   3808: 00 00 2c 04 06 17 15 11 01 41 69 6e 64 65 78 74   ..,......Aindext
          394  +|   3824: 31 78 32 74 31 06 43 52 45 41 54 45 20 49 4e 44   1x2t1.CREATE IND
          395  +|   3840: 45 58 20 74 31 78 32 20 4f 4e 20 74 31 28 62 29   EX t1x2 ON t1(b)
          396  +|   3856: 32 03 06 17 15 11 01 4d 69 6e 64 65 78 74 31 78   2......Mindext1x
          397  +|   3872: 31 74 31 05 43 52 45 41 54 45 20 49 4e 44 45 58   1t1.CREATE INDEX
          398  +|   3888: 20 74 31 78 31 20 4f 4e 20 74 31 28 67 2b 68 2c    t1x1 ON t1(g+h,
          399  +|   3904: 6a 2c 6b 29 50 02 06 17 2b 2b 01 59 74 61 62 6c   j,k)P...++.Ytabl
          400  +|   3920: 65 73 71 6c 69 74 65 5f 73 65 71 75 65 6e 63 65   esqlite_sequence
          401  +|   3936: 73 71 6c 69 74 65 5f 73 65 71 75 65 6e 63 65 04   sqlite_sequence.
          402  +|   3952: 43 52 45 41 54 45 20 54 41 42 4c 45 20 73 71 6c   CREATE TABLE sql
          403  +|   3968: 69 74 65 5f 73 65 71 75 65 6e 63 65 28 6e 61 6d   ite_sequence(nam
          404  +|   3984: 65 2c 73 65 71 29 68 01 07 17 11 11 01 81 3b 74   e,seq)h.......;t
          405  +|   4000: 61 62 6c 65 74 31 74 31 03 43 52 45 41 54 45 20   ablet1t1.CREATE 
          406  +|   4016: 54 41 42 4c 45 20 74 31 28 61 20 49 4e 54 45 47   TABLE t1(a INTEG
          407  +|   4032: 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59 20 41   ER PRIMARY KEY A
          408  +|   4048: 55 54 4f 49 4e 43 52 45 4d 45 4e 54 2c 0a 62 2c   UTOINCREMENT,.b,
          409  +|   4064: 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 6a 2c 6b 2c   c,d,e,f,g,h,j,k,
          410  +|   4080: 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 29   l,m,n,o,p,q,r,s)
          411  +| page 2 offset 4096
          412  +|      0: 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01   ................
          413  +|     16: 00 00 00 00 02 10 00 00 00 05 00 00 00 03 02 00   ................
          414  +|     32: 00 00 00 05 00 00 00 03 02 00 00 00 00 05 00 00   ................
          415  +|     48: 00 03 02 00 00 00 00 05 00 00 00 03 02 00 00 00   ................
          416  +|     64: 00 05 00 00 00 03 02 00 00 00 00 05 00 00 00 03   ................
          417  +|     80: 02 00 00 00 00 05 00 00 00 03 02 00 00 00 00 05   ................
          418  +|     96: 00 00 00 03 02 00 00 00 00 05 00 00 00 03 05 00   ................
          419  +|    112: 00 00 03 03 00 00 00 23 02 00 00 00 00 03 00 00   .......#........
          420  +|    128: 00 23 02 00 00 00 00 03 00 00 00 23 02 00 00 00   .#.........#....
          421  +|    144: 00 03 00 00 00 23 02 00 00 00 00 03 00 00 00 23   .....#.........#
          422  +|    160: 05 00 00 00 06 05 00 00 00 06 02 00 00 00 00 03   ................
          423  +|    176: 00 00 00 06 02 00 00 00 00 03 00 00 00 24 02 00   .............$..
          424  +|    192: 00 00 00 03 00 00 00 24 02 00 00 00 00 03 00 00   .......$........
          425  +|    208: 00 24 02 00 00 00 00 02 00 00 00 00 03 00 00 00   .$..............
          426  +|    224: 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   $...............
