Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Merge the btree fixes out of trunk. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | fuzzcheck |
Files: | files | file ages | folders |
SHA1: |
f3cd8cecf4f7aa3429e3ebc90ed31c4e |
User & Date: | drh 2015-05-25 19:37:17.641 |
Context
2015-05-25
| ||
21:59 | Add the --native-vfs option on fuzzcheck. (check-in: 12e95e3f17 user: drh tags: fuzzcheck) | |
19:37 | Merge the btree fixes out of trunk. (check-in: f3cd8cecf4 user: drh tags: fuzzcheck) | |
19:35 | Add the --dbid and --sqlid parameters to fuzzcheck. Other fuzzcheck fixes. (check-in: 75ec9299fa user: drh tags: fuzzcheck) | |
19:24 | Have the b-tree layer return SQLITE_CORRUPT to any attempt to open a cursor with a root page number less than 1. (check-in: aa18c8e9d1 user: dan tags: trunk) | |
Changes
Changes to src/btree.c.
︙ | ︙ | |||
3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 3895 3896 3897 3898 3899 3900 | Btree *p, /* The btree */ int iTable, /* Root page of table to open */ int wrFlag, /* 1 to write. 0 read-only */ struct KeyInfo *pKeyInfo, /* First arg to xCompare() */ BtCursor *pCur /* Write new cursor here */ ){ int rc; sqlite3BtreeEnter(p); rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur); sqlite3BtreeLeave(p); return rc; } /* ** Return the size of a BtCursor object in bytes. ** ** This interfaces is needed so that users of cursors can preallocate | > > > > | 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 3895 3896 3897 3898 3899 3900 3901 3902 3903 3904 | Btree *p, /* The btree */ int iTable, /* Root page of table to open */ int wrFlag, /* 1 to write. 0 read-only */ struct KeyInfo *pKeyInfo, /* First arg to xCompare() */ BtCursor *pCur /* Write new cursor here */ ){ int rc; if( iTable<1 ){ rc = SQLITE_CORRUPT_BKPT; }else{ sqlite3BtreeEnter(p); rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur); sqlite3BtreeLeave(p); } return rc; } /* ** Return the size of a BtCursor object in bytes. ** ** This interfaces is needed so that users of cursors can preallocate |
︙ | ︙ | |||
5746 5747 5748 5749 5750 5751 5752 | if( pCell+info.iOverflow+3 > pPage->aData+pPage->maskPage ){ return SQLITE_CORRUPT_BKPT; /* Cell extends past end of page */ } ovflPgno = get4byte(&pCell[info.iOverflow]); assert( pBt->usableSize > 4 ); ovflPageSize = pBt->usableSize - 4; nOvfl = (info.nPayload - info.nLocal + ovflPageSize - 1)/ovflPageSize; | | > > | 5750 5751 5752 5753 5754 5755 5756 5757 5758 5759 5760 5761 5762 5763 5764 5765 5766 | if( pCell+info.iOverflow+3 > pPage->aData+pPage->maskPage ){ return SQLITE_CORRUPT_BKPT; /* Cell extends past end of page */ } ovflPgno = get4byte(&pCell[info.iOverflow]); assert( pBt->usableSize > 4 ); ovflPageSize = pBt->usableSize - 4; nOvfl = (info.nPayload - info.nLocal + ovflPageSize - 1)/ovflPageSize; assert( nOvfl>0 || (CORRUPT_DB && (info.nPayload + ovflPageSize)<ovflPageSize) ); while( nOvfl-- ){ Pgno iNext = 0; MemPage *pOvfl = 0; if( ovflPgno<2 || ovflPgno>btreePagecount(pBt) ){ /* 0 is not a legal page number and page 1 cannot be an ** overflow page. Therefore if ovflPgno<2 or past the end of the ** file the database must be corrupt. */ |
︙ | ︙ | |||
6001 6002 6003 6004 6005 6006 6007 | u8 *ptr; /* Used to move bytes around within data[] */ int rc; /* The return code */ int hdr; /* Beginning of the header. 0 most pages. 100 page 1 */ if( *pRC ) return; assert( idx>=0 && idx<pPage->nCell ); | | | 6007 6008 6009 6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 | u8 *ptr; /* Used to move bytes around within data[] */ int rc; /* The return code */ int hdr; /* Beginning of the header. 0 most pages. 100 page 1 */ if( *pRC ) return; assert( idx>=0 && idx<pPage->nCell ); assert( CORRUPT_DB || sz==cellSize(pPage, idx) ); assert( sqlite3PagerIswriteable(pPage->pDbPage) ); assert( sqlite3_mutex_held(pPage->pBt->mutex) ); data = pPage->aData; ptr = &pPage->aCellIdx[2*idx]; pc = get2byte(ptr); hdr = pPage->hdrOffset; testcase( pc==get2byte(&data[hdr+5]) ); |
︙ | ︙ |
Changes to test/corruptI.test.
︙ | ︙ | |||
179 180 181 182 183 184 185 186 187 | } {12} do_test 5.3 { sqlite3 db test.db catchsql { CREATE TABLE tx(x); } } {1 {database disk image is malformed}} finish_test | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 | } {12} do_test 5.3 { sqlite3 db test.db catchsql { CREATE TABLE tx(x); } } {1 {database disk image is malformed}} #------------------------------------------------------------------------- # Set the payload size of a cell to just less than 2^32 bytes (not # possible in an uncorrupted db). Then try to delete the cell. At one # point this led to an integer overflow that caused an assert() to fail. # reset_db do_execsql_test 6.0 { PRAGMA page_size = 512; CREATE TABLE t1(x); INSERT INTO t1 VALUES(zeroblob(300)); INSERT INTO t1 VALUES(zeroblob(600)); } {} do_test 6.1 { db close hexio_write test.db 616 EAFFFFFF0202 sqlite3 db test.db breakpoint execsql { DELETE FROM t1 WHERE rowid=2 } } {} #------------------------------------------------------------------------- # See what happens if the sqlite_master entry associated with a PRIMARY # KEY or UNIQUE index is removed. # reset_db do_execsql_test 7.0 { CREATE TABLE t1(x PRIMARY KEY, y); INSERT INTO t1 VALUES('a', 'A'); INSERT INTO t1 VALUES('b', 'A'); INSERT INTO t1 VALUES('c', 'A'); SELECT name FROM sqlite_master; } {t1 sqlite_autoindex_t1_1} do_execsql_test 7.1 { PRAGMA writable_schema = 1; DELETE FROM sqlite_master WHERE name = 'sqlite_autoindex_t1_1'; } do_test 7.2 { db close sqlite3 db test.db catchsql { UPDATE t1 SET x='d' AND y='D' WHERE rowid = 2 } } {1 {database disk image is malformed}} finish_test |