From bd5969a2683396a2809a01dd54131f37259d2e01 Mon Sep 17 00:00:00 2001 From: danielk1977 Date: Sat, 11 Jul 2009 17:39:42 +0000 Subject: [PATCH] Fix a case where deleting a row from a corrupt database could cause an assert to fail. (CVS 6881) FossilOrigin-Name: 6994b41a94a60f6460cf9814767db321ab3851f7 --- manifest | 16 ++++++++-------- manifest.uuid | 2 +- src/btree.c | 4 ++-- test/corrupt.test | 34 +++++++++++++++++++++++++++++++++- 4 files changed, 44 insertions(+), 12 deletions(-) diff --git a/manifest b/manifest index 3495a6f9d0..10c615bf68 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Bug\sfix\sin\sthe\scomputation\sof\sthe\snumber\sof\spages\sto\sautovacuum\swhen\nnReserve\sis\sgreater\sthan\szero.\s(CVS\s6880) -D 2009-07-11T17:04:09 +C Fix\sa\scase\swhere\sdeleting\sa\srow\sfrom\sa\scorrupt\sdatabase\scould\scause\san\sassert\sto\sfail.\s(CVS\s6881) +D 2009-07-11T17:39:42 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0 F Makefile.in df9359da7a726ccb67a45db905c5447d5c00c6ef F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -106,7 +106,7 @@ F src/auth.c 802a9439dfa0b8c208b10055cba400e82ef18025 F src/backup.c 6f1c2d9862c8a3feb7739dfcca02c1f5352e37f3 F src/bitvec.c 0ef0651714728055d43de7a4cdd95e703fac0119 F src/btmutex.c 9b899c0d8df3bd68f527b0afe03088321b696d3c -F src/btree.c 6a5d08b45a7850fde2deec76254ca6a3c1ad7ffc +F src/btree.c 2604d94126c050559cd65eef2c8f257d9ca67358 F src/btree.h e53a10fd31d16c60a86f03c9467a6f470aa3683b F src/btreeInt.h a568bf057aa249eb06fd31358b4393a5ac88c118 F src/build.c 867028ee9f63f7bc8eb8d4a720bb98cf9b9a12b4 @@ -280,7 +280,7 @@ F test/collateA.test b8218ab90d1fa5c59dcf156efabb1b2599c580d6 F test/colmeta.test 087c42997754b8c648819832241daf724f813322 F test/colname.test 08948a4809d22817e0e5de89c7c0a8bd90cb551b F test/conflict.test 0ed68b11f22721052d880ee80bd528a0e0828236 -F test/corrupt.test 5bcf7a986358123b8055dfa64b45fc2fb54dcaa9 +F test/corrupt.test e940096bcfac0399d09c5351c0d6ea610477c08a F test/corrupt2.test a571e30ea4e82318f319a24b6cc55935ce862079 F test/corrupt3.test 263e8bb04e2728df832fddf6973cf54c91db0c32 F test/corrupt4.test acdb01afaedf529004b70e55de1a6f5a05ae7fff @@ -740,7 +740,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e F tool/vdbe-compress.tcl 672f81d693a03f80f5ae60bfefacd8a349e76746 -P d99bde9ca61eeccfe6363ff0882fd4bcdb9a34dc -R f20bebc61397821a68a2cae56e0278b2 -U drh -Z 1fcddebe9a4cc8ca7d7de11a8e8fa230 +P 618a83d65f973183d21245721dc656a35ff594a4 +R eb96100d6844858ed92c59e456fef299 +U danielk1977 +Z da4642526cf31e5a9d82946419b45e5e diff --git a/manifest.uuid b/manifest.uuid index ae53ff7282..89049261ab 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -618a83d65f973183d21245721dc656a35ff594a4 \ No newline at end of file +6994b41a94a60f6460cf9814767db321ab3851f7 \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index a4d6f4381c..1612490f08 100644 --- a/src/btree.c +++ b/src/btree.c @@ -9,7 +9,7 @@ ** May you share freely, never taking more than you give. ** ************************************************************************* -** $Id: btree.c,v 1.679 2009/07/11 17:04:09 drh Exp $ +** $Id: btree.c,v 1.680 2009/07/11 17:39:42 danielk1977 Exp $ ** ** This file implements a external (disk-based) database using BTrees. ** See the header comment on "btreeInt.h" for additional information. @@ -3927,7 +3927,7 @@ static int moveToChild(BtCursor *pCur, u32 newPgno){ pCur->info.nSize = 0; pCur->validNKey = 0; - if( pNewPage->nCell<1 ){ + if( pNewPage->nCell<1 || pNewPage->intKey!=pCur->apPage[i]->intKey ){ return SQLITE_CORRUPT_BKPT; } return SQLITE_OK; diff --git a/test/corrupt.test b/test/corrupt.test index 5b86e69493..00dcc0b007 100644 --- a/test/corrupt.test +++ b/test/corrupt.test @@ -13,7 +13,7 @@ # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. # -# $Id: corrupt.test,v 1.10 2008/08/25 12:14:09 drh Exp $ +# $Id: corrupt.test,v 1.11 2009/07/11 17:39:42 danielk1977 Exp $ catch {file delete -force test.db test.db-journal test.bu} @@ -174,4 +174,36 @@ do_test corrupt-3.6 { } } {1 {database disk image is malformed}} +do_test corrupt-4.1 { + db close + file delete -force test.db test.db-journal + sqlite3 db test.db + execsql { + PRAGMA page_size = 1024; + CREATE TABLE t1(a INTEGER PRIMARY KEY, b TEXT); + } + for {set i 0} {$i < 10} {incr i} { + set text [string repeat $i 220] + execsql { INSERT INTO t1 VALUES($i, $text) } + } + execsql { CREATE INDEX i1 ON t1(b) } +} {} +do_test corrupt-4.2 { + set iRoot [db one {SELECT rootpage FROM sqlite_master WHERE name = 'i1'}] + set iOffset [hexio_get_int [hexio_read test.db [expr 12+($iRoot-1)*1024] 2]] + set data [hexio_render_int32 [expr $iRoot - 1]] + hexio_write test.db [expr ($iRoot-1)*1024 + $iOffset] $data + db close + sqlite3 db test.db + + # The following DELETE statement attempts to delete a cell stored on the + # root page of index i1. After this cell is deleted it must be replaced + # by a cell retrieved from the child page (a leaf) of the deleted cell. + # This will fail, as the block modified the database image so that the + # child page of the deleted cell is from a table (intkey) b-tree, not an + # index b-tree as expected. At one point this was causing an assert() + # to fail. + catchsql { DELETE FROM t1 WHERE rowid = 3 } +} {1 {database disk image is malformed}} + finish_test