# 2008 June 11 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: # # May you do good and not evil. # May you find forgiveness for yourself and forgive others. # May you share freely, never taking more than you give. # #*********************************************************************** # This file implements regression tests for SQLite library. # # This file implements tests to make sure SQLite does not crash or # segfault if it sees a corrupt database file. It specifically focuses # on corrupt cell offsets in a btree page. # # $Id: corrupt7.test,v 1.8 2009/08/10 10:18:08 danielk1977 Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl # We must have the page_size pragma for these tests to work. # ifcapable !pager_pragmas { finish_test return } # Create a simple, small database. # do_test corrupt7-1.1 { execsql { PRAGMA auto_vacuum=OFF; PRAGMA page_size=1024; CREATE TABLE t1(x); INSERT INTO t1(x) VALUES(1); INSERT INTO t1(x) VALUES(2); INSERT INTO t1(x) SELECT x+2 FROM t1; INSERT INTO t1(x) SELECT x+4 FROM t1; INSERT INTO t1(x) SELECT x+8 FROM t1; } file size test.db } [expr {1024*2}] # Verify that the file format is as we expect. The page size # should be 1024 bytes. # do_test corrupt7-1.2 { hexio_get_int [hexio_read test.db 16 2] } 1024 ;# The page size is 1024 do_test corrupt7-1.3 { hexio_get_int [hexio_read test.db 20 1] } 0 ;# Unused bytes per page is 0 integrity_check corrupt7-1.4 # Deliberately corrupt some of the cell offsets in the btree page # on page 2 of the database. # # The error message is different depending on whether or not the # SQLITE_ENABLE_OVERSIZE_CELL_CHECK compile-time option is engaged. # ifcapable oversize_cell_check { do_test corrupt7-2.1 { db close hexio_write test.db 1062 FF sqlite3 db test.db db eval {PRAGMA integrity_check(1)} } {{*** in database main *** Page 2: btreeInitPage() returns error code 11}} do_test corrupt7-2.2 { db close hexio_write test.db 1062 04 sqlite3 db test.db db eval {PRAGMA integrity_check(1)} } {{*** in database main *** Page 2: btreeInitPage() returns error code 11}} } else { do_test corrupt7-2.1 { db close hexio_write test.db 1062 FF sqlite3 db test.db db eval {PRAGMA integrity_check(1)} } {{*** in database main *** Corruption detected in cell 15 on page 2}} do_test corrupt7-2.2 { db close hexio_write test.db 1062 04 sqlite3 db test.db db eval {PRAGMA integrity_check(1)} } {{*** in database main *** On tree page 2 cell 15: Rowid 0 out of order (previous was 15)}} } # The code path that was causing the buffer overrun that this test # case was checking for was removed. # #do_test corrupt7-3.1 { # execsql { # DROP TABLE t1; # CREATE TABLE t1(a, b); # INSERT INTO t1 VALUES(1, 'one'); # INSERT INTO t1 VALUES(100, 'one hundred'); # INSERT INTO t1 VALUES(100000, 'one hundred thousand'); # CREATE INDEX i1 ON t1(b); # } # db close # # # Locate the 3rd cell in the index. # set cell_offset [hexio_get_int [hexio_read test.db [expr 1024*2 + 12] 2]] # incr cell_offset [expr 1024*2] # incr cell_offset 1 # # # This write corrupts the "header-size" field of the database record # # stored in the index cell. At one point this was causing sqlite to # # reference invalid memory. # hexio_write test.db $cell_offset FFFF7F # # sqlite3 db test.db # catchsql { # SELECT b FROM t1 WHERE b > 'o' AND b < 'p'; # } #} {1 {database disk image is malformed}} finish_test