/ Check-in [1201615c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:dbfuzz2 found a NEVER() that is sometimes true.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:1201615cbbd3070158ea5fab3d2c8c95f41b25d6da096a44cb9257a7b7405efc
User & Date: drh 2018-12-13 21:52:18
Context
2018-12-13
22:58
Fix the dbtotxt decoder in the CLI so that it ignores excess bytes. check-in: 18740bd4 user: drh tags: trunk
21:52
dbfuzz2 found a NEVER() that is sometimes true. check-in: 1201615c user: drh tags: trunk
21:11
Add extra tests for database corruption inside the defragmentPage() routine, as dbfuzz2 has found ways for corruption to leak into that point. Add test cases in fuzzdata7.db. check-in: 997b6511 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

  7035   7035     int rc;                              /* Return Code */
  7036   7036     Pgno pgnoNew;                        /* Page number of pNew */
  7037   7037   
  7038   7038     assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  7039   7039     assert( sqlite3PagerIswriteable(pParent->pDbPage) );
  7040   7040     assert( pPage->nOverflow==1 );
  7041   7041   
  7042         -  /* This error condition is now caught prior to reaching this function */
  7043         -  if( NEVER(pPage->nCell==0) ) return SQLITE_CORRUPT_BKPT;
         7042  +  if( pPage->nCell==0 ) return SQLITE_CORRUPT_BKPT;  /* dbfuzz001.test */
  7044   7043   
  7045   7044     /* Allocate a new page. This page will become the right-sibling of 
  7046   7045     ** pPage. Make the parent page writable, so that the new divider cell
  7047   7046     ** may be inserted. If both these operations are successful, proceed.
  7048   7047     */
  7049   7048     rc = allocateBtreePage(pBt, &pNew, &pgnoNew, 0, 0);
  7050   7049   

Changes to test/dbfuzz001.test.