          427  +| page 3 offset 8192
          428  +|      0: 05 00 00 00 09 0f d0 00 00 00 00 19 0f fb 0f f6   ................
          429  +|     16: 0f f1 0f ec 0f e7 0f e2 0f dc 0f d6 0f d0 0f a0   ................
          430  +|     32: 0f a0 0f a0 0f a0 0f a0 0f a0 0f a0 0f a0 0f a0   ................
          431  +|   1072: 00 97 4c 0a 14 00 ae 7c 00 00 00 00 00 00 00 00   ..L....|........
          432  +|   1088: 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00   ................
          433  +|   4000: 0f ac 00 06 00 00 00 00 00 30 00 00 00 00 00 00   .........0......
          434  +|   4048: 00 00 00 16 81 2a 00 00 00 14 81 16 00 00 00 12   .....*..........
          435  +|   4064: 81 02 00 00 00 10 6e 00 00 00 0e 5a 00 00 00 0c   ......n....Z....
          436  +|   4080: 46 00 00 00 0a 32 00 00 00 08 1e 00 00 00 18 0a   F....2..........
          437  +| page 4 offset 12288
          438  +|      0: 0d 00 00 00 01 0f f7 00 0f f7 00 00 00 00 00 00   ................
          439  +|   4080: 00 00 00 00 00 00 00 07 01 03 11 02 74 31 00 be   ............t1..
          440  +| page 5 offset 16384
          441  +|      0: 0a 0f 7c 00 0a 0f 74 00 0f f9 0f eb 0f dd 0f cf   ..|...t.........
          442  +|     16: 0f c1 0f b3 0f a4 0f 94 0f 84 0f 74 0f 74 0f 74   ...........t.t.t
          443  +|     32: 0f 74 0f 74 0f 74 0f 74 0f 74 0f 74 0f 74 00 00   .t.t.t.t.t.t.t..
          444  +|   3952: 00 00 00 00 07 05 00 00 00 02 00 be 0f 8c 00 08   ................
          445  +|   3968: 00 00 00 00 07 05 00 00 00 02 00 aa 0f 9c 00 08   ................
          446  +|   3984: 00 00 00 00 07 05 00 00 00 02 00 96 0f ac 00 08   ................
          447  +|   4000: 00 00 00 00 07 05 00 00 00 02 00 82 0f ba 00 07   ................
          448  +|   4016: 00 00 00 06 05 00 00 00 01 6e 0f c8 00 07 00 00   .........n......
          449  +|   4032: 00 06 05 00 00 00 01 5a 0f d6 00 07 00 00 00 06   .......Z........
          450  +|   4048: 05 00 00 00 01 46 0f e4 00 07 00 00 00 06 05 00   .....F..........
          451  +|   4064: 00 00 01 32 0f f2 00 07 00 00 00 06 05 00 00 00   ...2............
          452  +|   4080: 01 1e 00 00 00 07 00 00 00 06 05 00 00 00 01 0a   ................
          453  +| page 6 offset 20480
          454  +|      0: 02 00 00 00 01 0e 0d 00 00 00 00 24 0e 0d 0c 1a   ...........$....
          455  +|     16: 06 55 04 66 02 77 00 88 00 00 00 00 00 00 00 00   .U.f.w..........
          456  +|    128: 00 00 00 00 00 00 00 00 97 3d 04 ae 7c 01 00 00   .........=..|...
          457  +|    624: 00 00 00 00 00 00 21 97 3d 04 ae 7c 01 00 00 00   ......!.=..|....
          458  +|   1120: 00 00 00 00 00 20 97 3d 04 ae 7c 01 00 00 00 00   ..... .=..|.....
          459  +|   1616: 00 00 00 00 1f 97 3d 04 ae 7c 01 00 00 00 00 00   ......=..|......
          460  +|   2112: 00 00 00 1e 97 3d 04 ae 7c 01 00 00 00 00 00 00   .....=..|.......
          461  +|   2608: 00 00 1d 97 3d 04 ae 7c 01 00 00 00 00 00 00 00   ....=..|........
