Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fixed crash in integrity_check with corrupt content offset size in page header. (CVS 5881) |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
0659a666ff0a9fc81ee4df3c35e53516 |
User & Date: | shane 2008-11-11 17:36:30.000 |
Context
2008-11-11
| ||
18:28 | Cleanup in flattenSubquery. Add OOM tests for flattenSubquery. Fix issues with OOM errors causes problems for flattenSubquery. Ticket #3485. (CVS 5882) (check-in: ea5f4baa04 user: drh tags: trunk) | |
17:36 | Fixed crash in integrity_check with corrupt content offset size in page header. (CVS 5881) (check-in: 0659a666ff user: shane tags: trunk) | |
15:48 | Avoid signed/unsigned comparison warnings in bitvec.c by changing the types of loop variables to unsigned int. (CVS 5880) (check-in: da869446c5 user: drh tags: trunk) | |
Changes
Changes to src/btree.c.
1 2 3 4 5 6 7 8 9 10 11 | /* ** 2004 April 6 ** ** The author disclaims copyright to this source code. In place of ** a legal notice, here is a blessing: ** ** May you do good and not evil. ** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | /* ** 2004 April 6 ** ** The author disclaims copyright to this source code. In place of ** a legal notice, here is a blessing: ** ** May you do good and not evil. ** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** $Id: btree.c,v 1.529 2008/11/11 17:36:30 shane Exp $ ** ** This file implements a external (disk-based) database using BTrees. ** See the header comment on "btreeInt.h" for additional information. ** Including a description of file format and an overview of operation. */ #include "btreeInt.h" |
︙ | ︙ | |||
6796 6797 6798 6799 6800 6801 6802 | */ data = pPage->aData; hdr = pPage->hdrOffset; hit = sqlite3PageMalloc( pBt->pageSize ); if( hit==0 ){ pCheck->mallocFailed = 1; }else{ | > > > > > > | | | 6796 6797 6798 6799 6800 6801 6802 6803 6804 6805 6806 6807 6808 6809 6810 6811 6812 6813 6814 6815 6816 6817 | */ data = pPage->aData; hdr = pPage->hdrOffset; hit = sqlite3PageMalloc( pBt->pageSize ); if( hit==0 ){ pCheck->mallocFailed = 1; }else{ u16 contentOffset = get2byte(&data[hdr+5]); if (contentOffset > usableSize) { checkAppendMsg(pCheck, 0, "Corruption detected in header on page %d",iPage,0); contentOffset = usableSize; /* try to keep going */ } memset(hit+contentOffset, 0, usableSize-contentOffset); memset(hit, 1, contentOffset); nCell = get2byte(&data[hdr+3]); cellStart = hdr + 12 - 4*pPage->leaf; for(i=0; i<nCell; i++){ int pc = get2byte(&data[cellStart+i*2]); u16 size = 1024; int j; if( pc<=usableSize ){ |
︙ | ︙ |
Changes to test/corruptC.test.
︙ | ︙ | |||
11 12 13 14 15 16 17 | # This file implements regression tests for SQLite library. # # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. It creates a base # data base file, then tests that single byte corruptions in # increasingly larger quantities are handled gracefully. # | | > > > | 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | # This file implements regression tests for SQLite library. # # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. It creates a base # data base file, then tests that single byte corruptions in # increasingly larger quantities are handled gracefully. # # $Id: corruptC.test,v 1.2 2008/11/11 17:36:30 shane Exp $ catch {file delete -force test.db test.db-journal test.bu} set testdir [file dirname $argv0] source $testdir/tester.tcl # Set a uniform random seed expr srand(0) # Construct a compact, dense database for testing. # do_test corruptC-1.1 { execsql { BEGIN; CREATE TABLE t1(x); |
︙ | ︙ | |||
64 65 66 67 68 69 70 | } # Setup for the tests. Make a backup copy of the good database in test.bu. # copy_file test.db test.bu set fsize [file size test.db] | > > > > > > > > > > > > > > > > > > > > > > | > > > < < | < < | | | | | | 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 | } # Setup for the tests. Make a backup copy of the good database in test.bu. # copy_file test.db test.bu set fsize [file size test.db] # # first test some specific corruption tests found from earlier runs # # test that a corrupt content offset size is handled (seed 5577) do_test corruptC-2.1 { db close copy_file test.bu test.db # insert corrupt byte(s) hexio_write test.db 2053 04 sqlite3 db test.db catchsql {PRAGMA integrity_check} } {0 {{*** in database main *** Corruption detected in header on page 3 Multiple uses for byte 604 of page 3}}} # # now test for a series of quasi-random seeds # for {set tn 0} {$tn<=1024} {incr tn 1} { # Set a quasi-random random seed expr srand($tn) # setup for test db close copy_file test.bu test.db # Seek to a random location in the file, and write a random single byte # value. Then do various operations on the file to make sure that # the database engine can handle the corruption gracefully. # set last 0 for {set i 1} {$i<=1024 && !$last} {incr i 1} { # insert random byte at random location hexio_write test.db [random $fsize] [format %02x [random 255]] # do a few random operations to make sure that if # they error, they error gracefully instead of crashing. do_test corruptC-3.$tn.$i.1 { sqlite3 db test.db catchsql {SELECT count(*) FROM sqlite_master} set x {} } {} do_test corruptC-3.$tn.$i.2 { catchsql {SELECT count(*) FROM t1} set x {} } {} do_test corruptC-3.$tn.$i.3 { catchsql {SELECT count(*) FROM t1 WHERE x>13} set x {} } {} do_test corruptC-3.$tn.$i.4 { catchsql {SELECT count(*) FROM t2} set x {} } {} do_test corruptC-3.$tn.$i.5 { catchsql {SELECT count(*) FROM t2 WHERE x<13} set x {} } {} # check the integrity of the database. # once the corruption is detected, we can stop. ifcapable {integrityck} { |
︙ | ︙ | |||
126 127 128 129 130 131 132 | ifcapable {!integrityck} { if { $i > 5 } { set last -1 } } # Check that no page references were leaked. | | | 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 | ifcapable {!integrityck} { if { $i > 5 } { set last -1 } } # Check that no page references were leaked. do_test corruptC-3.$tn.$i.6 { set bt [btree_from_db db] db_enter db array set stats [btree_pager_stats $bt] db_leave db set stats(ref) } {0} |
︙ | ︙ |