Fix an assert() in sqlite3BtreeLast() that needs an "|| CORRUPT_DB" term.

Dbsqlfuzz case b92b72e4de80b5140c30ab71372ca719b8feb618.

FossilOrigin-Name: ad718388a1f6e25ceba43a40160fac0d9d9d3f26888e98d7b9db478c0b1780be
This commit is contained in:
drh 2021-04-04 23:56:15 +00:00
parent b0e62b0a21
commit 319deefdb9
6 changed files with 68 additions and 12 deletions

View File

@ -1,5 +1,5 @@
C Avoid\scompile\serror\swhen\sSQLITE_OMIT_VIRTUALTABLE\sdefined.
D 2021-04-04T14:22:02.952
C Fix\san\sassert()\sin\ssqlite3BtreeLast()\sthat\sneeds\san\s"||\sCORRUPT_DB"\sterm.\nDbsqlfuzz\scase\sb92b72e4de80b5140c30ab71372ca719b8feb618.
D 2021-04-04T23:56:15.323
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@ -483,7 +483,7 @@ F src/auth.c 08954fdc4cc2da5264ba5b75cfd90b67a6fc7d1710a02ccf917c38eadec77853
F src/backup.c 3014889fa06e20e6adfa0d07b60097eec1f6e5b06671625f476a714d2356513d
F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
F src/btree.c cfd2a37794532d765e235a2550ad2732924a6d06b07a3bc9f6a71750e3b3cca1
F src/btree.c 800eb0b92406897130cec04073dfb0089bcda1e77acc0864ee60acb5fec5c5a2
F src/btree.h 096cc53baa58be22b02c896d1cf933c38cfc6d65f9253c1367ece8cc88a24de5
F src/btreeInt.h 7bc15a24a02662409ebcd6aeaa1065522d14b7fda71573a2b0568b458f514ae0
F src/build.c 06089aaf769ec1e91d1ba607442aa32c22aeb97200d47fe405ceb373adbdf2d7
@ -800,7 +800,7 @@ F test/corruptJ.test 4d5ccc4bf959464229a836d60142831ef76a5aa4
F test/corruptK.test 5b4212fe346699831c5ad559a62c54e11c0611bdde1ea8423a091f9c01aa32af
F test/corruptL.test 22589f503602cc5984e80f27f46c4de2134f24f1515ba2440513c377cb692258
F test/corruptM.test 7d574320e08c1b36caa3e47262061f186367d593a7e305d35f15289cc2c3e067
F test/corruptN.test 781c5f26a2d8918f03d45ac4968a738031eeb113a4b153c7588756d9b09c7b04
F test/corruptN.test c9d458e1cd456c1f7a2482ee4a14869755273a3d62ec1aaad7bcb48d3372db7a
F test/cost.test b11cdbf9f11ffe8ef99c9881bf390e61fe92baf2182bad1dbe6de59a7295c576
