af4300636a
FossilOrigin-Name: 6913831ad2892fdc8331ee53426d935386eacb9e
76 lines
2.0 KiB
Plaintext
76 lines
2.0 KiB
Plaintext
# 2013-08-01
|
|
#
|
|
# The author disclaims copyright to this source code. In place of
|
|
# a legal notice, here is a blessing:
|
|
#
|
|
# May you do good and not evil.
|
|
# May you find forgiveness for yourself and forgive others.
|
|
# May you share freely, never taking more than you give.
|
|
#
|
|
#***********************************************************************
|
|
#
|
|
|
|
set testdir [file dirname $argv0]
|
|
source $testdir/tester.tcl
|
|
set testprefix corruptG
|
|
|
|
# Do not use a codec for tests in this file, as the database file is
|
|
# manipulated directly using tcl scripts (using the [hexio_write] command).
|
|
#
|
|
do_not_use_codec
|
|
|
|
# Create a simple database with a single entry. Then corrupt the
|
|
# header-size varint on the index payload so that it maps into a
|
|
# negative number. Try to use the database.
|
|
#
|
|
|
|
do_execsql_test 1.1 {
|
|
PRAGMA page_size=512;
|
|
CREATE TABLE t1(a,b,c);
|
|
INSERT INTO t1(rowid,a,b,c) VALUES(52,'abc','xyz','123');
|
|
CREATE INDEX t1abc ON t1(a,b,c);
|
|
}
|
|
|
|
# Corrupt the file
|
|
db close
|
|
hexio_write test.db [expr {3*512 - 15}] 888080807f
|
|
sqlite3 db test.db
|
|
|
|
# Try to use the file.
|
|
do_test 1.2 {
|
|
catchsql {
|
|
SELECT c FROM t1 WHERE a>'abc';
|
|
}
|
|
} {0 {}}
|
|
do_test 1.3 {
|
|
catchsql {
|
|
PRAGMA integrity_check
|
|
}
|
|
} {0 ok}
|
|
do_test 1.4 {
|
|
catchsql {
|
|
SELECT c FROM t1 ORDER BY a;
|
|
}
|
|
} {1 {database disk image is malformed}}
|
|
|
|
# Corrupt the same file in a slightly different way. Make the record header
|
|
# sane, but corrupt one of the serial_type value to indicate a huge payload
|
|
# such that the payload begins in allocated space but overflows the buffer.
|
|
#
|
|
db close
|
|
hexio_write test.db [expr {3*512-15}] 0513ff7f01
|
|
sqlite3 db test.db
|
|
|
|
do_test 2.1 {
|
|
catchsql {
|
|
SELECT rowid FROM t1 WHERE a='abc' and b='xyz123456789XYZ';
|
|
}
|
|
# The following test result is brittle. The point above is to try to
|
|
# force a buffer overread by a corrupt database file. If we get an
|
|
# incorrect answer from a corrupt database file, that is OK. If the
|
|
# result below changes, that just means that "undefined behavior" has
|
|
# changed.
|
|
} {0 52}
|
|
|
|
finish_test
|