Merge the btree fixes out of trunk.

FossilOrigin-Name: f3cd8cecf4f7aa3429e3ebc90ed31c4e8fff7bc2
2015-05-25 19:37:17 +00:00 · 2015-05-25 19:37:17 +00:00 · b335d12df7
commit b335d12df7
parent a9542b1bc4 08f901b008
4 changed files with 61 additions and 13 deletions
--- a/14
+++ b/14
@ -1,5 +1,5 @@
-C Add\sthe\s--dbid\sand\s--sqlid\sparameters\sto\sfuzzcheck.\s\sOther\sfuzzcheck\sfixes.
-D 2015-05-25T19:35:42.936
+C Merge\sthe\sbtree\sfixes\sout\sof\strunk.
+D 2015-05-25T19:37:17.641
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 0a6ae26396ec696221021780dffbb894ff3cead7
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@ -192,7 +192,7 @@ F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240
 F src/backup.c ff743689c4d6c5cb55ad42ed9d174b2b3e71f1e3
 F src/bitvec.c 5eb7958c3bf65210211cbcfc44eff86d0ded7c9d
 F src/btmutex.c 45a968cc85afed9b5e6cf55bf1f42f8d18107f79
-F src/btree.c 030535334184d12260df4bfcefed672f4d83dcf8
+F src/btree.c a5beb7f19f9bacbad2bd5ebf8e34e327de7a6656
 F src/btree.h 969adc948e89e449220ff0ff724c94bb2a52e9f1
 F src/btreeInt.h 973a22a6fd61350b454ad614832b1f0a5e25a1e4
 F src/build.c d5d9090788118178190c5724c19f93953b8c7a4e
@ -452,7 +452,7 @@ F test/corruptE.test 193b4ca4e927e77c1d5f4f56203ddc998432a7ee
 F test/corruptF.test be9fde98e4c93648f1ba52b74e5318edc8f59fe4
 F test/corruptG.test 1ab3bf97ee7bdba70e0ff3ba2320657df55d1804
 F test/corruptH.test 5dd4fa98c6c1ed33b178f9e8a48c4fdd3cfc9067
-F test/corruptI.test bd6986db57424a4d61bfc9f67e9dc1c2ae4f2cfb
+F test/corruptI.test 79fd060a42a965df1274f5ef5cba4d74bef7c892
 F test/corruptJ.test 9e29e7a81ee3b6ac50f77ea7a9e2f3fa03f32d91
 F test/cost.test 19d314526616ce4473eb4e4e450fcb94499ce318
 F test/count.test cb2e0f934c6eb33670044520748d2ecccd46259c
@ -1279,7 +1279,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P c5b4e363528aa1d2d5f41451f16de0aa91152b38
-R df1cffb558a450a54d1765e42395b4a9
+P 75ec9299faca8ce3d49d825ba6ea60588a91d113 aa18c8e9d1676b1caa53bc5f5c1dc5f201089b88
+R c7aca3d20b244db420c1462dc5cead3b
 U drh
-Z 2a52604473d276af6452030585c0eebc
+Z 4da0e8ead0aba6b030c4a4298009f78b
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-75ec9299faca8ce3d49d825ba6ea60588a91d113
+f3cd8cecf4f7aa3429e3ebc90ed31c4e8fff7bc2
--- a/src/btree.c
+++ b/src/btree.c
@ -3888,9 +3888,13 @@ int sqlite3BtreeCursor(
  BtCursor *pCur                              /* Write new cursor here */
 ){
  int rc;
-  sqlite3BtreeEnter(p);
-  rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
-  sqlite3BtreeLeave(p);
+  if( iTable<1 ){
+    rc = SQLITE_CORRUPT_BKPT;
+  }else{
+    sqlite3BtreeEnter(p);
+    rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
+    sqlite3BtreeLeave(p);
+  }
  return rc;
 }

@ -5750,7 +5754,9 @@ static int clearCell(
  assert( pBt->usableSize > 4 );
  ovflPageSize = pBt->usableSize - 4;
  nOvfl = (info.nPayload - info.nLocal + ovflPageSize - 1)/ovflPageSize;
-  assert( ovflPgno==0 || nOvfl>0 );
+  assert( nOvfl>0 || 
+    (CORRUPT_DB && (info.nPayload + ovflPageSize)<ovflPageSize)
+  );
  while( nOvfl-- ){
    Pgno iNext = 0;
    MemPage *pOvfl = 0;
@ -6005,7 +6011,7 @@ static void dropCell(MemPage *pPage, int idx, int sz, int *pRC){
  if( *pRC ) return;

  assert( idx>=0 && idx<pPage->nCell );
-  assert( sz==cellSize(pPage, idx) );
+  assert( CORRUPT_DB || sz==cellSize(pPage, idx) );
  assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  data = pPage->aData;
--- a/test/corruptI.test
+++ b/test/corruptI.test
@ -184,4 +184,46 @@ do_test 5.3 {
 } {1 {database disk image is malformed}}


+#-------------------------------------------------------------------------
+# Set the payload size of a cell to just less than 2^32 bytes (not
+# possible in an uncorrupted db). Then try to delete the cell. At one
+# point this led to an integer overflow that caused an assert() to fail.
+#
+reset_db
+do_execsql_test 6.0 {
+  PRAGMA page_size = 512;
+  CREATE TABLE t1(x);
+  INSERT INTO t1 VALUES(zeroblob(300));
+  INSERT INTO t1 VALUES(zeroblob(600));
+} {}
+do_test 6.1 {
+  db close
+  hexio_write test.db 616 EAFFFFFF0202
+  sqlite3 db test.db
+  breakpoint
+  execsql { DELETE FROM t1 WHERE rowid=2 }
+} {}
+
+#-------------------------------------------------------------------------
+# See what happens if the sqlite_master entry associated with a PRIMARY
+# KEY or UNIQUE index is removed. 
+#
+reset_db
+do_execsql_test 7.0 {
+  CREATE TABLE t1(x PRIMARY KEY, y);
+  INSERT INTO t1 VALUES('a', 'A');
+  INSERT INTO t1 VALUES('b', 'A');
+  INSERT INTO t1 VALUES('c', 'A');
+  SELECT name FROM sqlite_master;
+} {t1 sqlite_autoindex_t1_1}
+do_execsql_test 7.1 {
+  PRAGMA writable_schema = 1;
+  DELETE FROM sqlite_master WHERE name = 'sqlite_autoindex_t1_1';
+}
+do_test 7.2 {
+  db close
+  sqlite3 db test.db
+  catchsql { UPDATE t1 SET x='d' AND y='D' WHERE rowid = 2 }
+} {1 {database disk image is malformed}}
+
 finish_test