F test/count.test 5364003488249957750a5f15ee42ca1cd7b100b1131c2dc71fff266a1250bf55
F test/countofview.test e17d6e6688cf74f22783c9ec6e788c0790ee4fbbaee713affd00b1ac0bb39b86
@ -1047,7 +1047,7 @@ F test/fuzz3.test 9c813e6613b837cb7a277b0383cd66bfa07042b4cf0317157c35852f30043c
F test/fuzz4.test c229bcdb45518a89e1d208a21343e061503460ac69fae1539320a89f572eb634
F test/fuzz_common.tcl b7197de6ed1ee8250a4f82d67876f4561b42ee8cbbfc6160dcb66331bad3f830
F test/fuzz_malloc.test f348276e732e814802e39f042b1f6da6362a610af73a528d8f76898fde6b22f2
F test/fuzzcheck.c 772110a59c6f839f95e49a9fd3e5f855bd9cbb90e9d366a6ccd15cb3616fc631
F test/fuzzcheck.c 74a457891ba166e7f4121eaaae81f4dbceb053b65ddee47db3eccd2ba59cd67d
F test/fuzzdata1.db d36e88741b4f23bcbaaf55b006290669d03c6c891cf13c7b3a53bc1b097b693f
F test/fuzzdata2.db 128b3feeb78918d075c9b14b48610145a0dd4c8d6f1ca7c2870c7e425f5bf31f
F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba
@ -1055,7 +1055,7 @@ F test/fuzzdata4.db b502c7d5498261715812dd8b3c2005bad08b3a26e6489414bd13926cd3e4
F test/fuzzdata5.db e35f64af17ec48926481cfaf3b3855e436bd40d1cfe2d59a9474cb4b748a52a5
F test/fuzzdata6.db 92a80e4afc172c24f662a10a612d188fb272de4a9bd19e017927c95f737de6d7
F test/fuzzdata7.db 0166b56fd7a6b9636a1d60ef0a060f86ddaecf99400a666bb6e5bbd7199ad1f2
F test/fuzzdata8.db c8325de6fbdd24d030cd3a01384a2ff325dda5d5e3ff5d531a26ada3d9d7e010
F test/fuzzdata8.db 364b573f0675f562fef951ddbbae613c071efa840fb91f19351686126e938616
F test/fuzzer1.test 3d4c4b7e547aba5e5511a2991e3e3d07166cfbb8
F test/fuzzer2.test a85ef814ce071293bce1ad8dffa217cbbaad4c14
F test/fuzzerfault.test f64c4aef4c9e9edf1d6dc0d3f1e65dcc81e67c996403c88d14f09b74807a42bc
@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
P 35cf295e026d067c9f059fde6b150e65163fe171d37501eb1e5742e691793340
R b6856395b3d64a18c31c1a89e8403e8e
U larrybr
Z 6e18e0790944042125cd753bd1390b1e
P 0ee0ef476ba9e17794c088a1347a136df3eb1ef864da884cfe81e3b2e94e9719
R c27ae00d825ef839160a92e48eb8a7fc
U drh
Z 5e6d1cfae67dfc3863e867ea82b9ca5f

