SQLite

Check-in [7654ae71bd]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Remove some assert() statements that can fail with corrupt databases.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 7654ae71bd26ae5d713935624d2b6cb8d2e4633f
User & Date: dan 2012-01-12 14:25:55.908
Context
2012-01-12
15:05
Fix typos in a testcase() macro introduced by the previous commit. (check-in: 0467742fd6 user: dan tags: trunk)
14:25
Remove some assert() statements that can fail with corrupt databases. (check-in: 7654ae71bd user: dan tags: trunk)
2012-01-11
16:16
Remove code made unreachable by the enhancement of the previous check-in. (check-in: 9e31a275ef user: drh tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/btree.c. 
4190
4191
4192
4193
4194
4195
4196
4197

4198
4199
4200
4201
4202
4203
4204

4190
4191
4192
4193
4194
4195
4196

4197
4198
4199
4200
4201
4202
4203
4204








-
+








  pCur->validNKey = 0;
  if( pNewPage->nCell<1 || pNewPage->intKey!=pCur->apPage[i]->intKey ){
    return SQLITE_CORRUPT_BKPT;
  }
  return SQLITE_OK;
}

#ifndef NDEBUG
#if 0
/*
** Page pParent is an internal (non-leaf) tree page. This function 
** asserts that page number iChild is the left-child if the iIdx'th
** cell in page pParent. Or, if iIdx is equal to the total number of
** cells in pParent, that page number iChild is the right-child of
** the page.
*/

4223
4224
4225
4226
4227
4228
4229







4230
4231
4232
4233
4234



4235
4236
4237
4238
4239
4240
4241

4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251








+
+
+
+
+
+
+





+
+
+








** the largest cell index.
*/
static void moveToParent(BtCursor *pCur){
  assert( cursorHoldsMutex(pCur) );
  assert( pCur->eState==CURSOR_VALID );
  assert( pCur->iPage>0 );
  assert( pCur->apPage[pCur->iPage] );

  /* UPDATE: It is actually possible for the condition tested by the assert
  ** below to be untrue if the database file is corrupt. This can occur if
  ** one cursor has modified page pParent while a reference to it is held 
  ** by a second cursor. Which can only happen if a single page is linked
  ** into more than one b-tree structure in a corrupt database.  */
#if 0
  assertParentIndex(
    pCur->apPage[pCur->iPage-1], 
    pCur->aiIdx[pCur->iPage-1], 
    pCur->apPage[pCur->iPage]->pgno
  );
#endif
  testcase( iIdx>pParent->nCell );

  releasePage(pCur->apPage[pCur->iPage]);
  pCur->iPage--;
  pCur->info.nSize = 0;
  pCur->validNKey = 0;
}

/*

4697
4698
4699
4700
4701
4702
4703






4704

4705
4706
4707
4708
4709
4710
4711

4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719

4720
4721
4722
4723
4724
4725
4726
4727








+
+
+
+
+
+
-
+








    return SQLITE_OK;
  }
  pCur->skipNext = 0;

  pPage = pCur->apPage[pCur->iPage];
  idx = ++pCur->aiIdx[pCur->iPage];
  assert( pPage->isInit );

  /* If the database file is corrupt, it is possible for the value of idx 
  ** to be invalid here. This can only occur if a second cursor modifies
  ** the page while cursor pCur is holding a reference to it. Which can
  ** only happen if the database is corrupt in such a way as to link the
  ** page into more than one b-tree structure. */
  assert( idx<=pPage->nCell );
  testcase( idx>pPage->nCell );

  pCur->info.nSize = 0;
  pCur->validNKey = 0;
  if( idx>=pPage->nCell ){
    if( !pPage->leaf ){
      rc = moveToChild(pCur, get4byte(&pPage->aData[pPage->hdrOffset+8]));
      if( rc ) return rc;
Added test/corruptF.test. 























































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

# 2012 January 12
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl
set testprefix corruptF

# Do not use a codec for tests in this file, as the database file is
# manipulated directly using tcl scripts (using the [hexio_write] command).
#
do_not_use_codec

proc str {i} { format %08d $i }

# Create a 6 page database containing a single table - t1. Table t1 
# consists of page 2 (the root page) and pages 5 and 6 (leaf pages). 
# Database pages 3 and 4 are on the free list.
#
proc create_test_db {} {
  catch { db close }
  forcedelete test.db
  sqlite3 db test.db
  db func str str
  execsql {
    PRAGMA auto_vacuum = 0;
    PRAGMA page_size = 1024;
    CREATE TABLE t1(x);         /* root page = 2 */
    CREATE TABLE t2(x);         /* root page = 3 */
    CREATE TABLE t3(x);         /* root page = 4 */

