/ Check-in [b7702905]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Test cases and minor changes to make fts3 more robust in the face of a corrupt database.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:b770290561f5450e4d985ca0050ef5eb01657c80
User & Date: dan 2010-10-30 15:21:13
Context
2010-10-31
22:42
Fix a typo in a comment inserted by the amalgamation builder. Typo reported on the mailing list. check-in: 6a6bb6ce user: drh tags: trunk
2010-10-30
15:21
Test cases and minor changes to make fts3 more robust in the face of a corrupt database. check-in: b7702905 user: dan tags: trunk
2010-10-29
18:45
Add extra test cases and changes to fts3 to avoid crashing on a corrupt database. check-in: 252f0e45 user: dan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/fts3/fts3.c.

997
998
999
1000
1001
1002
1003
1004










1005
1006



1007
1008
1009
1010
1011
1012
1013
....
1014
1015
1016
1017
1018
1019
1020





1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
....
1054
1055
1056
1057
1058
1059
1060

1061
1062
1063
1064
1065
1066
1067
  char *zBuffer = 0;              /* Buffer to load terms into */
  int nAlloc = 0;                 /* Size of allocated buffer */
  int isFirstTerm = 1;            /* True when processing first term on page */
  sqlite3_int64 iChild;           /* Block id of child node to descend to */

  /* Skip over the 'height' varint that occurs at the start of every 
  ** interior node. Then load the blockid of the left-child of the b-tree
  ** node into variable iChild.  */










  zCsr += sqlite3Fts3GetVarint(zCsr, &iChild);
  zCsr += sqlite3Fts3GetVarint(zCsr, &iChild);



  
  while( zCsr<zEnd && (piFirst || piLast) ){
    int cmp;                      /* memcmp() result */
    int nSuffix;                  /* Size of term suffix */
    int nPrefix = 0;              /* Size of term prefix */
    int nBuffer;                  /* Total term size */
  
................................................................................
    /* Load the next term on the node into zBuffer. Use realloc() to expand
    ** the size of zBuffer if required.  */
    if( !isFirstTerm ){
      zCsr += sqlite3Fts3GetVarint32(zCsr, &nPrefix);
    }
    isFirstTerm = 0;
    zCsr += sqlite3Fts3GetVarint32(zCsr, &nSuffix);





    if( nPrefix+nSuffix>nAlloc ){
      char *zNew;
      nAlloc = (nPrefix+nSuffix) * 2;
      zNew = (char *)sqlite3_realloc(zBuffer, nAlloc);
      if( !zNew ){
        sqlite3_free(zBuffer);
        return SQLITE_NOMEM;
      }
      zBuffer = zNew;
    }
    memcpy(&zBuffer[nPrefix], zCsr, nSuffix);
    nBuffer = nPrefix + nSuffix;
    zCsr += nSuffix;

................................................................................

    iChild++;
  };

  if( piFirst ) *piFirst = iChild;
  if( piLast ) *piLast = iChild;


  sqlite3_free(zBuffer);
  return rc;
}


/*
** The buffer pointed to by argument zNode (size nNode bytes) contains an







|
>
>
>
>
>
>
>
>
>
>


>
>
>







 







>
>
>
>
>





|
|







 







>







997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
....
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
....
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
  char *zBuffer = 0;              /* Buffer to load terms into */
  int nAlloc = 0;                 /* Size of allocated buffer */
  int isFirstTerm = 1;            /* True when processing first term on page */
  sqlite3_int64 iChild;           /* Block id of child node to descend to */

  /* Skip over the 'height' varint that occurs at the start of every 
  ** interior node. Then load the blockid of the left-child of the b-tree
  ** node into variable iChild.  
  **
  ** Even if the data structure on disk is corrupted, this (reading two
  ** varints from the buffer) does not risk an overread. If zNode is a
  ** root node, then the buffer comes from a SELECT statement. SQLite does
  ** not make this guarantee explicitly, but in practice there are always
  ** either more than 20 bytes of allocated space following the nNode bytes of
  ** contents, or two zero bytes. Or, if the node is read from the %_segments
  ** table, then there are always 20 bytes of zeroed padding following the
  ** nNode bytes of content (see sqlite3Fts3ReadBlock() for details).
  */
  zCsr += sqlite3Fts3GetVarint(zCsr, &iChild);
  zCsr += sqlite3Fts3GetVarint(zCsr, &iChild);
  if( zCsr>=zEnd ){
    return SQLITE_CORRUPT;
  }
  
  while( zCsr<zEnd && (piFirst || piLast) ){
    int cmp;                      /* memcmp() result */
    int nSuffix;                  /* Size of term suffix */
    int nPrefix = 0;              /* Size of term prefix */
    int nBuffer;                  /* Total term size */
  
