2008-06-11 22:01:21 +04:00
|
|
|
# 2008 June 11
|
|
|
|
#
|
|
|
|
# The author disclaims copyright to this source code. In place of
|
|
|
|
# a legal notice, here is a blessing:
|
|
|
|
#
|
|
|
|
# May you do good and not evil.
|
|
|
|
# May you find forgiveness for yourself and forgive others.
|
|
|
|
# May you share freely, never taking more than you give.
|
|
|
|
#
|
|
|
|
#***********************************************************************
|
|
|
|
# This file implements regression tests for SQLite library.
|
|
|
|
#
|
|
|
|
# This file implements tests to make sure SQLite does not crash or
|
|
|
|
# segfault if it sees a corrupt database file. It specifically focuses
|
|
|
|
# on corrupt cell offsets in a btree page.
|
|
|
|
#
|
2009-08-10 14:18:07 +04:00
|
|
|
# $Id: corrupt7.test,v 1.8 2009/08/10 10:18:08 danielk1977 Exp $
|
2008-06-11 22:01:21 +04:00
|
|
|
|
|
|
|
set testdir [file dirname $argv0]
|
|
|
|
source $testdir/tester.tcl
|
|
|
|
|
2010-06-22 17:46:43 +04:00
|
|
|
# Do not use a codec for tests in this file, as the database file is
|
|
|
|
# manipulated directly using tcl scripts (using the [hexio_write] command).
|
|
|
|
#
|
|
|
|
do_not_use_codec
|
|
|
|
|
2008-06-11 22:01:21 +04:00
|
|
|
# We must have the page_size pragma for these tests to work.
|
|
|
|
#
|
|
|
|
ifcapable !pager_pragmas {
|
|
|
|
finish_test
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
# Create a simple, small database.
|
|
|
|
#
|
|
|
|
do_test corrupt7-1.1 {
|
|
|
|
execsql {
|
|
|
|
PRAGMA auto_vacuum=OFF;
|
|
|
|
PRAGMA page_size=1024;
|
|
|
|
CREATE TABLE t1(x);
|
|
|
|
INSERT INTO t1(x) VALUES(1);
|
|
|
|
INSERT INTO t1(x) VALUES(2);
|
|
|
|
INSERT INTO t1(x) SELECT x+2 FROM t1;
|
|
|
|
INSERT INTO t1(x) SELECT x+4 FROM t1;
|
|
|
|
INSERT INTO t1(x) SELECT x+8 FROM t1;
|
|
|
|
}
|
|
|
|
file size test.db
|
|
|
|
} [expr {1024*2}]
|
|
|
|
|
|
|
|
# Verify that the file format is as we expect. The page size
|
|
|
|
# should be 1024 bytes.
|
|
|
|
#
|
|
|
|
do_test corrupt7-1.2 {
|
|
|
|
hexio_get_int [hexio_read test.db 16 2]
|
|
|
|
} 1024 ;# The page size is 1024
|
|
|
|
do_test corrupt7-1.3 {
|
|
|
|
hexio_get_int [hexio_read test.db 20 1]
|
|
|
|
} 0 ;# Unused bytes per page is 0
|
|
|
|
|
|
|
|
integrity_check corrupt7-1.4
|
|
|
|
|
|
|
|
# Deliberately corrupt some of the cell offsets in the btree page
|
|
|
|
# on page 2 of the database.
|
|
|
|
#
|
2009-06-09 17:42:24 +04:00
|
|
|
# The error message is different depending on whether or not the
|
|
|
|
# SQLITE_ENABLE_OVERSIZE_CELL_CHECK compile-time option is engaged.
|
|
|
|
#
|
|
|
|
ifcapable oversize_cell_check {
|
|
|
|
do_test corrupt7-2.1 {
|
|
|
|
db close
|
|
|
|
hexio_write test.db 1062 FF
|
|
|
|
sqlite3 db test.db
|
|
|
|
db eval {PRAGMA integrity_check(1)}
|
|
|
|
} {{*** in database main ***
|
2009-08-10 14:18:07 +04:00
|
|
|
Page 2: btreeInitPage() returns error code 11}}
|
2009-06-09 17:42:24 +04:00
|
|
|
do_test corrupt7-2.2 {
|
|
|
|
db close
|
|
|
|
hexio_write test.db 1062 04
|
|
|
|
sqlite3 db test.db
|
|
|
|
db eval {PRAGMA integrity_check(1)}
|
|
|
|
} {{*** in database main ***
|
2009-08-10 14:18:07 +04:00
|
|
|
Page 2: btreeInitPage() returns error code 11}}
|
2009-06-09 17:42:24 +04:00
|
|
|
} else {
|
|
|
|
do_test corrupt7-2.1 {
|
|
|
|
db close
|
|
|
|
hexio_write test.db 1062 FF
|
|
|
|
sqlite3 db test.db
|
|
|
|
db eval {PRAGMA integrity_check(1)}
|
|
|
|
} {{*** in database main ***
|
|
|
|
Corruption detected in cell 15 on page 2}}
|
|
|
|
do_test corrupt7-2.2 {
|
|
|
|
db close
|
|
|
|
hexio_write test.db 1062 04
|
|
|
|
sqlite3 db test.db
|
|
|
|
db eval {PRAGMA integrity_check(1)}
|
|
|
|
} {{*** in database main ***
|
2010-02-19 07:28:08 +03:00
|
|
|
On tree page 2 cell 15: Rowid 0 out of order (previous was 15)}}
|
2009-06-09 17:42:24 +04:00
|
|
|
}
|
|
|
|
|
2008-08-13 18:07:40 +04:00
|
|
|
# The code path that was causing the buffer overrun that this test
|
|
|
|
# case was checking for was removed.
|
|
|
|
#
|
|
|
|
#do_test corrupt7-3.1 {
|
|
|
|
# execsql {
|
|
|
|
# DROP TABLE t1;
|
|
|
|
# CREATE TABLE t1(a, b);
|
|
|
|
# INSERT INTO t1 VALUES(1, 'one');
|
|
|
|
# INSERT INTO t1 VALUES(100, 'one hundred');
|
|
|
|
# INSERT INTO t1 VALUES(100000, 'one hundred thousand');
|
|
|
|
# CREATE INDEX i1 ON t1(b);
|
|
|
|
# }
|
|
|
|
# db close
|
|
|
|
#
|
|
|
|
# # Locate the 3rd cell in the index.
|
|
|
|
# set cell_offset [hexio_get_int [hexio_read test.db [expr 1024*2 + 12] 2]]
|
|
|
|
# incr cell_offset [expr 1024*2]
|
|
|
|
# incr cell_offset 1
|
|
|
|
#
|
|
|
|
# # This write corrupts the "header-size" field of the database record
|
|
|
|
# # stored in the index cell. At one point this was causing sqlite to
|
|
|
|
# # reference invalid memory.
|
|
|
|
# hexio_write test.db $cell_offset FFFF7F
|
|
|
|
#
|
|
|
|
# sqlite3 db test.db
|
|
|
|
# catchsql {
|
|
|
|
# SELECT b FROM t1 WHERE b > 'o' AND b < 'p';
|
|
|
|
# }
|
|
|
|
#} {1 {database disk image is malformed}}
|
2008-07-26 22:26:10 +04:00
|
|
|
|
2008-06-11 22:01:21 +04:00
|
|
|
finish_test
|