Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fixed crash in integrity_check with corrupt content offset size in page header. (CVS 5881) |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
0659a666ff0a9fc81ee4df3c35e53516 |
| User & Date: | shane 2008-11-11 17:36:30 |
Context
|
2008-11-11
| ||
| 18:28 | Cleanup in flattenSubquery. Add OOM tests for flattenSubquery. Fix issues with OOM errors causes problems for flattenSubquery. Ticket #3485. (CVS 5882) (check-in: ea5f4baa user: drh tags: trunk) | |
| 17:36 | Fixed crash in integrity_check with corrupt content offset size in page header. (CVS 5881) (check-in: 0659a666 user: shane tags: trunk) | |
| 15:48 | Avoid signed/unsigned comparison warnings in bitvec.c by changing the types of loop variables to unsigned int. (CVS 5880) (check-in: da869446 user: drh tags: trunk) | |
Changes
Changes to src/btree.c.
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
....
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
|
** a legal notice, here is a blessing: ** ** May you do good and not evil. ** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** $Id: btree.c,v 1.528 2008/11/10 17:14:58 shane Exp $ ** ** This file implements a external (disk-based) database using BTrees. ** See the header comment on "btreeInt.h" for additional information. ** Including a description of file format and an overview of operation. */ #include "btreeInt.h" ................................................................................ */ data = pPage->aData; hdr = pPage->hdrOffset; hit = sqlite3PageMalloc( pBt->pageSize ); if( hit==0 ){ pCheck->mallocFailed = 1; }else{ memset(hit, 0, usableSize ); memset(hit, 1, get2byte(&data[hdr+5])); nCell = get2byte(&data[hdr+3]); cellStart = hdr + 12 - 4*pPage->leaf; for(i=0; i<nCell; i++){ int pc = get2byte(&data[cellStart+i*2]); u16 size = 1024; int j; if( pc<=usableSize ){ |
|
>
>
>
>
>
>
|
|
|
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
....
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
|
** a legal notice, here is a blessing: ** ** May you do good and not evil. ** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** $Id: btree.c,v 1.529 2008/11/11 17:36:30 shane Exp $ ** ** This file implements a external (disk-based) database using BTrees. ** See the header comment on "btreeInt.h" for additional information. ** Including a description of file format and an overview of operation. */ #include "btreeInt.h" ................................................................................ */ data = pPage->aData; hdr = pPage->hdrOffset; hit = sqlite3PageMalloc( pBt->pageSize ); if( hit==0 ){ pCheck->mallocFailed = 1; }else{ u16 contentOffset = get2byte(&data[hdr+5]); if (contentOffset > usableSize) { checkAppendMsg(pCheck, 0, "Corruption detected in header on page %d",iPage,0); contentOffset = usableSize; /* try to keep going */ } memset(hit+contentOffset, 0, usableSize-contentOffset); memset(hit, 1, contentOffset); nCell = get2byte(&data[hdr+3]); cellStart = hdr + 12 - 4*pPage->leaf; for(i=0; i<nCell; i++){ int pc = get2byte(&data[cellStart+i*2]); u16 size = 1024; int j; if( pc<=usableSize ){ |
Changes to test/corruptC.test.
