mirrors/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a potential problem with "INSERT INTO ... SELECT * FROM" (or VACUUM) statements on a corrupted database.

Browse Source 
FossilOrigin-Name: db4b4c2c1e9f1adacfb1b2fedb717a4d8bb0a299c3b11835404a99fcd67bf24b
This commit is contained in:
dan 2019-01-24 15:16:17 +00:00
parent 936ade4dba
commit b0c4c94996
5 changed files with 168 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
manifest
View File

@ -1,5 +1,5 @@
C Change\sa\sinteger\svariable\sin\ssqlite3VdbeRecordUnpack()\sto\sunsigned\sin\sorder\nto\savoid\sany\spossibility\sof\san\sinteger\soverflow.
D 2019-01-24T14:16:20.388
C Fix\sa\spotential\sproblem\swith\s"INSERT\sINTO\s...\sSELECT\s*\sFROM"\s(or\sVACUUM)\sstatements\son\sa\scorrupted\sdatabase.
D 2019-01-24T15:16:17.305
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F Makefile.in 0e7c107ebcaff26681bc5bcf017557db85aa828d6f7fd652d748b7a78072c298
@ -455,7 +455,7 @@ F src/auth.c 0fac71038875693a937e506bceb492c5f136dd7b1249fbd4ae70b4e8da14f9df
F src/backup.c 78d3cecfbe28230a3a9a1793e2ead609f469be43e8f486ca996006be551857ab
F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
F src/btree.c 58574154361f57da015436f53d9107dde74387b3b939c7a7ef6a7998b5dfb1af
F src/btree.c 21eb929285901255cf0af2f8e2e9ee41c77e0620e031ddad3d065cfaf95583fd
F src/btree.h febb2e817be499570b7a2e32a9bbb4b607a9234f6b84bb9ae84916d4806e96f2
F src/btreeInt.h 620ab4c7235f43572cf3ac2ac8723cbdf68073be4d29da24897c7b77dda5fd96
F src/build.c f07c0b154c23737d1699ee63bba31c8ca8b323e2446b957bc6bfec81a62295fc
@ -757,7 +757,7 @@ F test/corruptH.test 79801d97ec5c2f9f3c87739aa1ec2eb786f96454
F test/corruptI.test a17bbf54fdde78d43cf3cc34b0057719fd4a173a3d824285b67dc5257c064c7b
F test/corruptJ.test 4d5ccc4bf959464229a836d60142831ef76a5aa4
F test/corruptK.test 5ef338c560ca4dfb7360828da16f1829be4deba3b378cafdc7a1cdaf027eb5c4
F test/corruptL.test 8b2a8cf20fbd0b225cc3dea431e2c945878148a9df998d8f4134588be359057f
F test/corruptL.test 05e4e193bdd56896bae94d1d1f73a29ff41c9c2bafe32bd390d547c5bfa38f34
F test/cost.test 51f4fcaae6e78ad5a57096831259ed6c760e2ac6876836e91c00030fad385b34
F test/count.test cb2e0f934c6eb33670044520748d2ecccd46259c
F test/countofview.test e3d4cd6900e4e4f074968ab24b8b87d3671cd624961bef40fd3a6b8f574343cf
@ -782,7 +782,7 @@ F test/dataversion1.test 6e5e86ac681f0782e766ebcb56c019ae001522d114e0e111e5ebf68
F test/date.test 9b73bbeb1b82d9c1f44dec5cf563bf7da58d2373
F test/date2.test 74c234bece1b016e94dd4ef9c8cc7a199a8806c0e2291cab7ba64bace6350b10
F test/dbfuzz.c 73047c920d6210e5912c87cdffd9a1c281d4252e
F test/dbfuzz001.test 5659cbbc01e38678c119c8a58071cac59d0d6c71837a385f3d1838012f12e1e1
F test/dbfuzz001.test 9617fb870f7d655c27994749955efee5d93a641c082dce4c59059796ff81145e
F test/dbfuzz2-seed1.db e6225c6f3d7b63f9c5b6867146a5f329d997ab105bee64644dc2b3a2f2aebaee
F test/dbfuzz2.c ffd2d85cab49936959b8ee6073498bcb827d5670c7286e4b40b06e433b32a94a
F test/dbpage.test 650234ba683b9d82b899c6c51439819787e7609f17a0cc40e0080a7b6443bc38
@ -1802,7 +1802,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
P 65ad6c55f1ba9bc2f75afffa3adaf19f145fad7ac9a00ccce6372e9a2cc4341b
R 044fae2f8d5b50f222adeecb83c19999
U drh
Z a7a11efee3ef8017d4f6272584568b02
P 1b536f6fd8d58800042f130842f0586aaa357841ee0d1b690a9815c865d50826
R fc284f1d3ce3f15ef50f8cba68163dd7
U dan
Z 7614ae7f2756b52b23d2b92aadbeffdc

