# 2013-08-01 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: # # May you do good and not evil. # May you find forgiveness for yourself and forgive others. # May you share freely, never taking more than you give. # #*********************************************************************** # set testdir [file dirname $argv0] source $testdir/tester.tcl set testprefix corruptG # Do not use a codec for tests in this file, as the database file is # manipulated directly using tcl scripts (using the [hexio_write] command). # do_not_use_codec # Create a simple database with a single entry. Then corrupt the # header-size varint on the index payload so that it maps into a # negative number. Try to use the database. # do_execsql_test 1.1 { PRAGMA page_size=512; CREATE TABLE t1(a,b,c); INSERT INTO t1(rowid,a,b,c) VALUES(52,'abc','xyz','123'); CREATE INDEX t1abc ON t1(a,b,c); } set idxroot [db one {SELECT rootpage FROM sqlite_master WHERE name = 't1abc'}] # Corrupt the file db close hexio_write test.db [expr {$idxroot*512 - 15}] 888080807f sqlite3 db test.db # Try to use the file. do_test 1.2 { catchsql { SELECT c FROM t1 WHERE a>'abc'; } } {0 {}} do_test 1.3 { catchsql { PRAGMA integrity_check } } {0 ok} do_test 1.4 { catchsql { SELECT c FROM t1 ORDER BY a; } } {1 {database disk image is malformed}} # Corrupt the same file in a slightly different way. Make the record header # sane, but corrupt one of the serial_type value to indicate a huge payload # such that the payload begins in allocated space but overflows the buffer. # db close hexio_write test.db [expr {$idxroot*512-15}] 0513ff7f01 sqlite3 db test.db do_test 2.1 { catchsql { SELECT rowid FROM t1 WHERE a='abc' and b='xyz123456789XYZ'; } # The following test result is brittle. The point above is to try to # force a buffer overread by a corrupt database file. If we get an # incorrect answer from a corrupt database file, that is OK. If the # result below changes, that just means that "undefined behavior" has # changed. } {0 52} finish_test