/ Check-in [915388ab]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an assert() in the OP_Delete opcode that could fail with a corrupt database.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 915388ab39ba3ca8681cd2613b91314aa965967f23a5bface90f54a3d6423300
User & Date: dan 2019-05-16 20:13:32
Context
2019-05-16
20:36
Initialize the 18-byte overrun area on the buffer used to reconstruct overflow btree cells during a btree search, to avoid a harmless jump-depends-on-uninit-values warning. check-in: 4b05caeb user: drh tags: trunk
20:13
Fix an assert() in the OP_Delete opcode that could fail with a corrupt database. check-in: 915388ab user: dan tags: trunk
16:44
Add new test file fts5corrupt4.test. check-in: 5dfc4fe9 user: dan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/vdbe.c.

4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794

#ifdef SQLITE_DEBUG
  if( pOp->p4type==P4_TABLE && HasRowid(pOp->p4.pTab) && pOp->p5==0 ){
    /* If p5 is zero, the seek operation that positioned the cursor prior to
    ** OP_Delete will have also set the pC->movetoTarget field to the rowid of
    ** the row that is being deleted */
    i64 iKey = sqlite3BtreeIntegerKey(pC->uc.pCursor);
    assert( pC->movetoTarget==iKey );
  }
#endif

  /* If the update-hook or pre-update-hook will be invoked, set zDb to
  ** the name of the db to pass as to it. Also set local pTab to a copy
  ** of p4.pTab. Finally, if p5 is true, indicating that this cursor was
  ** last moved with OP_Next or OP_Prev, not Seek or NotFound, set 







|







4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794

#ifdef SQLITE_DEBUG
  if( pOp->p4type==P4_TABLE && HasRowid(pOp->p4.pTab) && pOp->p5==0 ){
    /* If p5 is zero, the seek operation that positioned the cursor prior to
    ** OP_Delete will have also set the pC->movetoTarget field to the rowid of
    ** the row that is being deleted */
    i64 iKey = sqlite3BtreeIntegerKey(pC->uc.pCursor);
    assert( CORRUPT_DB || pC->movetoTarget==iKey );
  }
#endif

  /* If the update-hook or pre-update-hook will be invoked, set zDb to
  ** the name of the db to pass as to it. Also set local pTab to a copy
  ** of p4.pTab. Finally, if p5 is true, indicating that this cursor was
  ** last moved with OP_Next or OP_Prev, not Seek or NotFound, set 

Changes to test/corruptL.test.

1003
1004
1005
1006
1007
1008
1009
1010




















































1011
| end crash-41390d95d613b6.db
}]} {}

do_catchsql_test 10.1 {
  SELECT * FROM t1 WHERE a<='2019-05-09' ORDER BY a DESC;
} {1 {database disk image is malformed}}






















































finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
| end crash-41390d95d613b6.db
}]} {}

do_catchsql_test 10.1 {
  SELECT * FROM t1 WHERE a<='2019-05-09' ORDER BY a DESC;
} {1 {database disk image is malformed}}


#-------------------------------------------------------------------------
reset_db
do_test 11.0 {
  sqlite3 db {}
  db deserialize [decode_hexdb {
| size 595 pagesize 512 filename x.db
| page 1 offset 0
|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
|     16: 02 00 00 01 00 40 20 20 00 01 00 0c 00 00 00 07   .....@  ........
|     32: 00 00 00 05 07 a1 1f fa 00 00 00 08 00 00 00 04   ................
|     48: 00 00 01 00 00 49 00 00 00 00 00 05 00 00 00 00   .....I..........
|     80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c   ................
|     96: 00 2e 2c 50 0d 00 00 00 06 01 06 00 01 da 01 b0   ..,P............
|    112: 01 56 01 86 01 2a 01 06 00 00 62 00 00 00 00 00   .V...*....b.....
|    128: 00 ed e2 78 74 64 33 ff 43 52 45 41 54 45 20 49   ...xtd3.CREATE I
|    144: 4e 44 45 58 20 74 33 78 20 4f 4e 20 74 33 28 38   NDEX t3x ON t3(8
|    160: 29 2e 04 06 17 15 11 01 45 69 6e 64 65 68 74 32   ).......Eindeht2
|    176: 63 64 74 31 e5 43 52 45 41 54 45 20 49 4e 44 45   cdt1.CREATE INDE
|    192: 58 20 74 32 63 c4 20 4f 4e 20 74 32 28 63 2c 64   X t2c. ON t2(c,d
|    208: 29 28 05 06 17 01 11 11 3d 74 61 6c 36 74 62 74   )(......=tal6tbt
|    224: 65 32 04 43 52 45 41 54 45 20 54 41 42 4c 45 20   e2.CREATE TABLE 
|    240: 74 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00   t...............
|    256: 00 00 00 00 00 00 22 07 06 17 11 11 01 30 e8 03   .............0..
|    272: 62 6c 65 74 34 74 35 02 43 52 45 41 54 45 20 54   blet4t5.CREATE T
|    288: 41 42 4c 45 20 74 34 28 94 29 2a 06 06 17 13 11   ABLE t4(.)*.....
|    304: 01 3f 69 33 74 6e 65 78 78 74 64 33 ff 43 52 45   .?i3tnexxtd3.CRE
|    320: 41 54 45 20 49 4e 44 45 58 20 74 33 78 20 4f 4e   ATE INDEX t3x ON
|    336: 20 74 31 28 38 29 2e 04 06 17 15 11 01 45 69 6e    t1(8).......Ein
|    352: 64 65 68 74 32 63 64 74 31 e5 43 52 45 41 54 45   deht2cdt1.CREATE
|    368: 20 49 4e 44 45 58 20 74 32 63 c4 20 4f 4e 20 74    INDEX t2c. ON t
|    384: 32 28 63 2c 64 29 28 05 06 17 01 11 11 3d 74 61   2(c,d)(......=ta
|    400: 6c 32 74 62 74 65 32 04 43 52 45 41 54 45 20 54   l2tbte2.CREATE T
|    416: 41 42 4c 45 20 74 33 28 63 2c 78 2c 65 2c 66 29   ABLE t3(c,x,e,f)
|    432: 28 02 06 17 11 11 01 3d 74 61 9e 93 65 74 32 74   (......=ta..et2t
|    448: 32 03 43 52 45 41 54 45 20 54 41 42 4c 45 20 74   2.CREATE TABLE t
|    464: 32 28 63 2c 64 2c 65 2c 66 29 24 01 06 17 11 11   2(c,d,e,f)$.....
|    480: 01 35 55 61 62 6c 88 74 31 74 31 02 43 52 45 41   .5Uabl.t1t1.CREA
|    496: 54 45 20 54 41 42 4c 45 20 74 31 28 61 2c 62 29   TE TABLE t1(a,b)
| page 2 offset 512
|      0: 0d 00 00 00 0d 25 00 01 cf 00 01 fa 01 f3 01 de   .....%..........
|     16: 01 00 00 00 fd 00 00 0d 00 00 00 00 45 20 54 41   ............E TA
|     32: 42 4c 45 20 74 34 28 94 29 2a 06 06 17 13 11 01   BLE t4(.)*......
|     48: 3f 69 33 74 6e 65 78 78 74 64 33 ff 43 52 45 a0   ?i3tnexxtd3.CRE.
|     64: a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 74 13 11 01   ............t...
|     80: 49 45 74 00 00 00 00 00 00 00 00 00 00 00 00 00   IEt.............
| end x.db
}]} {}

do_catchsql_test 11.1 {
  DELETE FROM t3 WHERE x IN (SELECT x FROM t4);
} {1 {database disk image is malformed}}

finish_test