/ Check-in [530c6360]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Added test cases for corrupt SerialTypeLen header values, and additional check to improve detection of corrupt values. (CVS 5101)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 530c6360610f737e85608b23ede2646d69d1bc9a
User & Date: shane 2008-05-07 18:59:29
Context
2008-05-07
19:11
Fix some problems with multi-file transactions in persistent journal mode. (CVS 5102) check-in: e98a7f87 user: danielk1977 tags: trunk
18:59
Added test cases for corrupt SerialTypeLen header values, and additional check to improve detection of corrupt values. (CVS 5101) check-in: 530c6360 user: shane tags: trunk
15:44
Modify the header comment in jrnlmode2.test. No code or test changes. (CVS 5100) check-in: ed728104 user: danielk1977 tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/vdbe.c.

39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
....
2043
2044
2045
2046
2047
2048
2049


2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
**
** Various scripts scan this source file in order to generate HTML
** documentation, headers files, or other derived files.  The formatting
** of the code in this file is, therefore, important.  See other comments
** in this file for details.  If in doubt, do not deviate from existing
** commenting and indentation practices when changing or adding code.
**
** $Id: vdbe.c,v 1.737 2008/04/29 00:15:21 drh Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>
#include "vdbeInt.h"

/*
** The following global variable is incremented every time a cursor
................................................................................
      }
    }
    sqlite3VdbeMemRelease(&sMem);
    sMem.flags = MEM_Null;

    /* If we have read more header data than was contained in the header,
    ** or if the end of the last field appears to be past the end of the


    ** record, then we must be dealing with a corrupt database.
    */
    if( zIdx>zEndHdr || offset>payloadSize ){
      rc = SQLITE_CORRUPT_BKPT;
      goto op_column_out;
    }
  }

  /* Get the column information. If aOffset[p2] is non-zero, then 
  ** deserialize the value from the record. If aOffset[p2] is zero,







|







 







>
>
|

|







39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
....
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
**
** Various scripts scan this source file in order to generate HTML
** documentation, headers files, or other derived files.  The formatting
** of the code in this file is, therefore, important.  See other comments
** in this file for details.  If in doubt, do not deviate from existing
** commenting and indentation practices when changing or adding code.
**
** $Id: vdbe.c,v 1.738 2008/05/07 18:59:29 shane Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>
#include "vdbeInt.h"

/*
** The following global variable is incremented every time a cursor
................................................................................
      }
    }
    sqlite3VdbeMemRelease(&sMem);
    sMem.flags = MEM_Null;

    /* If we have read more header data than was contained in the header,
    ** or if the end of the last field appears to be past the end of the
    ** record, or if the end of the last field appears to be before the end
    ** of the record (when all fields present), then we must be dealing 
    ** with a corrupt database.
    */
    if( zIdx>zEndHdr || offset>payloadSize || (zIdx==zEndHdr && offset!=payloadSize) ){
      rc = SQLITE_CORRUPT_BKPT;
      goto op_column_out;
    }
  }

  /* Get the column information. If aOffset[p2] is non-zero, then 
  ** deserialize the value from the record. If aOffset[p2] is zero,

Added test/corrupt6.test.































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# 2008 May 6
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.
#
# This file implements tests to make sure SQLite does not crash or
# segfault if it sees a corrupt database file.  It specifically focuses
# on corrupt SerialTypeLen values.
#
# $Id: corrupt6.test,v 1.1 2008/05/07 18:59:29 shane Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# We must have the page_size pragma for these tests to work.
#
ifcapable !pager_pragmas {
  finish_test
  return
}

# Create a simple, small database.
#
do_test corrupt6-1.1 {
  execsql {
    PRAGMA auto_vacuum=OFF;
    PRAGMA page_size=1024;
    CREATE TABLE t1(x);
    INSERT INTO t1(x) VALUES('varint32-01234567890123456789012345678901234567890123456789');
    INSERT INTO t1(x) VALUES('varint32-01234567890123456789012345678901234567890123456789');
  }
  file size test.db
} [expr {1024*2}]

# Verify that the file format is as we expect.  The page size
# should be 1024 bytes.
#
do_test corrupt6-1.2 {
  hexio_get_int [hexio_read test.db 16 2]
} 1024   ;# The page size is 1024
do_test corrupt6-1.3 {
  hexio_get_int [hexio_read test.db 20 1]
} 0      ;# Unused bytes per page is 0

integrity_check corrupt6-1.4

# Verify SerialTypeLen for first field of two records as we expect.
# SerialTypeLen = (len*2+12) = 60*2+12 = 132
do_test corrupt6-1.5.1 {
  hexio_read test.db 1923 2
} 8103      ;# First text field size if 81 03 == 131
do_test corrupt6-1.5.2 {
  hexio_read test.db 1987 2
} 8103      ;# Second text field size if 81 03 == 131

# Verify simple query results as expected.
do_test corrupt6-1.6 {
  db close
  sqlite3 db test.db
  catchsql {
    SELECT substr(x,1,8) FROM t1
  }
} [list 0 {varint32 varint32} ]
integrity_check corrupt6-1.7

# Adjust value of record 1 / field 1 SerialTypeLen and see if the
# corruption is detected.
# Increase SerialTypeLen by 2.
do_test corrupt6-1.8.1 {
  db close
  hexio_write test.db 1923 8105
  sqlite3 db test.db
  catchsql {
    SELECT substr(x,1,8) FROM t1
  }
} [list 1 {database disk image is malformed}]

# Adjust value of record 1 / field 1 SerialTypeLen and see if the
# corruption is detected.
# Decrease SerialTypeLen by 2.
do_test corrupt6-1.8.2 {
  db close
  hexio_write test.db 1923 8101
  sqlite3 db test.db
  catchsql {
    SELECT substr(x,1,8) FROM t1
  }
} [list 1 {database disk image is malformed}]

# Put value of record 1 / field 1 SerialTypeLen back.
do_test corrupt6-1.8.3 {
  db close
  hexio_write test.db 1923 8103
  sqlite3 db test.db
  catchsql {
    SELECT substr(x,1,8) FROM t1
  }
} [list 0 {varint32 varint32} ]
integrity_check corrupt6-1.8.4

# Adjust value of record 2 / field 1 SerialTypeLen and see if the
# corruption is detected.
# Increase SerialTypeLen by 2.
do_test corrupt6-1.9.1 {
  db close
  hexio_write test.db 1987 8105
  sqlite3 db test.db
  catchsql {
    SELECT substr(x,1,8) FROM t1
  }
} [list 1 {database disk image is malformed}]

# Adjust value of record 2 / field 2 SerialTypeLen and see if the
# corruption is detected.
# Decrease SerialTypeLen by 2.
do_test corrupt6-1.9.2 {
  db close
  hexio_write test.db 1987 8101
  sqlite3 db test.db
  catchsql {
    SELECT substr(x,1,8) FROM t1
  }
} [list 1 {database disk image is malformed}]

# Put value of record 1 / field 2 SerialTypeLen back.
do_test corrupt6-1.9.3 {
  db close
  hexio_write test.db 1987 8103
  sqlite3 db test.db
  catchsql {
    SELECT substr(x,1,8) FROM t1
  }
} [list 0 {varint32 varint32} ]
integrity_check corrupt6-1.9.4

finish_test