View File

@ -1 +1 @@
0ee0ef476ba9e17794c088a1347a136df3eb1ef864da884cfe81e3b2e94e9719
ad718388a1f6e25ceba43a40160fac0d9d9d3f26888e98d7b9db478c0b1780be

View File

@ -5394,7 +5394,9 @@ int sqlite3BtreeLast(BtCursor *pCur, int *pRes){
for(ii=0; ii<pCur->iPage; ii++){
assert( pCur->aiIdx[ii]==pCur->apPage[ii]->nCell );
}
assert( pCur->ix==pCur->pPage->nCell-1 );
assert( pCur->ix==pCur->pPage->nCell-1 || CORRUPT_DB );
testcase( pCur->ix!=pCur->pPage->nCell-1 );
/* ^-- dbsqlfuzz b92b72e4de80b5140c30ab71372ca719b8feb618 */
assert( pCur->pPage->leaf );
#endif
*pRes = 0;

View File

@ -102,5 +102,52 @@ do_catchsql_test 1.1 {
VACUUM;
} {1 {database disk image is malformed}}
# 2021-04-05 dbsqlfuzz b92b72e4de80b5140c30ab71372ca719b8feb618
do_test 2.0 {
sqlite3 db {}
db deserialize [decode_hexdb {
| size 16384 pagesize 4096 filename c-b92b.txt.db
| page 1 offset 0
| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3.
| 16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 04 .....@ ........
| 32: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 04 ................
| 48: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ................
| 96: 00 00 00 00 0d 0f f8 00 04 0f 12 00 0f 91 0f d3 ................
| 112: 0f 67 0f 12 00 00 00 00 00 00 00 00 00 00 00 00 .g..............
| 3856: 00 00 53 04 07 1b 13 11 08 81 0d 74 72 69 67 67 ..S........trigg
| 3872: 65 72 74 72 30 74 31 43 52 45 41 54 45 20 54 52 ertr0t1CREATE TR
| 3888: 49 47 47 45 52 20 74 72 30 20 44 45 4c 45 54 45 IGGER tr0 DELETE
| 3904: 20 4f 4e 20 74 31 20 42 45 47 49 4e 0a 20 20 55 ON t1 BEGIN. U
| 3920: 50 44 41 54 45 20 74 31 20 53 45 54 20 62 20 3d PDATE t1 SET b =
| 3936: 20 61 3b 0a 45 4e 44 28 03 06 17 11 11 01 3d 69 a;.END(......=i
| 3952: 6e 64 65 78 69 30 74 31 04 43 52 45 41 54 45 20 ndexi0t1.CREATE
| 3968: 49 4e 44 45 58 20 69 30 20 4f 4e 20 74 31 28 62 INDEX i0 ON t1(b
| 3984: 29 40 01 06 17 11 11 01 6d 74 61 62 6c 65 74 31 )@......mtablet1
| 4000: 74 31 02 43 52 45 41 54 45 20 54 41 42 4c 45 20 t1.CREATE TABLE
| 4016: 74 31 28 61 20 55 4e 49 51 55 45 20 4f 4e 20 43 t1(a UNIQUE ON C
| 4032: 4f 4e 46 4c 49 43 54 20 52 45 50 4c 41 43 45 2c ONFLICT REPLACE,
| 4048: 20 62 29 23 02 06 17 37 11 01 00 69 6e 64 65 78 b)#...7...index
| 4064: 73 71 6c 69 74 65 5f 61 75 74 6f 69 6e 64 65 78 sqlite_autoindex
| 4080: 5f 74 31 5f 31 74 31 03 00 00 00 08 00 00 00 00 _t1_1t1.........
| page 2 offset 4096
| 0: 0d 00 00 00 02 0f 00 00 00 00 00 00 00 00 00 00 ................
| 4080: 00 00 05 02 03 01 01 09 0d 05 01 03 01 01 04 0c ................
| page 3 offset 8192
| 0: 0a 00 00 00 02 0f f5 00 0f fb 0f f5 00 00 00 00 ................
| 4080: 00 00 00 00 00 05 03 01 01 09 02 04 03 01 09 04 ................
| page 4 offset 12288
| 0: 0a 00 00 00 02 0f f5 00 0f fb 0f f5 00 00 00 00 ................
| 4080: 00 00 00 00 00 05 03 01 01 0d 02 04 03 00 00 00 ................
| end c-b92b.txt.db
}]} {}
prng_seed 0 db
do_catchsql_test 2.1 {
SELECT count(*) FROM sqlite_schema;
WITH RECURSIVE c(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM c WHERE x<1000)
INSERT INTO t1(a) SELECT randomblob(null) FROM c;
} {1 {database disk image is malformed}}
finish_test

View File

@ -936,7 +936,12 @@ int runCombinedDbSqlInput(const uint8_t *aData, size_t nByte, int iTimeout){
sqlite3_set_authorizer(cx.db, block_troublesome_sql, 0);
/* Consistent PRNG seed */
#ifdef SQLITE_TESTCTRL_PRNG_SEED
sqlite3_table_column_metadata(cx.db, 0, "x", 0, 0, 0, 0, 0, 0);
sqlite3_test_control(SQLITE_TESTCTRL_PRNG_SEED, 1, cx.db);
#else
sqlite3_randomness(0,0);
#endif
zSql = sqlite3_malloc( nSql + 1 );
if( zSql==0 ){
@ -980,6 +985,8 @@ testrun_finished:
sqlite3_memory_used(), nAlloc);
exit(1);
}
sqlite3_hard_heap_limit64(0);
sqlite3_soft_heap_limit64(0);
return 0;
}

Binary file not shown.