/ Check-in [aa18c8e9]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Have the b-tree layer return SQLITE_CORRUPT to any attempt to open a cursor with a root page number less than 1.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: aa18c8e9d1676b1caa53bc5f5c1dc5f201089b88
User & Date: dan 2015-05-25 19:24:36
Context
2015-05-25
20:04
Fix a case of a corrupt database causing SQLite to read from up to 4 bytes before the start of a memory allocation. check-in: 7d2c4f7b user: dan tags: trunk
19:37
Merge the btree fixes out of trunk. check-in: f3cd8cec user: drh tags: fuzzcheck
19:24
Have the b-tree layer return SQLITE_CORRUPT to any attempt to open a cursor with a root page number less than 1. check-in: aa18c8e9 user: dan tags: trunk
18:47
Fix a couple of btree asserts that would fail when encountering 32-bit rollover in cell payload size fields (cell payloads this large always indicate corruption). check-in: 8fa0937a user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

  3884   3884     Btree *p,                                   /* The btree */
  3885   3885     int iTable,                                 /* Root page of table to open */
  3886   3886     int wrFlag,                                 /* 1 to write. 0 read-only */
  3887   3887     struct KeyInfo *pKeyInfo,                   /* First arg to xCompare() */
  3888   3888     BtCursor *pCur                              /* Write new cursor here */
  3889   3889   ){
  3890   3890     int rc;
  3891         -  sqlite3BtreeEnter(p);
  3892         -  rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
  3893         -  sqlite3BtreeLeave(p);
         3891  +  if( iTable<1 ){
         3892  +    rc = SQLITE_CORRUPT_BKPT;
         3893  +  }else{
         3894  +    sqlite3BtreeEnter(p);
         3895  +    rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
         3896  +    sqlite3BtreeLeave(p);
         3897  +  }
  3894   3898     return rc;
  3895   3899   }
  3896   3900   
  3897   3901   /*
  3898   3902   ** Return the size of a BtCursor object in bytes.
  3899   3903   **
  3900   3904   ** This interfaces is needed so that users of cursors can preallocate

Changes to test/corruptI.test.

   200    200     db close
   201    201     hexio_write test.db 616 EAFFFFFF0202
   202    202     sqlite3 db test.db
   203    203     breakpoint
   204    204     execsql { DELETE FROM t1 WHERE rowid=2 }
   205    205   } {}
   206    206   
          207  +#-------------------------------------------------------------------------
          208  +# See what happens if the sqlite_master entry associated with a PRIMARY
          209  +# KEY or UNIQUE index is removed. 
          210  +#
          211  +reset_db
          212  +do_execsql_test 7.0 {
          213  +  CREATE TABLE t1(x PRIMARY KEY, y);
          214  +  INSERT INTO t1 VALUES('a', 'A');
          215  +  INSERT INTO t1 VALUES('b', 'A');
          216  +  INSERT INTO t1 VALUES('c', 'A');
          217  +  SELECT name FROM sqlite_master;
          218  +} {t1 sqlite_autoindex_t1_1}
          219  +do_execsql_test 7.1 {
          220  +  PRAGMA writable_schema = 1;
          221  +  DELETE FROM sqlite_master WHERE name = 'sqlite_autoindex_t1_1';
          222  +}
          223  +do_test 7.2 {
          224  +  db close
          225  +  sqlite3 db test.db
          226  +  catchsql { UPDATE t1 SET x='d' AND y='D' WHERE rowid = 2 }
          227  +} {1 {database disk image is malformed}}
   207    228   
   208    229   finish_test