Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | dbfuzz2 found a NEVER() that is sometimes true. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
1201615cbbd3070158ea5fab3d2c8c95 |
| User & Date: | drh 2018-12-13 21:52:18.133 |
Context
|
2018-12-13
| ||
| 22:58 | Fix the dbtotxt decoder in the CLI so that it ignores excess bytes. (check-in: 18740bd448 user: drh tags: trunk) | |
| 21:52 | dbfuzz2 found a NEVER() that is sometimes true. (check-in: 1201615cbb user: drh tags: trunk) | |
| 21:11 | Add extra tests for database corruption inside the defragmentPage() routine, as dbfuzz2 has found ways for corruption to leak into that point. Add test cases in fuzzdata7.db. (check-in: 997b65117f user: drh tags: trunk) | |
Changes
Changes to src/btree.c.
| ︙ | ︙ | |||
7035 7036 7037 7038 7039 7040 7041 | int rc; /* Return Code */ Pgno pgnoNew; /* Page number of pNew */ assert( sqlite3_mutex_held(pPage->pBt->mutex) ); assert( sqlite3PagerIswriteable(pParent->pDbPage) ); assert( pPage->nOverflow==1 ); | < | | 7035 7036 7037 7038 7039 7040 7041 7042 7043 7044 7045 7046 7047 7048 7049 | int rc; /* Return Code */ Pgno pgnoNew; /* Page number of pNew */ assert( sqlite3_mutex_held(pPage->pBt->mutex) ); assert( sqlite3PagerIswriteable(pParent->pDbPage) ); assert( pPage->nOverflow==1 ); if( pPage->nCell==0 ) return SQLITE_CORRUPT_BKPT; /* dbfuzz001.test */ /* Allocate a new page. This page will become the right-sibling of ** pPage. Make the parent page writable, so that the new divider cell ** may be inserted. If both these operations are successful, proceed. */ rc = allocateBtreePage(pBt, &pNew, &pgnoNew, 0, 0); |
| ︙ | ︙ |
Changes to test/dbfuzz001.test.
| ︙ | ︙ | |||
14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
set testdir [file dirname $argv0]
source $testdir/tester.tcl
ifcapable !deserialize {
finish_test
return
}
# In the following database file, there is 384 bytes of free space
# on page 8 that does not appear on the freeblock list.
#
do_test dbfuzz001-100 {
sqlite3 db {}
db deserialize [decode_hexdb {
| > | 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
set testdir [file dirname $argv0]
source $testdir/tester.tcl
ifcapable !deserialize {
finish_test
return
}
database_may_be_corrupt
# In the following database file, there is 384 bytes of free space
# on page 8 that does not appear on the freeblock list.
#
do_test dbfuzz001-100 {
sqlite3 db {}
db deserialize [decode_hexdb {
|
| ︙ | ︙ | |||
175 176 177 178 179 180 181 182 183 |
# corruption to the freeblock list on page 8, this would fail to
# cause a rebalance operation, which would leave the btree in a weird
# state that would lead to segfaults and or assertion faults.
#
do_execsql_test dbfuzz001-110 {
DELETE FROM t3 WHERE x IS NOT NULL AND +rowid=6;
} {}
finish_test
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
# corruption to the freeblock list on page 8, this would fail to
# cause a rebalance operation, which would leave the btree in a weird
# state that would lead to segfaults and or assertion faults.
#
do_execsql_test dbfuzz001-110 {
DELETE FROM t3 WHERE x IS NOT NULL AND +rowid=6;
} {}
# This is a dbfuzz2-generate test case that can cause a page with
# pPage->nCell==0 to enter the balancer.
#
do_test dbfuzz001-200 {
db deserialize [decode_hexdb {
| size 3076 pagesize 512 filename c03.db
| page 1 offset 0
| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3.
| 16: 02 00 01 01 00 40 20 20 00 00 00 0c 00 00 00 07 .....@ ........
| 32: 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 04 ................
| 48: 00 00 00 00 00 00 00 03 e8 00 00 01 00 00 00 00 ................
| 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c ................
| 96: 00 2e 2c 50 0d 00 00 00 06 01 06 00 01 da 01 b0 ..,P............
| 112: 01 56 01 86 01 2a 01 06 00 00 00 00 00 00 00 00 .V...*..........
| 128: 00 00 00 00 00 00 00 00 ef 00 00 00 00 00 00 00 ................
| 192: 00 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 ff e9 00 ................
| 256: 00 00 00 00 00 00 22 07 06 17 11 11 01 31 74 61 ......"......1ta
| 272: 62 6c 65 74 34 74 34 07 43 52 45 41 54 45 20 54 blet4t4.CREATE T
| 288: 41 42 4c 45 20 74 34 28 78 29 2a 06 06 17 13 11 ABLE t4(x)*.....
