/ Check-in [db4b4c2c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a potential problem with "INSERT INTO ... SELECT * FROM" (or VACUUM) statements on a corrupted database.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: db4b4c2c1e9f1adacfb1b2fedb717a4d8bb0a299c3b11835404a99fcd67bf24b
User & Date: dan 2019-01-24 15:16:17
Context
2019-01-24
15:51
Make sure the column name flags are restored correctly after an error inside of sqlite3ResultSetOfSelect(). check-in: b1601db7 user: drh tags: trunk
15:16
Fix a potential problem with "INSERT INTO ... SELECT * FROM" (or VACUUM) statements on a corrupted database. check-in: db4b4c2c user: dan tags: trunk
14:16
Change a integer variable in sqlite3VdbeRecordUnpack() to unsigned in order to avoid any possibility of an integer overflow. check-in: 1b536f6f user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

   800    800     int bias,           /* Bias search to the high end */
   801    801     int *pRes           /* Write search results here */
   802    802   ){
   803    803     int rc;                    /* Status code */
   804    804     UnpackedRecord *pIdxKey;   /* Unpacked index key */
   805    805   
   806    806     if( pKey ){
          807  +    KeyInfo *pKeyInfo = pCur->pKeyInfo;
   807    808       assert( nKey==(i64)(int)nKey );
   808         -    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
          809  +    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pKeyInfo);
   809    810       if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
   810         -    sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
   811         -    if( pIdxKey->nField==0 ){
          811  +    sqlite3VdbeRecordUnpack(pKeyInfo, (int)nKey, pKey, pIdxKey);
          812  +    if( pIdxKey->nField==0 || pIdxKey->nField>pKeyInfo->nAllField ){
   812    813         rc = SQLITE_CORRUPT_BKPT;
   813    814         goto moveto_done;
   814    815       }
   815    816     }else{
   816    817       pIdxKey = 0;
   817    818     }
   818    819     rc = sqlite3BtreeMovetoUnpacked(pCur, pIdxKey, nKey, bias, pRes);

Changes to test/corruptL.test.

   225    225   do_execsql_test 2.1 {
   226    226     INSERT INTO t1(b) VALUES(X'a0fee3669f9fddefc5cba913e4225d4b6ce2b04f26b87fad3ee6f9b7d90a1ea62a169bf41e5d32707a6ca5c3d05e4bde05c9d89eaaa8c50e74333d2e9fcd7dfe95528a3a016aac1102d825c5cd70cf99d8a88e0ea7f798d4334386518b7ad359beb168b93aba059a2a3bd93112d65b44c12b9904ea786b204d80531cdf0504bf9b203dbe927061974caf7b9f30cbc3397b61f802e732012a6663d41c3607d6f1c0dbcfd489adac05ca500c0b04439d894cd93a840159225ef73b627e178b9f84b3ffe66cf22a963a8368813ff7961fc47f573211ccec95e0220dcbb3bf429f4a50ba54d7a53784ac51bfef346e6ac8ae0d0e7c3175946e62ba2b');
   227    227   }
   228    228   
   229    229   do_catchsql_test 2.2 {
   230    230     SELECT b,c FROM t1 ORDER BY a;
   231    231   } {1 {database disk image is malformed}}
          232  +
          233  +#-------------------------------------------------------------------------
          234  +reset_db
          235  +do_execsql_test 3.0 {
          236  +  CREATE TABLE t1(a, b, c, d INTEGER PRIMARY KEY);
          237  +  CREATE TABLE t2(a, b, c, d INTEGER PRIMARY KEY);
          238  +
          239  +  INSERT INTO t1(a, b, c, d) VALUES (1, 2, 3, 100), (4, 5, 6, 101);
          240  +  INSERT INTO t2(a, b, c, d) VALUES (1, 100, 3, 1000), (4, 101, 6, 1001);
          241  +
          242  +  CREATE INDEX t1a ON t1(a);
          243  +  CREATE INDEX t2a ON t2(a, b, c);
          244  +
          245  +  PRAGMA writable_schema = 1;
          246  +  UPDATE sqlite_master SET sql = 'CREATE INDEX t2a ON t2(a)' WHERE name='t2a';
          247  +}
          248  +
          249  +db close
          250  +sqlite3 db test.db
          251  +
          252  +do_catchsql_test 3.1 {
          253  +  INSERT INTO t1 SELECT * FROM t2;
          254  +} {1 {database disk image is malformed}}
          255  +
          256  +#-------------------------------------------------------------------------
          257  +reset_db
          258  +do_test 4.0 {
          259  +  sqlite3 db {}
          260  +  db deserialize [decode_hexdb {
          261  +| size 4096 pagesize 512 filename crash-6b48ba69806134.db
          262  +| page 1 offset 0
          263  +|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
          264  +|     16: 02 00 01 01 00 40 20 20 00 ff ff ff ff 00 00 07   .....@  ........