................................................................................
    /* Load the next term on the node into zBuffer. Use realloc() to expand
    ** the size of zBuffer if required.  */
    if( !isFirstTerm ){
      zCsr += sqlite3Fts3GetVarint32(zCsr, &nPrefix);
    }
    isFirstTerm = 0;
    zCsr += sqlite3Fts3GetVarint32(zCsr, &nSuffix);
    
    if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){
      rc = SQLITE_CORRUPT;
      goto finish_scan;
    }
    if( nPrefix+nSuffix>nAlloc ){
      char *zNew;
      nAlloc = (nPrefix+nSuffix) * 2;
      zNew = (char *)sqlite3_realloc(zBuffer, nAlloc);
      if( !zNew ){
        rc = SQLITE_NOMEM;
        goto finish_scan;
      }
      zBuffer = zNew;
    }
    memcpy(&zBuffer[nPrefix], zCsr, nSuffix);
    nBuffer = nPrefix + nSuffix;
    zCsr += nSuffix;

................................................................................

    iChild++;
  };

  if( piFirst ) *piFirst = iChild;
  if( piLast ) *piLast = iChild;

 finish_scan:
  sqlite3_free(zBuffer);
  return rc;
}


/*
** The buffer pointed to by argument zNode (size nNode bytes) contains an

Changes to ext/fts3/fts3_write.c.

832
833
834
835
836
837
838

839
840
841
842
843
844
845
....
1139
1140
1141
1142
1143
1144
1145

1146
1147
1148
1149
1150
1151
1152
    int nByte = sqlite3_blob_bytes(p->pSegments);
    if( paBlob ){
      char *aByte = sqlite3_malloc(nByte + FTS3_NODE_PADDING);
      if( !aByte ){
        rc = SQLITE_NOMEM;
      }else{
        rc = sqlite3_blob_read(p->pSegments, aByte, nByte, 0);

        if( rc!=SQLITE_OK ){
          sqlite3_free(aByte);
          aByte = 0;
        }
      }
      *paBlob = aByte;
    }
................................................................................
  pReader->iEndBlock = iEndBlock;

  if( nExtra ){
    /* The entire segment is stored in the root node. */
    pReader->aNode = (char *)&pReader[1];
    pReader->nNode = nRoot;
    memcpy(pReader->aNode, zRoot, nRoot);

  }else{
    pReader->iCurrentBlock = iStartLeaf-1;
  }

  if( rc==SQLITE_OK ){
    *ppReader = pReader;
  }else{







>







 







>







832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
....
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
    int nByte = sqlite3_blob_bytes(p->pSegments);
    if( paBlob ){
      char *aByte = sqlite3_malloc(nByte + FTS3_NODE_PADDING);
      if( !aByte ){
        rc = SQLITE_NOMEM;
      }else{
        rc = sqlite3_blob_read(p->pSegments, aByte, nByte, 0);
        memset(&aByte[nByte], 0, FTS3_NODE_PADDING);
        if( rc!=SQLITE_OK ){
          sqlite3_free(aByte);
          aByte = 0;
        }
      }
      *paBlob = aByte;
    }
................................................................................
  pReader->iEndBlock = iEndBlock;

  if( nExtra ){
    /* The entire segment is stored in the root node. */
    pReader->aNode = (char *)&pReader[1];
    pReader->nNode = nRoot;
    memcpy(pReader->aNode, zRoot, nRoot);
    memset(&pReader->aNode[nRoot], 0, FTS3_NODE_PADDING);
  }else{
    pReader->iCurrentBlock = iStartLeaf-1;
  }

  if( rc==SQLITE_OK ){
    *ppReader = pReader;
  }else{

Changes to test/fts3corrupt.test.