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 .. 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 ... 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 |
# This file implements regression tests for SQLite library. # # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. It creates a base # data base file, then tests that single byte corruptions in # increasingly larger quantities are handled gracefully. # # $Id: corruptC.test,v 1.1 2008/10/31 13:57:40 shane Exp $ catch {file delete -force test.db test.db-journal test.bu} set testdir [file dirname $argv0] source $testdir/tester.tcl # Construct a compact, dense database for testing. # do_test corruptC-1.1 { execsql { BEGIN; CREATE TABLE t1(x); ................................................................................ } # Setup for the tests. Make a backup copy of the good database in test.bu. # copy_file test.db test.bu set fsize [file size test.db] for {set tn 1} {$tn<=1024} {incr tn 1} { # setup for test db close copy_file test.bu test.db # Seek to a random location in the file, and write a random single byte # value. Then do various operations on the file to make sure that # the database engine can handle the corruption gracefully. # set last 0 for {set i 1} {$i<=1024 && !$last} {incr i 1} { # insert random byte at random location set fd [open test.db r+] fconfigure $fd -translation binary seek $fd [random $fsize] puts -nonewline $fd [format "%c" [expr [random 255]]] close $fd # do a few random operations to make sure that if # they error, they error gracefully instead of crashing. do_test corruptC-2.$tn.$i.1 { sqlite3 db test.db catchsql {SELECT count(*) FROM sqlite_master} set x {} } {} do_test corruptC-2.$tn.$i.2 { catchsql {SELECT count(*) FROM t1} set x {} } {} do_test corruptC-2.$tn.$i.3 { catchsql {SELECT count(*) FROM t1 WHERE x>13} set x {} } {} do_test corruptC-2.$tn.$i.4 { catchsql {SELECT count(*) FROM t2} set x {} } {} do_test corruptC-2.$tn.$i.5 { catchsql {SELECT count(*) FROM t2 WHERE x<13} set x {} } {} # check the integrity of the database. # once the corruption is detected, we can stop. ifcapable {integrityck} { ................................................................................ ifcapable {!integrityck} { if { $i > 5 } { set last -1 } } # Check that no page references were leaked. do_test corruptC-2.$tn.$i.6 { set bt [btree_from_db db] db_enter db array set stats [btree_pager_stats $bt] db_leave db set stats(ref) } {0} |
| > > > > > > > > > > > > > > > > > > > > > > > > > | > > > | < < < < | | | | | | |
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 .. 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 ... 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 |
# This file implements regression tests for SQLite library. # # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. It creates a base # data base file, then tests that single byte corruptions in # increasingly larger quantities are handled gracefully. # # $Id: corruptC.test,v 1.2 2008/11/11 17:36:30 shane Exp $ catch {file delete -force test.db test.db-journal test.bu} set testdir [file dirname $argv0] source $testdir/tester.tcl # Set a uniform random seed expr srand(0) # Construct a compact, dense database for testing. # do_test corruptC-1.1 { execsql { BEGIN; CREATE TABLE t1(x); ................................................................................ } # Setup for the tests. Make a backup copy of the good database in test.bu. # copy_file test.db test.bu set fsize [file size test.db] # # first test some specific corruption tests found from earlier runs # # test that a corrupt content offset size is handled (seed 5577) do_test corruptC-2.1 { db close copy_file test.bu test.db # insert corrupt byte(s) hexio_write test.db 2053 04 sqlite3 db test.db catchsql {PRAGMA integrity_check} } {0 {{*** in database main *** Corruption detected in header on page 3 Multiple uses for byte 604 of page 3}}} # # now test for a series of quasi-random seeds # for {set tn 0} {$tn<=1024} {incr tn 1} { # Set a quasi-random random seed expr srand($tn) # setup for test db close copy_file test.bu test.db # Seek to a random location in the file, and write a random single byte # value. Then do various operations on the file to make sure that # the database engine can handle the corruption gracefully. # set last 0 for {set i 1} {$i<=1024 && !$last} {incr i 1} { # insert random byte at random location hexio_write test.db [random $fsize] [format %02x [random 255]] # do a few random operations to make sure that if # they error, they error gracefully instead of crashing. do_test corruptC-3.$tn.$i.1 { sqlite3 db test.db catchsql {SELECT count(*) FROM sqlite_master} set x {} } {} do_test corruptC-3.$tn.$i.2 { catchsql {SELECT count(*) FROM t1} set x {} } {} do_test corruptC-3.$tn.$i.3 { catchsql {SELECT count(*) FROM t1 WHERE x>13} set x {} } {} do_test corruptC-3.$tn.$i.4 { catchsql {SELECT count(*) FROM t2} set x {} } {} do_test corruptC-3.$tn.$i.5 { catchsql {SELECT count(*) FROM t2 WHERE x<13} set x {} } {} # check the integrity of the database. # once the corruption is detected, we can stop. ifcapable {integrityck} { ................................................................................ ifcapable {!integrityck} { if { $i > 5 } { set last -1 } } # Check that no page references were leaked. do_test corruptC-3.$tn.$i.6 { set bt [btree_from_db db] db_enter db array set stats [btree_pager_stats $bt] db_leave db set stats(ref) } {0} |