Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | dbfuzz2 found a NEVER() that is sometimes true. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
1201615cbbd3070158ea5fab3d2c8c95 |
| User & Date: | drh 2018-12-13 21:52:18 |
Context
|
2018-12-13
| ||
| 22:58 | Fix the dbtotxt decoder in the CLI so that it ignores excess bytes. check-in: 18740bd4 user: drh tags: trunk | |
| 21:52 | dbfuzz2 found a NEVER() that is sometimes true. check-in: 1201615c user: drh tags: trunk | |
| 21:11 | Add extra tests for database corruption inside the defragmentPage() routine, as dbfuzz2 has found ways for corruption to leak into that point. Add test cases in fuzzdata7.db. check-in: 997b6511 user: drh tags: trunk | |
Changes
Changes to src/btree.c.
7035 7036 7037 7038 7039 7040 7041 7042 7043 7044 7045 7046 7047 7048 7049 7050 |
int rc; /* Return Code */ Pgno pgnoNew; /* Page number of pNew */ assert( sqlite3_mutex_held(pPage->pBt->mutex) ); assert( sqlite3PagerIswriteable(pParent->pDbPage) ); assert( pPage->nOverflow==1 ); /* This error condition is now caught prior to reaching this function */ if( NEVER(pPage->nCell==0) ) return SQLITE_CORRUPT_BKPT; /* Allocate a new page. This page will become the right-sibling of ** pPage. Make the parent page writable, so that the new divider cell ** may be inserted. If both these operations are successful, proceed. */ rc = allocateBtreePage(pBt, &pNew, &pgnoNew, 0, 0); |
< | |
7035 7036 7037 7038 7039 7040 7041 7042 7043 7044 7045 7046 7047 7048 7049 |
int rc; /* Return Code */ Pgno pgnoNew; /* Page number of pNew */ assert( sqlite3_mutex_held(pPage->pBt->mutex) ); assert( sqlite3PagerIswriteable(pParent->pDbPage) ); assert( pPage->nOverflow==1 ); if( pPage->nCell==0 ) return SQLITE_CORRUPT_BKPT; /* dbfuzz001.test */ /* Allocate a new page. This page will become the right-sibling of ** pPage. Make the parent page writable, so that the new divider cell ** may be inserted. If both these operations are successful, proceed. */ rc = allocateBtreePage(pBt, &pNew, &pgnoNew, 0, 0); |
Changes to test/dbfuzz001.test.
14
15
16
17
18
19
20
21
22
23
24
25
26
27
...
175
176
177
178
179
180
181
182
183
|
set testdir [file dirname $argv0]
source $testdir/tester.tcl
ifcapable !deserialize {
finish_test
return
}
# In the following database file, there is 384 bytes of free space
# on page 8 that does not appear on the freeblock list.
#
do_test dbfuzz001-100 {
sqlite3 db {}
db deserialize [decode_hexdb {
................................................................................
# corruption to the freeblock list on page 8, this would fail to
# cause a rebalance operation, which would leave the btree in a weird
# state that would lead to segfaults and or assertion faults.
#
do_execsql_test dbfuzz001-110 {
DELETE FROM t3 WHERE x IS NOT NULL AND +rowid=6;
} {}
finish_test
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
...
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
|
set testdir [file dirname $argv0]
source $testdir/tester.tcl
ifcapable !deserialize {
finish_test
return
}
database_may_be_corrupt
# In the following database file, there is 384 bytes of free space
# on page 8 that does not appear on the freeblock list.
#
do_test dbfuzz001-100 {
sqlite3 db {}
db deserialize [decode_hexdb {
................................................................................
# corruption to the freeblock list on page 8, this would fail to
# cause a rebalance operation, which would leave the btree in a weird
# state that would lead to segfaults and or assertion faults.
#
do_execsql_test dbfuzz001-110 {
DELETE FROM t3 WHERE x IS NOT NULL AND +rowid=6;
} {}
# This is a dbfuzz2-generate test case that can cause a page with
# pPage->nCell==0 to enter the balancer.
#
do_test dbfuzz001-200 {
db deserialize [decode_hexdb {
| size 3076 pagesize 512 filename c03.db
| page 1 offset 0
| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3.
| 16: 02 00 01 01 00 40 20 20 00 00 00 0c 00 00 00 07 .....@ ........
| 32: 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 04 ................
| 48: 00 00 00 00 00 00 00 03 e8 00 00 01 00 00 00 00 ................
| 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c ................
| 96: 00 2e 2c 50 0d 00 00 00 06 01 06 00 01 da 01 b0 ..,P............
| 112: 01 56 01 86 01 2a 01 06 00 00 00 00 00 00 00 00 .V...*..........
| 128: 00 00 00 00 00 00 00 00 ef 00 00 00 00 00 00 00 ................
| 192: 00 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 ff e9 00 ................
| 256: 00 00 00 00 00 00 22 07 06 17 11 11 01 31 74 61 ......"......1ta
| 272: 62 6c 65 74 34 74 34 07 43 52 45 41 54 45 20 54 blet4t4.CREATE T
| 288: 41 42 4c 45 20 74 34 28 78 29 2a 06 06 17 13 11 ABLE t4(x)*.....