          265  +|     32: 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 04   ................
          266  +|     48: 00 00 00 00 00 00 00 05 00 eb 00 01 00 00 00 00   ................
          267  +|     80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c   ................
          268  +|     96: 00 2e 2c 50 0d 00 00 00 06 01 06 00 01 da 01 b0   ..,P............
          269  +|    112: 05 56 01 86 01 2a 01 06 00 00 00 00 00 00 00 00   .V...*..........
          270  +|    128: 00 ff 00 00 ff ff ff e1 00 00 00 00 00 00 00 00   ................
          271  +|    144: 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00   ................
          272  +|    160: 00 00 00 00 00 00 00 00 f2 00 00 00 00 00 00 00   ................
          273  +|    176: 00 00 f9 ff ff ff ff ff ff ff 00 00 00 00 00 fb   ................
          274  +|    208: 00 00 00 00 00 00 00 00 1e 00 00 00 fe 00 00 00   ................
          275  +|    224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 00   ................
          276  +|    256: 00 00 00 00 ef ff 22 07 06 17 11 11 01 31 74 61   .............1ta
          277  +|    272: 62 6c 65 74 38 38 74 04 43 52 45 41 54 45 20 54   blet88t.CREATE T
          278  +|    288: 41 42 4c 45 20 74 34 28 87 29 2a 06 06 17 13 11   ABLE t4(.)*.....
          279  +|    304: 01 3f 69 4f 64 65 78 74 33 78 74 33 05 43 52 45   .?iOdext3xt3.CRE
          280  +|    320: 41 54 45 20 49 6e 44 45 58 20 74 33 78 20 4f 4e   ATE InDEX t3x ON
          281  +|    336: 20 74 33 28 78 29 2e 04 06 17 15 11 01 45 69 6e    t3(x).......Ein
          282  +|    352: 64 65 2e 74 32 63 64 74 3d 05 43 52 45 41 54 45   de.t2cdt=.CREATE
          283  +|    368: 20 49 4e 44 45 58 20 74 32 63 64 20 4f 4e 20 74    INDEX t2cd ON t
          284  +|    384: 32 28 0a 0c 44 29 28 05 06 17 11 11 01 3d 74 61   2(..D)(......=ta
          285  +|    400: 62 6c 65 d4 33 74 33 04 43 52 45 41 54 45 20 54   ble.3t3.CREATE T
          286  +|    416: 41 42 4c 45 20 74 33 28 63 2c 78 2c 65 2c 66 29   ABLE t3(c,x,e,f)
          287  +|    432: 28 02 06 17 11 11 01 3d 74 61 62 6c 65 74 32 74   (......=tablet2t
          288  +|    448: 32 03 43 52 45 41 54 45 20 54 41 42 4c 45 20 74   2.CREATE TABLE t
          289  +|    464: 32 28 63 2c 64 2c 65 2c 66 29 24 01 06 17 11 11   2(c,d,e,f)$.....
          290  +|    480: 01 35 74 60 62 6c 65 74 31 74 31 02 43 52 45 41   .5t`blet1t1.CREA
          291  +|    496: 54 45 20 54 41 42 4c 45 20 74 30 28 61 2c 62 29   TE TABLE t0(a,b)
          292  +| page 2 offset 512
          293  +|      0: 0d 00 ff 11 04 01 cf 00 01 fa 01 f3 01 de 01 cf   ................
          294  +|     32: 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 13   ................
          295  +|     48: 00 00 00 00 00 00 00 00 00 00 00 01 00 20 00 00   ............. ..
          296  +|     64: 00 00 00 00 00 00 f8 ff ff ff 00 00 00 00 00 00   ................
          297  +|    160: 01 64 00 00 00 00 00 80 ff ff ff 00 00 00 00 00   .d..............
          298  +|    176: 00 00 00 00 00 00 00 00 1f 00 00 00 00 00 00 03   ................
          299  +|    192: 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00   ..@.............