| 304: 01 3f 69 6e 64 65 78 74 33 78 74 33 06 43 52 45 .?indext3xt3.CRE
| 320: 41 54 45 20 49 4e 44 45 58 20 74 33 64 20 4f 4e ATE INDEX t3d ON
| 336: 20 74 33 28 78 29 2e 04 06 17 15 11 01 45 69 6e t3(x).......Ein
| 352: 64 65 78 74 32 63 64 74 32 05 43 52 45 41 54 45 dext2cdt2.CREATE
| 368: 20 49 4e 44 45 58 20 74 32 63 64 20 4f 4e 20 74 INDEX t2cd ON t
| 384: 32 28 63 2c 64 29 28 05 06 17 11 11 01 3d 74 61 2(c,d)(......=ta
| 400: 62 6c 65 74 33 74 33 04 43 52 45 41 54 45 20 54 blet3t3.CREATE T
| 416: 41 42 4c 45 20 74 33 28 63 2c 78 2c 65 2c 66 29 ABLE t3(c,x,e,f)
| 432: 28 02 06 17 11 11 01 3d 74 61 62 6c 65 74 32 74 (......=tablet2t
| 448: 32 03 43 52 45 41 54 45 20 54 41 42 4c 45 20 74 2.CREATE TABLE t
| 464: 32 28 63 2c 64 2c 65 2c 66 29 24 01 06 17 11 11 2(c,d,e,f)$.....
| 480: 01 35 74 61 62 6c 65 74 31 74 31 02 43 52 45 41 .5tablet1t1.CREA
| 496: 54 45 20 54 41 42 4c 45 20 74 31 28 61 2c 62 29 TE TABLE t1(a,b)
| page 2 offset 512
| 0: 0d 00 00 00 04 01 cf 00 01 fa 01 f3 01 de 01 cf ................
| 176: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 256: 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 368: 00 00 00 00 00 00 00 00 00 00 00 00 1e 00 00 00 ................
| 416: 00 00 00 1b 00 00 00 00 04 00 00 00 00 00 00 00 ................
| 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d ................
| 464: 04 03 17 17 73 65 76 65 6e 65 69 67 68 74 13 03 ....seveneight..
| 480: 03 07 07 40 14 00 00 00 00 00 00 40 18 00 00 00 ...@.......@....
| 496: 00 00 00 05 02 03 01 01 03 04 04 01 03 09 01 02 ................
| page 3 offset 1024
| 0: 0d 00 00 00 08 01 54 00 01 f7 01 ec 01 c5 01 aa ......T.........
| 16: 01 a1 01 96 01 6f 01 54 00 00 00 00 00 00 00 00 .....o.T........
| 32: 00 00 00 00 00 00 00 03 e8 00 00 00 00 00 00 00 ................
| 336: 00 00 00 00 19 08 05 16 17 17 17 65 69 67 68 74 ...........eight
| 352: 65 69 67 68 74 73 65 76 65 6e 73 65 76 ff ff ff eightsevensev...
| 368: 0e 05 07 07 07 07 40 18 00 00 00 00 00 00 40 18 ......@.......@.
| 384: 00 00 00 00 00 00 40 14 00 00 00 00 00 00 40 14 ......@.......@.
| 400: 00 00 00 00 00 00 09 06 05 01 01 01 01 04 04 03 ................
| 416: 03 07 05 05 01 01 09 09 02 02 19 04 05 17 17 17 ................
| 432: 17 73 65 6f 65 6e 65 69 67 68 74 65 69 67 68 74 .seoeneighteight
| 448: 73 65 76 65 6e 25 03 05 07 07 07 07 40 14 00 00 seven%......@...
| 464: 00 00 00 00 40 18 00 00 00 00 00 00 40 18 00 00 ....@.......@...
| 480: 00 00 00 00 40 14 00 00 00 00 00 00 09 02 05 01 ....@...........
| 496: 01 01 01 03 04 04 03 07 01 05 09 01 01 09 02 02 ................
| page 4 offset 1536
| 0: 0d 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ................
| 160: 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 336: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 ............ ...
| page 5 offset 2048
| 0: 0a 00 00 00 08 01 96 00 01 fa 01 c4 01 f2 01 bc ................
| 16: 01 dc 01 a6 01 96 01 cc 00 00 00 00 00 00 00 00 ................
| 48: 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................
| 288: 00 00 00 00 00 00 00 00 00 64 00 00 00 2b 00 00 .........d...+..
| 400: 00 00 00 00 00 00 0f 04 17 17 01 65 69 67 68 74 ...........eight
| 416: 65 69 6f 68 74 08 15 04 07 07 01 40 18 00 00 00 eioht......@....
| 432: 00 00 00 40 18 00 00 00 00 00 00 07 07 04 01 01 ...@............
| 448: 01 04 04 06 07 04 01 01 01 02 02 05 0f 04 17 17 ................
| 464: 01 73 65 76 65 6e 65 69 67 68 74 04 15 04 07 07 .seveneight.....
| 480: 01 40 14 00 00 00 00 00 00 40 18 00 00 00 00 00 .@.......@......
| 496: 00 03 07 04 01 01 01 03 04 02 05 04 09 01 09 02 ................
| page 6 offset 2560
| 0: 0a 00 00 00 00 02 00 00 00 00 00 00 00 0d 00 00 ................
| 16: 00 08 01 c2 00 01 fb 01 f6 01 f1 01 ec 01 e0 01 ................
| 32: d4 01 cb 01 c2 00 00 00 00 00 00 00 00 00 00 00 ................
| 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 ................
| 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 ................
| 464: 08 02 17 65 69 67 68 74 07 07 02 17 65 69 67 68 ...eight....eigh
| 480: 74 0a 06 02 07 40 18 00 00 00 00 00 00 0a 05 02 t....@..........
| 496: 07 40 18 00 04 02 01 04 03 03 02 01 04 03 02 02 .@..............
| end x/c03.db
}]
catchsql {INSERT INTO t3 SELECT * FROM t2;}
} {1 {database disk image is malformed}}
finish_test
|