| 304: 01 3f 69 6e 64 65 78 74 33 78 74 33 06 43 52 45 .?indext3xt3.CRE
| 320: 41 54 45 20 49 4e 44 45 58 20 74 33 64 20 4f 4e ATE INDEX t3d ON
| 336: 20 74 33 28 78 29 2e 04 06 17 15 11 01 45 69 6e t3(x).......Ein
| 352: 64 65 78 74 32 63 64 74 32 05 43 52 45 41 54 45 dext2cdt2.CREATE
| 368: 20 49 4e 44 45 58 20 74 32 63 64 20 4f 4e 20 74 INDEX t2cd ON t
| 384: 32 28 63 2c 64 29 28 05 06 17 11 11 01 3d 74 61 2(c,d)(......=ta
| 400: 62 6c 65 74 33 74 33 04 43 52 45 41 54 45 20 54 blet3t3.CREATE T
| 416: 41 42 4c 45 20 74 33 28 63 2c 78 2c 65 2c 66 29 ABLE t3(c,x,e,f)
| 432: 28 02 06 17 11 11 01 3d 74 61 62 6c 65 74 32 74 (......=tablet2t
| 448: 32 03 43 52 45 41 54 45 20 54 41 42 4c 45 20 74 2.CREATE TABLE t
| 464: 32 28 63 2c 64 2c 65 2c 66 29 24 01 06 17 11 11 2(c,d,e,f)$.....
| 480: 01 35 74 61 62 6c 65 74 31 74 31 02 43 52 45 41 .5tablet1t1.CREA
| 496: 54 45 20 54 41 42 4c 45 20 74 31 28 61 2c 62 29 TE TABLE t1(a,b)
| page 2 offset 512
| 0: 0d 00 00 00 04 01 cf 00 01 fa 01 f3 01 de 01 cf ................
| 176: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 256: 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 368: 00 00 00 00 00 00 00 00 00 00 00 00 1e 00 00 00 ................
| 416: 00 00 00 1b 00 00 00 00 04 00 00 00 00 00 00 00 ................
| 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d ................
| 464: 04 03 17 17 73 65 76 65 6e 65 69 67 68 74 13 03 ....seveneight..
| 480: 03 07 07 40 14 00 00 00 00 00 00 40 18 00 00 00 ...@.......@....
| 496: 00 00 00 05 02 03 01 01 03 04 04 01 03 09 01 02 ................
| page 3 offset 1024
| 0: 0d 00 00 00 08 01 54 00 01 f7 01 ec 01 c5 01 aa ......T.........
| 16: 01 a1 01 96 01 6f 01 54 00 00 00 00 00 00 00 00 .....o.T........
| 32: 00 00 00 00 00 00 00 03 e8 00 00 00 00 00 00 00 ................
| 336: 00 00 00 00 19 08 05 16 17 17 17 65 69 67 68 74 ...........eight
| 352: 65 69 67 68 74 73 65 76 65 6e 73 65 76 ff ff ff eightsevensev...
| 368: 0e 05 07 07 07 07 40 18 00 00 00 00 00 00 40 18 ......@.......@.
| 384: 00 00 00 00 00 00 40 14 00 00 00 00 00 00 40 14 ......@.......@.
| 400: 00 00 00 00 00 00 09 06 05 01 01 01 01 04 04 03 ................
| 416: 03 07 05 05 01 01 09 09 02 02 19 04 05 17 17 17 ................
| 432: 17 73 65 6f 65 6e 65 69 67 68 74 65 69 67 68 74 .seoeneighteight
| 448: 73 65 76 65 6e 25 03 05 07 07 07 07 40 14 00 00 seven%......@...
| 464: 00 00 00 00 40 18 00 00 00 00 00 00 40 18 00 00 ....@.......@...
| 480: 00 00 00 00 40 14 00 00 00 00 00 00 09 02 05 01 ....@...........
| 496: 01 01 01 03 04 04 03 07 01 05 09 01 01 09 02 02 ................
| page 4 offset 1536
| 0: 0d 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ................
| 160: 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 336: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 ............ ...
| page 5 offset 2048
| 0: 0a 00 00 00 08 01 96 00 01 fa 01 c4 01 f2 01 bc ................
| 16: 01 dc 01 a6 01 96 01 cc 00 00 00 00 00 00 00 00 ................
| 48: 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................
| 288: 00 00 00 00 00 00 00 00 00 64 00 00 00 2b 00 00 .........d...+..
| 400: 00 00 00 00 00 00 0f 04 17 17 01 65 69 67 68 74 ...........eight
| 416: 65 69 6f 68 74 08 15 04 07 07 01 40 18 00 00 00 eioht......@....
| 432: 00 00 00 40 18 00 00 00 00 00 00 07 07 04 01 01 ...@............
| 448: 01 04 04 06 07 04 01 01 01 02 02 05 0f 04 17 17 ................
| 464: 01 73 65 76 65 6e 65 69 67 68 74 04 15 04 07 07 .seveneight.....
| 480: 01 40 14 00 00 00 00 00 00 40 18 00 00 00 00 00 .@.......@......
| 496: 00 03 07 04 01 01 01 03 04 02 05 04 09 01 09 02 ................
| page 6 offset 2560
| 0: 0a 00 00 00 00 02 00 00 00 00 00 00 00 0d 00 00 ................
| 16: 00 08 01 c2 00 01 fb 01 f6 01 f1 01 ec 01 e0 01 ................
| 32: d4 01 cb 01 c2 00 00 00 00 00 00 00 00 00 00 00 ................
| 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 ................
| 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 ................
| 464: 08 02 17 65 69 67 68 74 07 07 02 17 65 69 67 68 ...eight....eigh
| 480: 74 0a 06 02 07 40 18 00 00 00 00 00 00 0a 05 02 t....@..........
| 496: 07 40 18 00 04 02 01 04 03 03 02 01 04 03 02 02 .@..............
| end x/c03.db
}]
catchsql {INSERT INTO t3 SELECT * FROM t2;}
} {1 {database disk image is malformed}}
finish_test
|