84
85
86
87
88
89
90




91










92


























93
94
95
  execsql { UPDATE t1_segdir SET root = $blob }
} {}
do_catchsql_test 3.2 {
  SELECT rowid FROM t1 WHERE t1 MATCH 'world'
} {1 {database disk image is malformed}}













































finish_test








>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
  execsql { UPDATE t1_segdir SET root = $blob }
} {}
do_catchsql_test 3.2 {
  SELECT rowid FROM t1 WHERE t1 MATCH 'world'
} {1 {database disk image is malformed}}


do_execsql_test 4.0 {
  DROP TABLE t1;
  CREATE VIRTUAL TABLE t1 USING fts3;
  INSERT INTO t1(t1) VALUES('nodesize=24');
}
do_test fts3corrupt-4.1 {
  execsql BEGIN
  foreach s {
     "amxtvoo adqwroyhz auq aithtir avniqnuynvf axp ahibayfynig agbicpm"
     "ajdtebs anteaxr aieynenwmd awpl alo akxcrwow aoxftge aoqvgul"
     "amcfvdr auz apu aebelm ahuxyz aqc asyafdb agulvhvqu"
     "apepwfyz azkhdvkw aenyelxzbk aslnitbyet aycdsdcpgr aqzzdbc agfi axnypydou"
     "aaqrzzcm apcxdxo atumltzj aevvivo aodknoft aqoyytoz alobx apldt"
  } {
    execsql { INSERT INTO t1 VALUES($s) }
  }
  execsql COMMIT
} {}

do_catchsql_test 4.2 {
  UPDATE t1_segdir SET root = X'FFFFFFFFFFFFFFFF';
  SELECT rowid FROM t1 WHERE t1 MATCH 'world';
} {1 {database disk image is malformed}}

set    blob [binary format cca*cca*cca*cca*cca*cca*cca*cca*cca*cca*a* \
  22 120 [string repeat a 120]  \
  22 120 [string repeat b 120]  \
  22 120 [string repeat c 120]  \
  22 120 [string repeat d 120]  \
  22 120 [string repeat e 120]  \
  22 120 [string repeat f 120]  \
  22 120 [string repeat g 120]  \
  22 120 [string repeat h 120]  \
  22 120 [string repeat i 120]  \
  22 120 [string repeat j 120]  \
  "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
]

do_catchsql_test 4.3 {
  UPDATE t1_segdir SET root = $blob;
  SELECT rowid FROM t1 WHERE t1 MATCH 'world';
} {1 {database disk image is malformed}}

finish_test

Added test/fts3corrupt2.test.





























































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# 2010 October 30
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# Test that the FTS3 extension does not crash when it encounters a
# corrupt data structure on disk.
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# If SQLITE_ENABLE_FTS3 is not defined, omit this file.
ifcapable !fts3 { finish_test ; return }