    14     14   set testdir [file dirname $argv0]
    15     15   source $testdir/tester.tcl
    16     16   
    17     17   ifcapable !deserialize {
    18     18     finish_test
    19     19     return
    20     20   }
           21  +database_may_be_corrupt
    21     22   
    22     23   # In the following database file, there is 384 bytes of free space
    23     24   # on page 8 that does not appear on the freeblock list.
    24     25   #
    25     26   do_test dbfuzz001-100 {
    26     27     sqlite3 db {}
    27     28     db deserialize [decode_hexdb {
................................................................................
   175    176   # corruption to the freeblock list on page 8, this would fail to
   176    177   # cause a rebalance operation, which would leave the btree in a weird
   177    178   # state that would lead to segfaults and or assertion faults.
   178    179   #
   179    180   do_execsql_test dbfuzz001-110 {
   180    181     DELETE FROM t3 WHERE x IS NOT NULL AND +rowid=6;
   181    182   } {}
          183  +
          184  +# This is a dbfuzz2-generate test case that can cause a page with
          185  +# pPage->nCell==0 to enter the balancer.
          186  +#
          187  +do_test dbfuzz001-200 {
          188  +  db deserialize [decode_hexdb {
          189  +    | size 3076 pagesize 512 filename c03.db
          190  +    | page 1 offset 0
          191  +    |      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
          192  +    |     16: 02 00 01 01 00 40 20 20 00 00 00 0c 00 00 00 07   .....@  ........
          193  +    |     32: 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 04   ................
          194  +    |     48: 00 00 00 00 00 00 00 03 e8 00 00 01 00 00 00 00   ................
          195  +    |     80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c   ................
          196  +    |     96: 00 2e 2c 50 0d 00 00 00 06 01 06 00 01 da 01 b0   ..,P............
          197  +    |    112: 01 56 01 86 01 2a 01 06 00 00 00 00 00 00 00 00   .V...*..........
          198  +    |    128: 00 00 00 00 00 00 00 00 ef 00 00 00 00 00 00 00   ................
          199  +    |    192: 00 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
          200  +    |    224: 00 00 00 00 00 00 00 00 00 00 00 00 00 ff e9 00   ................
          201  +    |    256: 00 00 00 00 00 00 22 07 06 17 11 11 01 31 74 61   ......"......1ta
          202  +    |    272: 62 6c 65 74 34 74 34 07 43 52 45 41 54 45 20 54   blet4t4.CREATE T
          203  +    |    288: 41 42 4c 45 20 74 34 28 78 29 2a 06 06 17 13 11   ABLE t4(x)*.....
          204  +    |    304: 01 3f 69 6e 64 65 78 74 33 78 74 33 06 43 52 45   .?indext3xt3.CRE
          205  +    |    320: 41 54 45 20 49 4e 44 45 58 20 74 33 64 20 4f 4e   ATE INDEX t3d ON
          206  +    |    336: 20 74 33 28 78 29 2e 04 06 17 15 11 01 45 69 6e    t3(x).......Ein
          207  +    |    352: 64 65 78 74 32 63 64 74 32 05 43 52 45 41 54 45   dext2cdt2.CREATE
          208  +    |    368: 20 49 4e 44 45 58 20 74 32 63 64 20 4f 4e 20 74    INDEX t2cd ON t
          209  +    |    384: 32 28 63 2c 64 29 28 05 06 17 11 11 01 3d 74 61   2(c,d)(......=ta
          210  +    |    400: 62 6c 65 74 33 74 33 04 43 52 45 41 54 45 20 54   blet3t3.CREATE T
          211  +    |    416: 41 42 4c 45 20 74 33 28 63 2c 78 2c 65 2c 66 29   ABLE t3(c,x,e,f)
          212  +    |    432: 28 02 06 17 11 11 01 3d 74 61 62 6c 65 74 32 74   (......=tablet2t
          213  +    |    448: 32 03 43 52 45 41 54 45 20 54 41 42 4c 45 20 74   2.CREATE TABLE t
          214  +    |    464: 32 28 63 2c 64 2c 65 2c 66 29 24 01 06 17 11 11   2(c,d,e,f)$.....
          215  +    |    480: 01 35 74 61 62 6c 65 74 31 74 31 02 43 52 45 41   .5tablet1t1.CREA
          216  +    |    496: 54 45 20 54 41 42 4c 45 20 74 31 28 61 2c 62 29   TE TABLE t1(a,b)
          217  +    | page 2 offset 512
          218  +    |      0: 0d 00 00 00 04 01 cf 00 01 fa 01 f3 01 de 01 cf   ................
          219  +    |    176: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
          220  +    |    256: 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
          221  +    |    368: 00 00 00 00 00 00 00 00 00 00 00 00 1e 00 00 00   ................
          222  +    |    416: 00 00 00 1b 00 00 00 00 04 00 00 00 00 00 00 00   ................
          223  +    |    448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d   ................
          224  +    |    464: 04 03 17 17 73 65 76 65 6e 65 69 67 68 74 13 03   ....seveneight..
          225  +    |    480: 03 07 07 40 14 00 00 00 00 00 00 40 18 00 00 00   ...@.......@....
          226  +    |    496: 00 00 00 05 02 03 01 01 03 04 04 01 03 09 01 02   ................
          227  +    | page 3 offset 1024
          228  +    |      0: 0d 00 00 00 08 01 54 00 01 f7 01 ec 01 c5 01 aa   ......T.........
          229  +    |     16: 01 a1 01 96 01 6f 01 54 00 00 00 00 00 00 00 00   .....o.T........
          230  +    |     32: 00 00 00 00 00 00 00 03 e8 00 00 00 00 00 00 00   ................
          231  +    |    336: 00 00 00 00 19 08 05 16 17 17 17 65 69 67 68 74   ...........eight
          232  +    |    352: 65 69 67 68 74 73 65 76 65 6e 73 65 76 ff ff ff   eightsevensev...
          233  +    |    368: 0e 05 07 07 07 07 40 18 00 00 00 00 00 00 40 18   ......@.......@.
          234  +    |    384: 00 00 00 00 00 00 40 14 00 00 00 00 00 00 40 14   ......@.......@.
          235  +    |    400: 00 00 00 00 00 00 09 06 05 01 01 01 01 04 04 03   ................
          236  +    |    416: 03 07 05 05 01 01 09 09 02 02 19 04 05 17 17 17   ................
          237  +    |    432: 17 73 65 6f 65 6e 65 69 67 68 74 65 69 67 68 74   .seoeneighteight
          238  +    |    448: 73 65 76 65 6e 25 03 05 07 07 07 07 40 14 00 00   seven%......@...
          239  +    |    464: 00 00 00 00 40 18 00 00 00 00 00 00 40 18 00 00   ....@.......@...
          240  +    |    480: 00 00 00 00 40 14 00 00 00 00 00 00 09 02 05 01   ....@...........
          241  +    |    496: 01 01 01 03 04 04 03 07 01 05 09 01 01 09 02 02   ................
          242  +    | page 4 offset 1536
          243  +    |      0: 0d 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00   ................
          244  +    |    160: 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00   ................
          245  +    |    336: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00   ............ ...
          246  +    | page 5 offset 2048
          247  +    |      0: 0a 00 00 00 08 01 96 00 01 fa 01 c4 01 f2 01 bc   ................
          248  +    |     16: 01 dc 01 a6 01 96 01 cc 00 00 00 00 00 00 00 00   ................
          249  +    |     48: 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00   ................
          250  +    |    288: 00 00 00 00 00 00 00 00 00 64 00 00 00 2b 00 00   .........d...+..
          251  +    |    400: 00 00 00 00 00 00 0f 04 17 17 01 65 69 67 68 74   ...........eight
          252  +    |    416: 65 69 6f 68 74 08 15 04 07 07 01 40 18 00 00 00   eioht......@....
          253  +    |    432: 00 00 00 40 18 00 00 00 00 00 00 07 07 04 01 01   ...@............
          254  +    |    448: 01 04 04 06 07 04 01 01 01 02 02 05 0f 04 17 17   ................
          255  +    |    464: 01 73 65 76 65 6e 65 69 67 68 74 04 15 04 07 07   .seveneight.....
          256  +    |    480: 01 40 14 00 00 00 00 00 00 40 18 00 00 00 00 00   .@.......@......
          257  +    |    496: 00 03 07 04 01 01 01 03 04 02 05 04 09 01 09 02   ................
          258  +    | page 6 offset 2560
          259  +    |      0: 0a 00 00 00 00 02 00 00 00 00 00 00 00 0d 00 00   ................
          260  +    |     16: 00 08 01 c2 00 01 fb 01 f6 01 f1 01 ec 01 e0 01   ................
          261  +    |     32: d4 01 cb 01 c2 00 00 00 00 00 00 00 00 00 00 00   ................
          262  +    |    160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00   ................
          263  +    |    448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07   ................
          264  +    |    464: 08 02 17 65 69 67 68 74 07 07 02 17 65 69 67 68   ...eight....eigh
          265  +    |    480: 74 0a 06 02 07 40 18 00 00 00 00 00 00 0a 05 02   t....@..........
          266  +    |    496: 07 40 18 00 04 02 01 04 03 03 02 01 04 03 02 02   .@..............
          267  +    | end x/c03.db
          268  +  }]
          269  +  catchsql {INSERT INTO t3 SELECT * FROM t2;}
          270  +} {1 {database disk image is malformed}}
   182    271   
   183    272   finish_test