          462  +|   3088: 00 00 00 00 00 00 00 00 00 00 00 00 01 f3 00 00   ................
          463  +|   3600: 23 97 3d 04 ae 7c 01 00 00 00 00 00 00 00 00 00   #.=..|..........
          464  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26   ...............&
          465  +| page 8 offset 28672
          466  +|      0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
          467  +|   1072: 97 4d 1e 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .M....|.........
          468  +|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
          469  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03   ................
          470  +| page 10 offset 36864
          471  +|    256: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
          472  +|   1072: 97 4d 32 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .M2...|.........
          473  +|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
          474  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05   ................
          475  +| page 12 offset 45056
          476  +|      0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
          477  +|   1072: 97 4d 46 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .MF...|.........
          478  +|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
          479  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07   ................
          480  +| page 14 offset 53248
          481  +|      0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
          482  +|   1072: 97 4d 5a 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .MZ...|.........
          483  +|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
          484  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09   ................
          485  +| page 16 offset 61440
          486  +|      0: 0d 00 00 00 01 04 30 00 04 30 00 00 00 00 00 00   ......0..0......
          487  +|   1072: 97 4d 6e 14 00 ae 7c 00 00 00 00 00 00 00 00 00   .Mn...|.........
          488  +|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
          489  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b   ................
          490  +| page 18 offset 69632
          491  +|      0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00   ....../../......
          492  +|   1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97   ................
          493  +|   1072: 4d 81 02 14 00 ae 7c 00 00 00 00 00 00 00 00 00   M.....|.........
          494  +|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
          495  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d   ................
          496  +| page 20 offset 77824
          497  +|      0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00   ....../../......
          498  +|   1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97   ................
          499  +|   1072: 4d 81 16 14 00 ae 7c 00 00 00 00 00 00 00 00 00   M.....|.........
          500  +|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
          501  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f   ................
          502  +| page 22 offset 86016
          503  +|      0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00   ....../../......
          504  +|   1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97   ................
          505  +|   1072: 4d 81 2a 14 00 ae 7c 00 00 00 00 00 00 00 00 00   M.*...|.........
          506  +|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
          507  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11   ................
          508  +| page 24 offset 94208
          509  +|      0: 0d 00 00 00 01 04 31 00 04 31 00 00 00 00 00 00   ......1..1......
          510  +|   1072: 00 97 4c 0a 14 00 ae 7c 00 00 00 00 00 00 00 00   ..L....|........
          511  +|   1088: 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00   ................
          512  +| page 25 offset 98304
          513  +|      0: 0d 00 00 00 01 04 2f 00 04 2f 00 00 00 00 00 00   ....../../......
          514  +|   1056: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97   ................
          515  +|   1072: 4d 81 3e 14 00 ae 7c 00 00 00 00 00 00 00 00 00   M.>...|.........
          516  +|   1088: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00   ................
          517  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13   ................
          518  +| page 26 offset 102400
          519  +|   2512: 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 00   ................
          520  +| page 27 offset 106496
          521  +|      0: 00 00 00 00 00 00 00 12 00 00 00 07 00 00 00 1d   ................
          522  +|     16: 00 00 00 09 00 00 00 1f 00 00 00 0b 00 00 00 21   ...............!
          523  +|     32: 00 00 00 0d 00 00 00 25 00 00 00 0f 00 00 00 19   .......%........
          524  +|     48: 00 00 00 11 00 00 00 29 00 00 00 13 00 00 00 2b   .......).......+
          525  +|     64: 00 00 00 15 00 00 00 2d 00 00 00 2e 00 00 00 17   .......-........
          526  +| page 28 offset 110592
          527  +|   2512: 00 00 00 00 00 00 00 1e 00 00 00 00 00 00 00 00   ................
          528  +| page 30 offset 118784
          529  +|   2512: 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 00   .......2........
          530  +| page 32 offset 126976
          531  +|   2512: 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00   .......F........
