mirrors/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

When a corrupt schema is loaded using writable_schema=ON, the CHECK constraints

Browse Source 
(or other expressions in the table definition) might not be fully resolved.
Ensure that the code generator can deal with this if the table is subsequently
used in a DML statement.  dbsqlfuzz find.

FossilOrigin-Name: ea721b34477ab8b49d182352c4bc198245933b850e9b6248b4f97600e80bb44b
This commit is contained in:
drh 2019-12-21 14:09:30 +00:00
parent ed0c34857a
commit b0cbcd0edf
4 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
manifest
View File

@ -1,5 +1,5 @@
C Do\snot\stry\sto\saccess\sa\sgenerated\scolumn\sthrough\san\sindex\sif\sthe\scollating\nsequence\sfor\sthe\sgenerated\scolumn\sis\snon-standard.\nPart\s2\sof\sticket\s[e0a8120553f4b082]
D 2019-12-20T22:46:41.121
C When\sa\scorrupt\sschema\sis\sloaded\susing\swritable_schema=ON,\sthe\sCHECK\sconstraints\n(or\sother\sexpressions\sin\sthe\stable\sdefinition)\smight\snot\sbe\sfully\sresolved.\nEnsure\sthat\sthe\scode\sgenerator\scan\sdeal\swith\sthis\sif\sthe\stable\sis\ssubsequently\nused\sin\sa\sDML\sstatement.\s\sdbsqlfuzz\sfind.
D 2019-12-21T14:09:30.906
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@ -479,7 +479,7 @@ F src/date.c e1d8ac7102f3f283e63e13867acb0efa33861cf34f0faf4cdbaf9fa7a1eb7041
F src/dbpage.c 135eb3b5e74f9ef74bde5cec2571192c90c86984fa534c88bf4a055076fa19b7
F src/dbstat.c 6c407e549406c10fde9ac3987f6d734459205239ad370369bc5fcd683084a4fa
F src/delete.c a5c59b9c0251cf7682bc52af0d64f09b1aefc6781a63592c8f1136f7b73c66e4
F src/expr.c f384985519fdc748d1c3e37b387825d601c2b076517c921db673b1dd368fe68c
F src/expr.c d1031aaefc3d8697f30f418494ec491e729c2423af7f426041bb7525c41d3ad5
F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
F src/fkey.c 92a248ec0fa4ed8ab60c98d9b188ce173aaf218f32e7737ba77deb2a684f9847
F src/func.c ed33e38cd642058182a31a3f518f2e34f4bbe53aa483335705c153c4d3e50b12
@ -1017,7 +1017,7 @@ F test/fuzzdata4.db b502c7d5498261715812dd8b3c2005bad08b3a26e6489414bd13926cd3e4
F test/fuzzdata5.db e35f64af17ec48926481cfaf3b3855e436bd40d1cfe2d59a9474cb4b748a52a5
F test/fuzzdata6.db 92a80e4afc172c24f662a10a612d188fb272de4a9bd19e017927c95f737de6d7
F test/fuzzdata7.db e7a86fd83dda151d160445d542e32e5c6019c541b3a74c2a525b6ac640639711
F test/fuzzdata8.db bbe69fc3534e5e68ef211481e145aa9aac678dacb8dbc0c4f3177db0d40e099e
F test/fuzzdata8.db 34eb781c21f70c47501167b184a48a3fa8ff05ce9bc41b93dc48721e553c3c5e
F test/fuzzer1.test 3d4c4b7e547aba5e5511a2991e3e3d07166cfbb8
F test/fuzzer2.test a85ef814ce071293bce1ad8dffa217cbbaad4c14
F test/fuzzerfault.test 8792cd77fd5bce765b05d0c8e01b9edcf8af8536
@ -1852,7 +1852,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
P 728ad39e3bd07a2503a95c68ed5bbc3f28fd97551d59f12a5fab25dc68227e99
R cfaa4a73c5ab8e91e0e8aea15aa1b6a1
P 056bb8dcbdc45989c5c6e86d2966200062e3c01c382ec52aae37c828104b4496
R 3d66cf80146322364a240ad41d3a3004
U drh
Z c7accbd12333ca8b3a817093296c39eb
Z d7946e0fe8abc0809f4706cc432866a0

2
manifest.uuid
View File

@ -1 +1 @@
056bb8dcbdc45989c5c6e86d2966200062e3c01c382ec52aae37c828104b4496
ea721b34477ab8b49d182352c4bc198245933b850e9b6248b4f97600e80bb44b

14
src/expr.c
View File

@ -3649,9 +3649,14 @@ expr_code_doover:
Table *pTab = pExpr->y.pTab;
int iSrc;
int iCol = pExpr->iColumn;
if( pTab==0 ){
assert( CORRUPT_DB );
sqlite3VdbeAddOp2(v, OP_Null, 0, target);
return target;
}
assert( pTab!=0 );
assert( iCol>=XN_ROWID );
assert( iCol<pExpr->y.pTab->nCol );
assert( iCol<pTab->nCol );
if( iCol<0 ){
return -1-pParse->iSelfTab;
}
@ -3717,9 +3722,10 @@ expr_code_doover:
default: {
/* Make NULL the default case so that if a bug causes an illegal
** Expr node to be passed into this function, it will be handled
** sanely and not crash. But keep an assert() to bring the problem
** to the attention of the developers. */
assert( op==TK_NULL );
** sanely and not crash. This comes up, for example, if a corrupt
** database schema is loaded using PRAGMA writable_schema=ON. */
assert( op==TK_NULL || CORRUPT_DB );
testcase( op!=TK_NULL );
sqlite3VdbeAddOp2(v, OP_Null, 0, target);
return target;
}

BIN
test/fuzzdata8.db
View File

Binary file not shown.