    INSERT INTO t1 VALUES(str(1));
    INSERT INTO t1 SELECT str(rowid+1) FROM t1;
    INSERT INTO t1 SELECT str(rowid+2) FROM t1;
    INSERT INTO t1 SELECT str(rowid+4) FROM t1;
    INSERT INTO t1 SELECT str(rowid+8) FROM t1;
    INSERT INTO t1 SELECT str(rowid+16) FROM t1;
    INSERT INTO t1 SELECT str(rowid+32) FROM t1;
    INSERT INTO t1 SELECT str(rowid+64) FROM t1;
    DROP TABLE t2;
    DROP TABLE t3;
  }
  db close
}

do_test 1.1 { create_test_db } {}

# Check the db is as we expect. 6 pages in total, with 3 and 4 on the free
# list. Page 3 is the free list trunk and page 4 is a leaf.
#
do_test 1.2 { file size test.db } [expr 6*1024]
do_test 1.3 { hexio_read test.db 32 4 } 00000003
do_test 1.4 { hexio_read test.db [expr 2*1024] 12 } 000000000000000100000004

# Change the free-list entry to page 6 and reopen the db file.
do_test 1.5 { 
  hexio_write test.db [expr 2*1024 + 8] 00000006 
  sqlite3 db test.db
} {}

# Now create a new table in the database file. The root of the new table
# is page 6, which is also the right-most leaf page in table t1.
#
do_execsql_test 1.6 { 
  CREATE TABLE t4(x);
  SELECT * FROM sqlite_master;
} {
  table t1 t1 2 {CREATE TABLE t1(x)} 
  table t4 t4 6 {CREATE TABLE t4(x)}
}

# At one point this was causing an assert to fail.
#
# This statement opens a cursor on table t1 and does a full table scan. As
# each row is visited, it is copied into table t4. There is no temporary
# table.
#
# When the t1 cursor reaches page 6 (which is both the right-most leaf of
# t1 and the root of t4), it continues to iterate through the keys within
# it (which at this point are keys that have been inserted into t4). And
# for each row visited, another row is inserted into page 6 - it being the
# root page of t4. Eventually, page 6 becomes full and the height of the
# b-tree for table t4 increased. From the point of view of the t1 cursor,
# this unexpectedly reduces the number of keys on page 6 in the middle of
# its iteration, which causes an assert() to fail.
#
db_save_and_close
if 1 {
for {set i 0} {$i < 128} {incr i} {
  db_restore_and_reopen
  do_test 1.7.$i { 
    set res [
      catchsql { INSERT INTO t4 SELECT x FROM t1 WHERE rowid>$i }
    ]
    if {$res == "0 {}" || $res == "1 {database disk image is malformed}"} {
      set res ""
    }
    set res
  } {}
}
}

do_test 2.1 { create_test_db } {}
do_test 2.2 { file size test.db } [expr 6*1024]
do_test 2.3 { hexio_read test.db 32 4 } 00000003
do_test 2.4 { hexio_read test.db [expr 2*1024] 12 } 000000000000000100000004

# Change the free-list entry to page 5 and reopen the db file.
do_test 2.5 { 
  hexio_write test.db [expr 2*1024 + 8] 00000005 
  sqlite3 db test.db
} {}

# Now create a new table in the database file. The root of the new table
# is page 5, which is also the right-most leaf page in table t1.
#
do_execsql_test 2.6 { 
  CREATE TABLE t4(x);
  SELECT * FROM sqlite_master;
} {
  table t1 t1 2 {CREATE TABLE t1(x)} 
  table t4 t4 5 {CREATE TABLE t4(x)}
}

db_save_and_close
for {set i 127} {$i >= 0} {incr i -1} {
  db_restore_and_reopen
  do_test 2.7.$i { 
    set res [
      catchsql { 
        INSERT INTO t4 SELECT x FROM t1 WHERE rowid<$i ORDER BY rowid DESC 
      }
    ]
    if {$res == "0 {}" || $res == "1 {database disk image is malformed}"} {
      set res ""
    }
    set res
  } {}
}

finish_test