diff --git a/manifest b/manifest index 04fa36690a..155d9af75a 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C In\sthe\ssqlite3SelectDup()\sroutine,\sdo\snot\sdo\san\sincomplete\sduplication\sdue\nto\sOOM.\s\sThis\sin\sturn\srequires\sseveral\snew\sNEVER()\sand\sALWAYS()\smacros\sfor\nunreachable\sbranches. -D 2021-04-20T12:14:12.835 +C Update\san\sassert()\sin\sbtree.c\sthat\smay\sfail\swith\sa\scorrupt\sdatabase. +D 2021-04-20T13:31:51.808 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -483,7 +483,7 @@ F src/auth.c 08954fdc4cc2da5264ba5b75cfd90b67a6fc7d1710a02ccf917c38eadec77853 F src/backup.c 3014889fa06e20e6adfa0d07b60097eec1f6e5b06671625f476a714d2356513d F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 -F src/btree.c 15cfe91aa3b3b91d3dc20faaa7c64b627ca9794b22be8b184054cb6b947505fc +F src/btree.c 3555069cbe0ce29b44b3b5c7f1c09ee32ce0f52d23ae65e92f7532fba8596962 F src/btree.h 096cc53baa58be22b02c896d1cf933c38cfc6d65f9253c1367ece8cc88a24de5 F src/btreeInt.h 7bc15a24a02662409ebcd6aeaa1065522d14b7fda71573a2b0568b458f514ae0 F src/build.c 45889a1ac425eb7d60113ce65a519c55c5d5d01f2a9e978ab1467f8653bb57eb @@ -781,7 +781,7 @@ F test/contrib01.test 2a1cbc0f2f48955d7d073f725765da6fbceda6b4 F test/corrupt.test d7cb0300e4a297147b6a05e92a1684bc8973635c3bcaa3d66e983c9cbdbf47a3 F test/corrupt2.test bb50042cf9a1f1023d73af325d47eb02a6bb11e3c52f8812644b220c5d4bca35 F test/corrupt3.test 2520432b1fbf99994841e69804a3c59fb828183f4d09b85a1631bc7adca17e31 -F test/corrupt4.test 8d1d86b850fcc43e417450454f2044e52d55778a +F test/corrupt4.test 04965221ecd005901923fdc57f26811fa07178074b0672e50ea424c21638c708 F test/corrupt5.test 387be3250795e2a86e6234745558b80efb248a357d0cd8e53bce75c7463f545d F test/corrupt6.test fc6a891716139665dae0073b6945e3670bf92568 F test/corrupt7.test b036f94bda4b0b23a2919bf717046ce9ecca4543 @@ -1913,7 +1913,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 3e863cd09355abd80c1053d6d4dabb55841f806e3c418f923d67d36bf8313cb0 -R a2f252b041b1ce9ea09cc93be49d1068 -U drh -Z e9f9190f218ee2534b1576005539f8b4 +P a61c0e6b78bd39f55464fafd257e68effded64995a66e8fa2d686e8c507ebe43 +R 80a099121546ddcbcae1fc148b1f5d09 +U dan +Z d05d5bd1ee90a7e2be097cae4a0b9410 diff --git a/manifest.uuid b/manifest.uuid index df4ac25b6e..af239d71e6 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -a61c0e6b78bd39f55464fafd257e68effded64995a66e8fa2d686e8c507ebe43 \ No newline at end of file +d74bf88c5a027cf080a2892a3538fe5104952b5b3759a6eba1b1a98a75ddf5f4 \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index 7f841145f3..a4179a48fc 100644 --- a/src/btree.c +++ b/src/btree.c @@ -7822,7 +7822,7 @@ static int balance_nonroot( b.szCell[b.nCell] = b.szCell[b.nCell] - leafCorrection; if( !pOld->leaf ){ assert( leafCorrection==0 ); - assert( pOld->hdrOffset==0 ); + assert( pOld->hdrOffset==0 || CORRUPT_DB ); /* The right pointer of the child page pOld becomes the left ** pointer of the divider cell */ memcpy(b.apCell[b.nCell], &pOld->aData[8], 4); diff --git a/test/corrupt4.test b/test/corrupt4.test index 55969c6a8c..0aa42aa6ab 100644 --- a/test/corrupt4.test +++ b/test/corrupt4.test @@ -13,10 +13,10 @@ # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. # -# $Id: corrupt4.test,v 1.1 2007/09/07 14:32:07 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl +set testprefix corrupt4 # This module uses hard-coded offsets which do not work if the reserved_bytes # value is nonzero. @@ -79,4 +79,69 @@ do_test corrupt4-1.4 { } } {1 {database disk image is malformed}} +#------------------------------------------------------------------------- + +reset_db +do_execsql_test 2.0 { + PRAGMA page_size = 512; + CREATE TABLE t1(a, b, c); +} + +# Create a database with a schema so large that the root of the +# sqlite_schema table is the grandparent of its leaves. +# +set nView 1000 +do_test 2.1 { + execsql BEGIN + for {set ii 0} {$ii<$nView} {incr ii} { + execsql " CREATE VIEW v$ii AS SELECT a, b, c FROM t1 " + } + execsql COMMIT +} {} +db close + +proc get2byte {fd offset} { + seek $fd $offset + set bin [read $fd 2] + binary scan $bin S val + set val +} +proc get4byte {fd offset} { + seek $fd $offset + set bin [read $fd 4] + binary scan $bin I val + set val +} +proc put4byte {fd offset val} { + seek $fd $offset + set bin [binary format I $val] + puts -nonewline $fd $bin +} + +# Page 1 is now the grandparent of its leaves. Corrupt the database by setting +# the second rightmost child page number of page 1 to 1. +# +set fd [open test.db r+] +fconfigure $fd -encoding binary -translation binary +set nChild [get2byte $fd 103] +set offChild [get2byte $fd [expr 100+12+($nChild-2)*2]] +set pgnoChild [get4byte $fd $offChild] +put4byte $fd $offChild 1 +close $fd + +sqlite3 db test.db +do_catchsql_test 2.2 { + PRAGMA writable_schema = 1; + SELECT * FROM sqlite_schema; +} {1 {database disk image is malformed}} + +do_test 2.3 { + list [catch { + for {set ii $nView} {$ii<$nView*2} {incr ii} { + execsql "INSERT INTO sqlite_master VALUES(1, 2, 3, 4, 5)" + } + } msg] $msg +} {1 {database disk image is malformed}} + + finish_test