Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a problem in sqlite3BtreeDelete() in which deleting an entry from a corrupt database can leave a btree page with zero cells. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
682053d1e603c21b8085c39db618a39b |
| User & Date: | drh 2018-12-13 21:05:45 |
Context
|
2018-12-13
| ||
| 21:11 | Add extra tests for database corruption inside the defragmentPage() routine, as dbfuzz2 has found ways for corruption to leak into that point. Add test cases in fuzzdata7.db. check-in: 997b6511 user: drh tags: trunk | |
| 21:05 | Fix a problem in sqlite3BtreeDelete() in which deleting an entry from a corrupt database can leave a btree page with zero cells. check-in: 682053d1 user: drh tags: trunk | |
| 20:49 | Add the "decode_hexdb" TCL command to testfixture. Add the dbfuzz001.test module to demonstration how to use decode_hexdb to deserialize a dbtotxt database description for use in a corruption test. check-in: 1f583c53 user: drh tags: trunk | |
Changes
Changes to Makefile.in.
1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 |
TESTFIXTURE_FLAGS += -DTCLSH_INIT_PROC=sqlite3TestInit TESTFIXTURE_FLAGS += -DSQLITE_SERVER=1 -DSQLITE_PRIVATE="" -DSQLITE_CORE TESTFIXTURE_FLAGS += -DBUILD_sqlite TESTFIXTURE_FLAGS += -DSQLITE_SERIES_CONSTRAINT_VERIFY=1 TESTFIXTURE_FLAGS += -DSQLITE_DEFAULT_PAGE_SIZE=1024 TESTFIXTURE_FLAGS += -DSQLITE_ENABLE_STMTVTAB TESTFIXTURE_FLAGS += -DSQLITE_ENABLE_DBPAGE_VTAB TESTFIXTURE_SRC0 = $(TESTSRC2) libsqlite3.la TESTFIXTURE_SRC1 = sqlite3.c TESTFIXTURE_SRC = $(TESTSRC) $(TOP)/src/tclsqlite.c TESTFIXTURE_SRC += $(TESTFIXTURE_SRC$(USE_AMALGAMATION)) testfixture$(TEXE): $(TESTFIXTURE_SRC) |
> |
1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 |
TESTFIXTURE_FLAGS += -DTCLSH_INIT_PROC=sqlite3TestInit
TESTFIXTURE_FLAGS += -DSQLITE_SERVER=1 -DSQLITE_PRIVATE="" -DSQLITE_CORE
TESTFIXTURE_FLAGS += -DBUILD_sqlite
TESTFIXTURE_FLAGS += -DSQLITE_SERIES_CONSTRAINT_VERIFY=1
TESTFIXTURE_FLAGS += -DSQLITE_DEFAULT_PAGE_SIZE=1024
TESTFIXTURE_FLAGS += -DSQLITE_ENABLE_STMTVTAB
TESTFIXTURE_FLAGS += -DSQLITE_ENABLE_DBPAGE_VTAB
TESTFIXTURE_FLAGS += -DSQLITE_ENABLE_DESERIALIZE
TESTFIXTURE_SRC0 = $(TESTSRC2) libsqlite3.la
TESTFIXTURE_SRC1 = sqlite3.c
TESTFIXTURE_SRC = $(TESTSRC) $(TOP)/src/tclsqlite.c
TESTFIXTURE_SRC += $(TESTFIXTURE_SRC$(USE_AMALGAMATION))
testfixture$(TEXE): $(TESTFIXTURE_SRC)
|
Changes to Makefile.msc.
2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 |
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_SERVER=1 -DSQLITE_PRIVATE="" TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_CORE $(NO_WARN) TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_SERIES_CONSTRAINT_VERIFY=1 TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_DEFAULT_PAGE_SIZE=1024 TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_ENABLE_STMTVTAB=1 TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_ENABLE_DBPAGE_VTAB=1 TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_ENABLE_JSON1=1 TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) $(TEST_CCONV_OPTS) TESTFIXTURE_SRC0 = $(TESTEXT) $(TESTSRC2) TESTFIXTURE_SRC1 = $(TESTEXT) $(SQLITE3C) !IF $(USE_AMALGAMATION)==0 TESTFIXTURE_SRC = $(TESTSRC) $(TOP)\src\tclsqlite.c $(TESTFIXTURE_SRC0) !ELSE |
> |
2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 |
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_SERVER=1 -DSQLITE_PRIVATE=""
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_CORE $(NO_WARN)
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_SERIES_CONSTRAINT_VERIFY=1
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_DEFAULT_PAGE_SIZE=1024
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_ENABLE_STMTVTAB=1
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_ENABLE_DBPAGE_VTAB=1
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_ENABLE_JSON1=1
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) -DSQLITE_ENABLE_DESERIALIZE=1
TESTFIXTURE_FLAGS = $(TESTFIXTURE_FLAGS) $(TEST_CCONV_OPTS)
TESTFIXTURE_SRC0 = $(TESTEXT) $(TESTSRC2)
TESTFIXTURE_SRC1 = $(TESTEXT) $(SQLITE3C)
!IF $(USE_AMALGAMATION)==0
TESTFIXTURE_SRC = $(TESTSRC) $(TOP)\src\tclsqlite.c $(TESTFIXTURE_SRC0)
!ELSE
|
Changes to src/btree.c.