          532  +| page 34 offset 135168
          533  +|   2512: 00 00 00 00 00 00 00 5a 00 00 00 00 00 00 00 00   .......Z........
          534  +| page 35 offset 139264
          535  +|      0: 0a 08 44 00 05 02 77 00 0e 11 0a 33 06 55 02 77   ..D...w....3.U.w
          536  +|     16: 04 66 00 88 00 88 00 88 00 00 00 00 00 00 00 00   .f..............
          537  +|    128: 00 00 00 00 00 00 00 00 04 66 01 ef 00 00 00 00   .........f......
          538  +|    624: 00 00 00 00 00 00 00 97 3d 04 ae 7c 01 00 00 00   ........=..|....
          539  +|   1120: 00 00 00 00 00 20 97 3d 04 ae 7c 01 00 00 00 00   ..... .=..|.....
          540  +|   1616: 00 00 00 00 22 97 3d 04 ae 7c 01 00 00 00 00 00   ......=..|......
          541  +|   2112: 00 00 00 1e 0c 22 01 ef 00 00 00 00 00 00 00 00   ................
          542  +|   2608: 00 00 00 97 3d 04 ae 7c 01 00 00 00 00 00 00 00   ....=..|........
          543  +|   3104: 00 1c 00 00 01 ef 00 00 00 00 00 00 00 00 00 00   ................
          544  +|   3600: 00 97 3d 04 ae 7c 01 00 00 00 00 00 00 00 00 00   ..=..|..........
          545  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a   ................
          546  +| page 36 offset 143360
          547  +|      0: 0a 08 44 00 04 02 77 00 06 55 02 77 04 66 0e 11   ..D...w..U.w.f..
          548  +|     16: 00 88 00 88 00 88 0e 11 00 00 00 00 00 00 00 00   ................
          549  +|    128: 00 00 00 00 00 00 00 00 04 76 01 ef 00 00 00 00   .........v......
          550  +|    624: 00 00 00 00 00 00 00 97 3e 04 ae 7c 02 00 00 00   ........>..|....
          551  +|   1120: 00 00 00 00 00 2a 97 3e 04 ae 7c 02 00 00 00 00   .....*.>..|.....
          552  +|   1616: 00 00 00 00 2c 97 3e 04 ae 7c 02 00 00 00 00 00   ....,.>..|......
          553  +|   2112: 00 00 00 28 00 00 05 cd 00 00 00 00 00 00 00 00   ...(............
          554  +|   3600: 00 97 3e 04 ae 7c 02 00 00 00 00 00 00 00 00 00   ..>..|..........
          555  +|   4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2f   .............../
          556  +| page 38 offset 151552
          557  +|   2512: 00 00 00 00 00 00 00 6e 00 00 00 00 00 00 00 00   .......n........
          558  +| page 40 offset 159744
          559  +|   2512: 00 00 00 00 00 00 00 00 82 00 00 00 00 00 00 00   ................
          560  +| page 42 offset 167936
          561  +|   2512: 00 00 00 00 00 00 00 00 96 00 00 00 00 00 00 00   ................
          562  +| page 44 offset 176128
          563  +|   2512: 00 00 00 00 00 00 00 00 aa 00 00 00 00 00 00 00   ................
          564  +| page 47 offset 188416
          565  +|   2512: 00 00 00 00 00 00 00 00 be 00 00 00 00 00 00 00   ................
          566  +| end crash-9ae5502296c949.db
          567  +}]} {}
          568  +
          569  +do_catchsql_test 5.1 {
          570  +  INSERT INTO t1(b) VALUES(zeroblob(40000));
          571  +} {1 {database disk image is malformed}}
          572  +
          573  +do_catchsql_test 5.2 {
          574  +  DROP INDEX t1x2;
          575  +} {0 {}}
          576  +
          577  +do_catchsql_test 5.3 {
          578  +  INSERT INTO t1(b) VALUES(zeroblob(40000));
          579  +} {1 {database disk image is malformed}}
          580  +
   377    581   
   378    582   
   379    583   finish_test