          300  +|    288: 00 00 00 00 00 00 ff ff ff e9 00 00 00 00 00 00   ................
          301  +|    336: 01 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00   ................
          302  +|    368: 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ...............
          303  +|    384: 00 de ff 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
          304  +|    464: 00 00 00 00 00 13 76 65 6e 65 69 67 68 74 13 03   ......veneight..
          305  +|    480: 03 40 07 07 14 00 54 45 20 49 4e 44 45 58 20 74   .@....TE INDEX t
          306  +|    496: 32 63 64 20 4f 4e 20 74 32 28 0a 0c 44 09 01 02   2cd ON t2(..D...
          307  +| page 3 offset 1024
          308  +|      0: 0d 00 00 00 48 01 54 00 01 f7 01 ec 01 c5 01 aa   ....H.T.........
          309  +|     16: 30 34 28 87 29 2a 06 06 17 13 11 01 3f 69 4f 64   04(.)*......?iOd
          310  +|     32: 65 79 74 33 78 74 33 6d 6d 6d 6d 6d 6d 7d 6d 6d   eyt3xt3mmmmmm.mm
          311  +|     48: 6d 41 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d   mAmmmmmmmmmmmmmm
          312  +|     64: 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 66 6d 6d 6d 6d   mmmmmmmmmmmfmmmm
          313  +|     80: 6d 4e 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d   mNmmmmmmmmmmmmmm
          314  +|     96: 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d   mmmmmmmmmmmmmmmm
          315  +|    112: 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d   mmmmmmmmmmmmmmmm
          316  +|    128: 6d 6d 6d 6d 6d 00 00 00 00 00 00 00 00 00 00 00   mmmmm...........
          317  +|    160: 80 00 00 00 00 00 00 03 00 00 00 ff e4 00 00 00   ................
          318  +|    208: 00 00 00 00 00 00 00 00 00 00 00 00 00 c5 00 00   ................
          319  +|    240: 14 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00   ................
          320  +|    256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f ec   ................
          321  +|    304: 00 00 00 00 19 08 05 17 17 17 17 65 69 67 68 74   ...........eight
          322  +|    320: 65 69 67 68 74 73 65 00 00 00 00 00 00 00 00 00   eightse.........
          323  +|    336: 00 00 00 00 19 08 05 17 17 17 17 65 69 67 68 74   ...........eight
          324  +|    352: 65 69 67 68 74 73 65 01 65 6e 00 00 00 10 25 07   eightse.en....%.
          325  +|    368: 07 6e 25 07 07 07 40 18 00 00 00 00 00 00 40 18   .n%...@.......@.
          326  +|    384: 00 00 00 00 00 00 40 14 00 00 00 00 00 00 40 14   ......@.......@.
          327  +|    400: 00 00 00 00 00 00 09 06 05 01 01 01 01 04 04 03   ................
          328  +|    416: 03 07 05 05 01 01 09 09 02 02 19 04 05 17 17 17   ................
          329  +|    432: 17 10 65 76 65 6e 65 69 67 68 74 65 69 67 68 74   ..eveneighteight
          330  +|    448: 73 65 76 65 6e 25 03 05 07 07 07 07 40 14 00 00   seven%......@...
          331  +|    464: 00 00 00 00 40 18 00 00 00 00 00 00 40 18 00 00   ....@.......@...
          332  +|    480: 00 00 00 00 40 14 00 00 00 00 e8 f6 09 02 00 00   ....@...........
          333  +|    496: 00 00 00 00 00 00 00 00 00 00 64 00 00 00 00 02   ..........d.....
          334  +| page 4 offset 1536
          335  +|      0: 0d 00 00 00 00 02 00 00 00 00 00 00 00 00 00 fa   ................
          336  +|     16: 1f a1 07 00 00 00 00 00 01 00 00 00 00 00 00 00   ................
          337  +|     32: 00 00 00 00 00 00 00 00 00 00 00 00 00 73 69 6d   .............sim
          338  +|     48: 70 6c 65 00 00 00 00 00 00 00 00 00 00 00 00 00   ple.............
          339  +|     80: 00 00 00 00 00 10 00 00 00 00 00 00 01 00 00 00   ................
          340  +|     96: 00 00 00 00 00 00 00 00 00 00 00 00 00 fe ff ff   ................
          341  +|    112: ff 00 00 00 00 00 00 00 00 00 00 00 4a 00 00 00   ............J...
          342  +|    144: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00   ................
          343  +|    176: e5 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00   ................