set ::testprefix fts3corrupt2

set data [list]
lappend data {*}{
   "amxtvoo adqwroyhz auq aithtir avniqnuynvf axp ahibayfynig agbicpm"
   "ajdtebs anteaxr aieynenwmd awpl alo akxcrwow aoxftge aoqvgul"
   "amcfvdr auz apu aebelm ahuxyz aqc asyafdb agulvhvqu"
   "apepwfyz azkhdvkw aenyelxzbk aslnitbyet aycdsdcpgr aqzzdbc agfi axnypydou"
   "aaqrzzcm apcxdxo atumltzj aevvivo aodknoft aqoyytoz alobx apldt"
   "adjllxlhnmj aiuhvuj adwppceuht atvj azrsam ahkjqdhny audlqxr aotgcd"
   "aira azflsceos awj auzbobfkc awmezplr aeh awec ahndxlmv"
   "aydwnied alk auoap agihyqeix aymqxzajnl aydwnied aojkarx agbo"
   "ahajsmcl anvx amdhjm aoptsj agugzjjm apkevm acnj acjg"
   "amwtkw aogttbykvt aubwrfqnbjf ajow agsj aerkqzjdqst anenlvbalkn arfajzzgckx"
   "adqqqofkmz amjpavjuhw aqgehgnb awvvxlbtqzn agstqko akmkzehyh atagzey agwja"
   "amag ahe autkllywhr avnk atmt akn anvdh aixfrv"
   "aqdyerbws avefykly awl azaduojgzo anxfsmw axpt abgbvk ati"
   "attyqkwz aiweypiczul afy asitaqbczhh aitxisizpv auhviq aibql ajfqc"
   "aylzprtmta aiuemihqrpi awluvgsw ampbuy axlifpzfqr aems aoaxwads apianfn"
   "aodrkijelq acdb aaserrdxm aqyasgofqu aevvivo afi apmwu aeoqysl"
   "amqnk ankaotm ayfy ajcupeeoc advcbukan aucahlwnyk adbfyo azqjpeant"
   "afczpp asqrs ahslvda akhlf aiqgdp atyd aznuglxqbrg awirndrh"
   "aqhiajp amxeazb asxuehg akod axvolvsp agcz asmovmohy acmqa"
   "avvomv aafms ashuaec arevx audtq alrwqhjvao avgsgpg ajbrctpsel"
   "atxoirr ayopboobqdu ajunntua arh aernimxid aipljda aglo aefk"
   "aonxf acmnnkna abgviaswe aulvcbv axp apemgakpzo aibql acioaid"
   "axo alrwqhjvao ayqounftdzl azmoakdyh apajze ajk artvy apxiamy"
   "ayjafsraz addjj agsj asejtziqws acatvhegu aoxdjqblsvv aekdmmbs aaobe"
   "abjjvzubkwt alczv ati awz auyxgcxeb aymjoym anqoukprtyt atwfhpmbooh"
   "ajfqz aethlgir aclcx aowlyvetby aproqm afjlqtkv anebfy akzrcpfrrvw"
   "aoledfotm aiwlfm aeejlaej anz abgbvk aktfn aayoh anpywgdvgz"
   "acvmldguld asdvz aqb aeomsyzyu aggylhprbdz asrfkwz auipybpsn agsnszzfb"
}

do_test fts3corrupt2-1.0 {
  execsql BEGIN
  execsql { CREATE VIRTUAL TABLE t2 USING FTS3(a, b); }
  execsql { INSERT INTO t2(t2) VALUES('nodesize=32') }
  foreach d $data {
    execsql { INSERT INTO t2 VALUES($d, $d) }
  }
  execsql COMMIT
  execsql { SELECT count(*) FROM t2_segments }
} {163}

proc set_byte {blob byte val} {
  binary format a*ca*                         \
      [string range $blob 0 [expr $byte-1]]   \
      $val                                    \
      [string range $blob [expr $byte+1] end] \
}

set tn 0
set c 256
foreach {rowid sz blob} [
  db eval {SELECT rowid, length(block), block FROM t2_segments}
] {
  incr tn
  set c [expr (($c+255)%256)]
  for {set i 0} {$i < $sz} {incr i} {
    set b2 [set_byte $blob $i $c]
    execsql { UPDATE t2_segments SET block = $b2 WHERE rowid = $rowid }
    do_test fts3corrupt2-1.$tn.$i {
      catchsql { SELECT * FROM t2 WHERE t2 MATCH 'a*' }
      set {} {}
    } {}
  }
  execsql { UPDATE t2_segments SET block = $blob WHERE rowid = $rowid }
}

foreach c {50 100 150 200 250} {
  foreach {rowid sz blob} [
    db eval {SELECT rowid, length(root), root FROM t2_segdir}
  ] {
    incr tn
    for {set i 0} {$i < $sz} {incr i} {
      set b2 [set_byte $blob $i $c]
      execsql { UPDATE t2_segdir SET root = $b2 WHERE rowid = $rowid }
      do_test fts3corrupt2-2.$c.$tn.$i {
        catchsql { SELECT * FROM t2 WHERE t2 MATCH 'a*' }
        set {} {}
      } {}
    }
    execsql { UPDATE t2_segdir SET root = $blob WHERE rowid = $rowid }
  }
}






finish_test