2
manifest.uuid
View File

@ -1 +1 @@
1b536f6fd8d58800042f130842f0586aaa357841ee0d1b690a9815c865d50826
db4b4c2c1e9f1adacfb1b2fedb717a4d8bb0a299c3b11835404a99fcd67bf24b

7
src/btree.c
View File

@ -804,11 +804,12 @@ static int btreeMoveto(
UnpackedRecord *pIdxKey; /* Unpacked index key */
if( pKey ){
KeyInfo *pKeyInfo = pCur->pKeyInfo;
assert( nKey==(i64)(int)nKey );
pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
pIdxKey = sqlite3VdbeAllocUnpackedRecord(pKeyInfo);
if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
if( pIdxKey->nField==0 ){
sqlite3VdbeRecordUnpack(pKeyInfo, (int)nKey, pKey, pIdxKey);
if( pIdxKey->nField==0 || pIdxKey->nField>pKeyInfo->nAllField ){
rc = SQLITE_CORRUPT_BKPT;
goto moveto_done;
}

146
test/corruptL.test
View File

@ -230,4 +230,150 @@ do_catchsql_test 2.2 {
SELECT b,c FROM t1 ORDER BY a;
} {1 {database disk image is malformed}}
#-------------------------------------------------------------------------
reset_db
do_execsql_test 3.0 {
CREATE TABLE t1(a, b, c, d INTEGER PRIMARY KEY);
CREATE TABLE t2(a, b, c, d INTEGER PRIMARY KEY);
INSERT INTO t1(a, b, c, d) VALUES (1, 2, 3, 100), (4, 5, 6, 101);
INSERT INTO t2(a, b, c, d) VALUES (1, 100, 3, 1000), (4, 101, 6, 1001);
CREATE INDEX t1a ON t1(a);
CREATE INDEX t2a ON t2(a, b, c);
PRAGMA writable_schema = 1;
UPDATE sqlite_master SET sql = 'CREATE INDEX t2a ON t2(a)' WHERE name='t2a';
}
db close
sqlite3 db test.db
do_catchsql_test 3.1 {
INSERT INTO t1 SELECT * FROM t2;
} {1 {database disk image is malformed}}
#-------------------------------------------------------------------------
reset_db
do_test 4.0 {
sqlite3 db {}
db deserialize [decode_hexdb {
| size 4096 pagesize 512 filename crash-6b48ba69806134.db
| page 1 offset 0
| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3.
| 16: 02 00 01 01 00 40 20 20 00 ff ff ff ff 00 00 07 .....@ ........
| 32: 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 04 ................
| 48: 00 00 00 00 00 00 00 05 00 eb 00 01 00 00 00 00 ................
| 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c ................
| 96: 00 2e 2c 50 0d 00 00 00 06 01 06 00 01 da 01 b0 ..,P............
| 112: 05 56 01 86 01 2a 01 06 00 00 00 00 00 00 00 00 .V...*..........
| 128: 00 ff 00 00 ff ff ff e1 00 00 00 00 00 00 00 00 ................
| 144: 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ................
| 160: 00 00 00 00 00 00 00 00 f2 00 00 00 00 00 00 00 ................
| 176: 00 00 f9 ff ff ff ff ff ff ff 00 00 00 00 00 fb ................
| 208: 00 00 00 00 00 00 00 00 1e 00 00 00 fe 00 00 00 ................
| 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 00 ................
| 256: 00 00 00 00 ef ff 22 07 06 17 11 11 01 31 74 61 .............1ta
| 272: 62 6c 65 74 38 38 74 04 43 52 45 41 54 45 20 54 blet88t.CREATE T
| 288: 41 42 4c 45 20 74 34 28 87 29 2a 06 06 17 13 11 ABLE t4(.)*.....
| 304: 01 3f 69 4f 64 65 78 74 33 78 74 33 05 43 52 45 .?iOdext3xt3.CRE
| 320: 41 54 45 20 49 6e 44 45 58 20 74 33 78 20 4f 4e ATE InDEX t3x ON
| 336: 20 74 33 28 78 29 2e 04 06 17 15 11 01 45 69 6e t3(x).......Ein
| 352: 64 65 2e 74 32 63 64 74 3d 05 43 52 45 41 54 45 de.t2cdt=.CREATE
| 368: 20 49 4e 44 45 58 20 74 32 63 64 20 4f 4e 20 74 INDEX t2cd ON t
| 384: 32 28 0a 0c 44 29 28 05 06 17 11 11 01 3d 74 61 2(..D)(......=ta
