blob: ad566560f7ff811e9979eba0f2e8149034d1468c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# 2008 June 11
#
# The author disclaims copyright to this source code. In place of
# a legal notice, here is a blessing:
#
# May you do good and not evil.
# May you find forgiveness for yourself and forgive others.
# May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.
#
# This file implements tests to make sure SQLite does not crash or
# segfault if it sees a corrupt database file. It specifically focuses
# on corrupt cell offsets in a btree page.
#
# $Id: corrupt7.test,v 1.8 2009/08/10 10:18:08 danielk1977 Exp $
set testdir [file dirname $argv0]
source $testdir/tester.tcl
# Do not use a codec for tests in this file, as the database file is
# manipulated directly using tcl scripts (using the [hexio_write] command).
#
do_not_use_codec
# We must have the page_size pragma for these tests to work.
#
ifcapable !pager_pragmas {
finish_test
return
}
# Create a simple, small database.
#
do_test corrupt7-1.1 {
execsql {
PRAGMA auto_vacuum=OFF;
PRAGMA page_size=1024;
CREATE TABLE t1(x);
INSERT INTO t1(x) VALUES(1);
INSERT INTO t1(x) VALUES(2);
INSERT INTO t1(x) SELECT x+2 FROM t1;
INSERT INTO t1(x) SELECT x+4 FROM t1;
INSERT INTO t1(x) SELECT x+8 FROM t1;
}
file size test.db
} [expr {1024*2}]
# Verify that the file format is as we expect. The page size
# should be 1024 bytes.
#
do_test corrupt7-1.2 {
hexio_get_int [hexio_read test.db 16 2]
} 1024 ;# The page size is 1024
do_test corrupt7-1.3 {
hexio_get_int [hexio_read test.db 20 1]
} 0 ;# Unused bytes per page is 0
integrity_check corrupt7-1.4
# Deliberately corrupt some of the cell offsets in the btree page
# on page 2 of the database.
#
# The error message is different depending on whether or not the
# SQLITE_ENABLE_OVERSIZE_CELL_CHECK compile-time option is engaged.
#
ifcapable oversize_cell_check {
do_test corrupt7-2.1 {
db close
hexio_write test.db 1062 FF
sqlite3 db test.db
db eval {PRAGMA integrity_check(1)}
} {{*** in database main ***
Page 2: btreeInitPage() returns error code 11}}
do_test corrupt7-2.2 {
db close
hexio_write test.db 1062 04
sqlite3 db test.db
db eval {PRAGMA integrity_check(1)}
} {{*** in database main ***
Page 2: btreeInitPage() returns error code 11}}
} else {
do_test corrupt7-2.1 {
db close
hexio_write test.db 1062 FF
sqlite3 db test.db
db eval {PRAGMA integrity_check(1)}
} {{*** in database main ***
Corruption detected in cell 15 on page 2}}
do_test corrupt7-2.2 {
db close
hexio_write test.db 1062 04
sqlite3 db test.db
db eval {PRAGMA integrity_check(1)}
} {{*** in database main ***
On tree page 2 cell 15: Rowid 0 out of order (previous was 15)}}
}
# The code path that was causing the buffer overrun that this test
# case was checking for was removed.
#
#do_test corrupt7-3.1 {
# execsql {
# DROP TABLE t1;
# CREATE TABLE t1(a, b);
# INSERT INTO t1 VALUES(1, 'one');
# INSERT INTO t1 VALUES(100, 'one hundred');
# INSERT INTO t1 VALUES(100000, 'one hundred thousand');
# CREATE INDEX i1 ON t1(b);
# }
# db close
#
# # Locate the 3rd cell in the index.
# set cell_offset [hexio_get_int [hexio_read test.db [expr 1024*2 + 12] 2]]
# incr cell_offset [expr 1024*2]
# incr cell_offset 1
#
# # This write corrupts the "header-size" field of the database record
# # stored in the index cell. At one point this was causing sqlite to
# # reference invalid memory.
# hexio_write test.db $cell_offset FFFF7F
#
# sqlite3 db test.db
# catchsql {
# SELECT b FROM t1 WHERE b > 'o' AND b < 'p';
# }
#} {1 {database disk image is malformed}}
finish_test
|