8619 8620 8621 8622 8623 8624 8625 8626 8627 8628 8629 8630 8631 8632 |
**
** Or, if the current delete will not cause a rebalance, then the cursor
** will be left in CURSOR_SKIPNEXT state pointing to the entry immediately
** before or after the deleted entry. In this case set bSkipnext to true. */
if( bPreserve ){
if( !pPage->leaf
|| (pPage->nFree+cellSizePtr(pPage,pCell)+2)>(int)(pBt->usableSize*2/3)
){
/* A b-tree rebalance will be required after deleting this entry.
** Save the cursor key. */
rc = saveCursorKey(pCur);
if( rc ) return rc;
}else{
bSkipnext = 1;
|
> |
8619 8620 8621 8622 8623 8624 8625 8626 8627 8628 8629 8630 8631 8632 8633 |
**
** Or, if the current delete will not cause a rebalance, then the cursor
** will be left in CURSOR_SKIPNEXT state pointing to the entry immediately
** before or after the deleted entry. In this case set bSkipnext to true. */
if( bPreserve ){
if( !pPage->leaf
|| (pPage->nFree+cellSizePtr(pPage,pCell)+2)>(int)(pBt->usableSize*2/3)
|| pPage->nCell==1 /* See dbfuzz001.test for a test case */
){
/* A b-tree rebalance will be required after deleting this entry.
** Save the cursor key. */
rc = saveCursorKey(pCur);
if( rc ) return rc;
}else{
bSkipnext = 1;
|
Changes to test/dbfuzz001.test.
15
16
17
18
19
20
21
22
23
24
25
26
27
28
...
162
163
164
165
166
167
168
169
170
|
source $testdir/tester.tcl
ifcapable !deserialize {
finish_test
return
}
do_test dbfuzz001-100 {
sqlite3 db {}
db deserialize [decode_hexdb {
| size 5632 pagesize 512 filename c4.db
| page 1 offset 0
| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3.
| 16: 02 00 01 01 00 40 20 20 00 00 00 02 00 00 00 0b .....@ ........
................................................................................
| 464: 01 c5 01 0d 41 00 00 48 01 54 00 01 f7 01 ec 01 ....A..H.T......
| 480: c5 01 0d 40 00 00 48 01 54 00 01 f7 01 ec 01 c5 ...@..H.T.......
| 496: 01 0d 3f 00 00 48 01 54 00 01 f7 01 ec 01 c5 01 ..?..H.T........
| end c4.db
}]
db eval {PRAGMA integrity_check}
} {/Fragmentation of 384 bytes reported as 0 on page 8/}
finish_test
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
...
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
|
source $testdir/tester.tcl
ifcapable !deserialize {
finish_test
return
}
# In the following database file, there is 384 bytes of free space
# on page 8 that does not appear on the freeblock list.
#
do_test dbfuzz001-100 {
sqlite3 db {}
db deserialize [decode_hexdb {
| size 5632 pagesize 512 filename c4.db
| page 1 offset 0
| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3.
| 16: 02 00 01 01 00 40 20 20 00 00 00 02 00 00 00 0b .....@ ........
................................................................................
| 464: 01 c5 01 0d 41 00 00 48 01 54 00 01 f7 01 ec 01 ....A..H.T......
| 480: c5 01 0d 40 00 00 48 01 54 00 01 f7 01 ec 01 c5 ...@..H.T.......
| 496: 01 0d 3f 00 00 48 01 54 00 01 f7 01 ec 01 c5 01 ..?..H.T........
| end c4.db
}]
db eval {PRAGMA integrity_check}
} {/Fragmentation of 384 bytes reported as 0 on page 8/}
# The DELETE query below deletes the very last cell from page 8.
# Prior to a certain fix to sqlite3BtreeDelete() and because of the
# corruption to the freeblock list on page 8, this would fail to
# cause a rebalance operation, which would leave the btree in a weird
# state that would lead to segfaults and or assertion faults.
#
do_execsql_test dbfuzz001-110 {
DELETE FROM t3 WHERE x IS NOT NULL AND +rowid=6;
} {}
finish_test
|