| 400: 62 6c 65 d4 33 74 33 04 43 52 45 41 54 45 20 54 ble.3t3.CREATE T
| 416: 41 42 4c 45 20 74 33 28 63 2c 78 2c 65 2c 66 29 ABLE t3(c,x,e,f)
| 432: 28 02 06 17 11 11 01 3d 74 61 62 6c 65 74 32 74 (......=tablet2t
| 448: 32 03 43 52 45 41 54 45 20 54 41 42 4c 45 20 74 2.CREATE TABLE t
| 464: 32 28 63 2c 64 2c 65 2c 66 29 24 01 06 17 11 11 2(c,d,e,f)$.....
| 480: 01 35 74 60 62 6c 65 74 31 74 31 02 43 52 45 41 .5t`blet1t1.CREA
| 496: 54 45 20 54 41 42 4c 45 20 74 30 28 61 2c 62 29 TE TABLE t0(a,b)
| page 2 offset 512
| 0: 0d 00 ff 11 04 01 cf 00 01 fa 01 f3 01 de 01 cf ................
| 32: 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 13 ................
| 48: 00 00 00 00 00 00 00 00 00 00 00 01 00 20 00 00 ............. ..
| 64: 00 00 00 00 00 00 f8 ff ff ff 00 00 00 00 00 00 ................
| 160: 01 64 00 00 00 00 00 80 ff ff ff 00 00 00 00 00 .d..............
| 176: 00 00 00 00 00 00 00 00 1f 00 00 00 00 00 00 03 ................
| 192: 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 ..@.............
| 288: 00 00 00 00 00 00 ff ff ff e9 00 00 00 00 00 00 ................
| 336: 01 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 ................
| 368: 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...............
| 384: 00 de ff 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 464: 00 00 00 00 00 13 76 65 6e 65 69 67 68 74 13 03 ......veneight..
| 480: 03 40 07 07 14 00 54 45 20 49 4e 44 45 58 20 74 .@....TE INDEX t
| 496: 32 63 64 20 4f 4e 20 74 32 28 0a 0c 44 09 01 02 2cd ON t2(..D...
| page 3 offset 1024
| 0: 0d 00 00 00 48 01 54 00 01 f7 01 ec 01 c5 01 aa ....H.T.........
| 16: 30 34 28 87 29 2a 06 06 17 13 11 01 3f 69 4f 64 04(.)*......?iOd
| 32: 65 79 74 33 78 74 33 6d 6d 6d 6d 6d 6d 7d 6d 6d eyt3xt3mmmmmm.mm
| 48: 6d 41 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d mAmmmmmmmmmmmmmm
| 64: 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 66 6d 6d 6d 6d mmmmmmmmmmmfmmmm
| 80: 6d 4e 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d mNmmmmmmmmmmmmmm
| 96: 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d mmmmmmmmmmmmmmmm
| 112: 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d mmmmmmmmmmmmmmmm
| 128: 6d 6d 6d 6d 6d 00 00 00 00 00 00 00 00 00 00 00 mmmmm...........
| 160: 80 00 00 00 00 00 00 03 00 00 00 ff e4 00 00 00 ................
| 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 c5 00 00 ................
| 240: 14 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 ................
| 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f ec ................
| 304: 00 00 00 00 19 08 05 17 17 17 17 65 69 67 68 74 ...........eight
| 320: 65 69 67 68 74 73 65 00 00 00 00 00 00 00 00 00 eightse.........
| 336: 00 00 00 00 19 08 05 17 17 17 17 65 69 67 68 74 ...........eight
| 352: 65 69 67 68 74 73 65 01 65 6e 00 00 00 10 25 07 eightse.en....%.
| 368: 07 6e 25 07 07 07 40 18 00 00 00 00 00 00 40 18 .n%...@.......@.
| 384: 00 00 00 00 00 00 40 14 00 00 00 00 00 00 40 14 ......@.......@.
| 400: 00 00 00 00 00 00 09 06 05 01 01 01 01 04 04 03 ................
| 416: 03 07 05 05 01 01 09 09 02 02 19 04 05 17 17 17 ................
| 432: 17 10 65 76 65 6e 65 69 67 68 74 65 69 67 68 74 ..eveneighteight
| 448: 73 65 76 65 6e 25 03 05 07 07 07 07 40 14 00 00 seven%......@...
| 464: 00 00 00 00 40 18 00 00 00 00 00 00 40 18 00 00 ....@.......@...