          344  +|    208: 00 00 00 00 00 00 00 00 00 00 36 36 00 00 00 00   ..........66....
          345  +|    240: 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 00   ...l............
          346  +|    256: 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
          347  +|    320: 00 00 00 00 00 00 00 00 01 00 00 02 00 80 00 00   ................
          348  +|    336: 00 00 00 00 00 19 08 05 17 17 17 17 65 69 67 68   ............eigh
          349  +|    352: 74 65 69 67 68 74 73 65 76 65 6e 73 65 76 65 6e   teightsevenseven
          350  +|    368: 25 07 05 07 07 07 07 40 18 00 00 00 00 00 00 40   %......@.......@
          351  +|    384: 18 00 20 00 00 00 40 00 14 00 00 00 00 00 00 40   .. ...@........@
          352  +|    400: 14 00 00 00 00 00 1c 09 06 05 01 01 01 01 04 04   ................
          353  +|    416: 03 03 07 05 05 01 01 00 00 00 00 00 00 00 00 00   ................
          354  +|    448: 74 73 65 76 65 6e 00 80 ff ff 00 00 00 00 00 aa   tseven..........
          355  +|    464: 00 9e 00 00 00 00 00 00 00 00 00 00 00 70 6f 72   .............por
          356  +|    480: 74 65 72 00 00 00 00 00 00 00 00 00 00 00 00 00   ter.............
          357  +|    496: 00 00 00 00 00 00 29 00 00 00 00 00 00 00 00 00   ......).........
          358  +| page 5 offset 2048
          359  +|      0: 0a 00 00 00 08 01 96 00 01 fa 01 c5 01 f2 01 bc   ................
          360  +|     16: 01 dc 01 a6 01 96 01 cc 00 00 00 00 00 00 00 00   ................
          361  +|    112: 00 00 00 09 00 00 00 00 01 00 00 00 00 00 00 00   ................
          362  +|    160: 74 72 69 67 62 ff ff ff ff fc 00 00 00 00 00 00   trigb...........
          363  +|    240: 00 00 00 00 00 00 00 00 00 00 ff 00 00 00 00 00   ................
          364  +|    256: e5 ff ff ff 00 00 54 00 00 00 00 00 00 00 00 00   ......T.........
          365  +|    304: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00   ................
          366  +|    400: 00 00 00 00 00 09 00 00 00 00 01 00 00 00 00 00   ................
          367  +|    448: 00 00 74 72 69 67 62 ff ff ff ff fc 00 00 07 05   ..trigb.........
          368  +|    464: 05 01 01 09 09 02 02 19 04 05 17 17 17 17 10 65   ...............e
          369  +|    480: 76 65 6e 65 69 67 68 74 65 40 18 00 00 00 00 01   veneighte@......
          370  +|    496: 02 03 07 04 01 01 01 03 04 02 05 04 09 01 ff fd   ................
          371  +| end crash-6b48ba69806134.db
          372  +}]} {}
          373  +
          374  +do_catchsql_test 4.1 {
          375  +  INSERT INTO t3 SELECT * FROM t2;
          376  +} {1 {database disk image is malformed}}
          377  +
   232    378   
   233    379   finish_test

Changes to test/dbfuzz001.test.

   343    343   |     16: 01 e0 01 d4 01 cb 01 c2 00 00 00 00 00 00 00 00   ................
   344    344   |    448: 00 00 07 08 02 17 65 69 67 68 74 07 07 02 17 65   ......eight....e
   345    345   |    464: 69 67 68 74 0a 06 02 07 40 18 00 00 00 00 00 00   ight....@.......
   346    346   |    480: 0a 05 02 07 40 18 00 00 00 00 00 00 03 04 02 01   ....@...........
   347    347   |    496: 04 03 03 02 01 04 03 02 02 01 02 03 01 02 01 02   ................
   348    348   | end x/c02.db
   349    349     }]
   350         -  execsql {
   351         -    DELETE FROM t3 WHERE x IN (SELECT x FROM t4);
   352         -  }
   353    350   } {}
   354    351   
          352  +do_catchsql_test dbfuzz001-120 {
          353  +  PRAGMA integrity_check;
          354  +} {1 {database disk image is malformed}}
          355  +
          356  +do_catchsql_test dbfuzz001-130 {
          357  +  DELETE FROM t3 WHERE x IN (SELECT x FROM t4);
          358  +} {1 {database disk image is malformed}}
          359  +
   355    360   finish_test