| 480: 00 00 00 00 40 14 00 00 00 00 e8 f6 09 02 00 00 ....@...........
| 496: 00 00 00 00 00 00 00 00 00 00 64 00 00 00 00 02 ..........d.....
| page 4 offset 1536
| 0: 0d 00 00 00 00 02 00 00 00 00 00 00 00 00 00 fa ................
| 16: 1f a1 07 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
| 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 73 69 6d .............sim
| 48: 70 6c 65 00 00 00 00 00 00 00 00 00 00 00 00 00 ple.............
| 80: 00 00 00 00 00 10 00 00 00 00 00 00 01 00 00 00 ................
| 96: 00 00 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ................
| 112: ff 00 00 00 00 00 00 00 00 00 00 00 4a 00 00 00 ............J...
| 144: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ................
| 176: e5 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 208: 00 00 00 00 00 00 00 00 00 00 36 36 00 00 00 00 ..........66....
| 240: 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 ...l............
| 256: 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
| 320: 00 00 00 00 00 00 00 00 01 00 00 02 00 80 00 00 ................
| 336: 00 00 00 00 00 19 08 05 17 17 17 17 65 69 67 68 ............eigh
| 352: 74 65 69 67 68 74 73 65 76 65 6e 73 65 76 65 6e teightsevenseven
| 368: 25 07 05 07 07 07 07 40 18 00 00 00 00 00 00 40 %......@.......@
| 384: 18 00 20 00 00 00 40 00 14 00 00 00 00 00 00 40 .. ...@........@
| 400: 14 00 00 00 00 00 1c 09 06 05 01 01 01 01 04 04 ................
| 416: 03 03 07 05 05 01 01 00 00 00 00 00 00 00 00 00 ................
| 448: 74 73 65 76 65 6e 00 80 ff ff 00 00 00 00 00 aa tseven..........
| 464: 00 9e 00 00 00 00 00 00 00 00 00 00 00 70 6f 72 .............por
| 480: 74 65 72 00 00 00 00 00 00 00 00 00 00 00 00 00 ter.............
| 496: 00 00 00 00 00 00 29 00 00 00 00 00 00 00 00 00 ......).........
| page 5 offset 2048
| 0: 0a 00 00 00 08 01 96 00 01 fa 01 c5 01 f2 01 bc ................
| 16: 01 dc 01 a6 01 96 01 cc 00 00 00 00 00 00 00 00 ................
| 112: 00 00 00 09 00 00 00 00 01 00 00 00 00 00 00 00 ................
| 160: 74 72 69 67 62 ff ff ff ff fc 00 00 00 00 00 00 trigb...........
| 240: 00 00 00 00 00 00 00 00 00 00 ff 00 00 00 00 00 ................
| 256: e5 ff ff ff 00 00 54 00 00 00 00 00 00 00 00 00 ......T.........
| 304: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00 ................
| 400: 00 00 00 00 00 09 00 00 00 00 01 00 00 00 00 00 ................
| 448: 00 00 74 72 69 67 62 ff ff ff ff fc 00 00 07 05 ..trigb.........
| 464: 05 01 01 09 09 02 02 19 04 05 17 17 17 17 10 65 ...............e
| 480: 76 65 6e 65 69 67 68 74 65 40 18 00 00 00 00 01 veneighte@......
| 496: 02 03 07 04 01 01 01 03 04 02 05 04 09 01 ff fd ................
| end crash-6b48ba69806134.db
}]} {}
do_catchsql_test 4.1 {
INSERT INTO t3 SELECT * FROM t2;
} {1 {database disk image is malformed}}
finish_test

11
test/dbfuzz001.test
View File

@ -347,9 +347,14 @@ do_test dbfuzz001-110 {
| 496: 04 03 03 02 01 04 03 02 02 01 02 03 01 02 01 02 ................
| end x/c02.db
}]
execsql {
DELETE FROM t3 WHERE x IN (SELECT x FROM t4);
}
} {}
do_catchsql_test dbfuzz001-120 {
PRAGMA integrity_check;
} {1 {database disk image is malformed}}
do_catchsql_test dbfuzz001-130 {
DELETE FROM t3 WHERE x IN (SELECT x FROM t4);
} {1 {database disk image is malformed}}
finish_test