database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-07 02:42:48 +03:00
Code Activity

Fixed crash in integrity_check with corrupt content offset size in page header. (CVS 5881)

Browse Source 
FossilOrigin-Name: 0659a666ff0a9fc81ee4df3c35e535164c79e588
This commit is contained in:
shane
2008-11-11 17:36:30 +00:00
parent 86a7a69cbe
commit 5780ebdf79
4 changed files with 55 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
manifest
View File

@@ -1,5 +1,5 @@
C Avoid\ssigned/unsigned\scomparison\swarnings\sin\sbitvec.c\sby\schanging\sthe\ntypes\sof\sloop\svariables\sto\sunsigned\sint.\s(CVS\s5880) C Fixed\scrash\sin\sintegrity_check\swith\scorrupt\scontent\soffset\ssize\sin\spage\sheader.\s(CVS\s5881)
D 2008-11-11T15:48:48 D 2008-11-11T17:36:30
F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
F Makefile.in 48172b58e444a9725ec482e0c022a564749acab4 F Makefile.in 48172b58e444a9725ec482e0c022a564749acab4
F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -99,7 +99,7 @@ F src/attach.c 208881c87160d9e2c73a46cf86116c5a6d66f9d7
F src/auth.c c8b2ab5c8bad4bd90ed7c294694f48269162c627 F src/auth.c c8b2ab5c8bad4bd90ed7c294694f48269162c627
F src/bitvec.c 9e922b2577b7e46d8f95349bca6a52f7674d7582 F src/bitvec.c 9e922b2577b7e46d8f95349bca6a52f7674d7582
F src/btmutex.c 3a90096c3080b9057dc570b8e16e46511e1c788a F src/btmutex.c 3a90096c3080b9057dc570b8e16e46511e1c788a
F src/btree.c e0ceb752348ab564434552f52e6c771294a5608c F src/btree.c 7824bc89b38bafb8a87b7091e912ea789b60e428
F src/btree.h 179c3ea813780df78a289a8f5130db18e6d4616e F src/btree.h 179c3ea813780df78a289a8f5130db18e6d4616e
F src/btreeInt.h e38e9b2b285f40f5bc0a6664f630d4a141622f16 F src/btreeInt.h e38e9b2b285f40f5bc0a6664f630d4a141622f16
F src/build.c 41464eb891eb3672b30a5188a352187cba038af9 F src/build.c 41464eb891eb3672b30a5188a352187cba038af9
@@ -265,7 +265,7 @@ F test/corrupt8.test 9992ef7f67cefc576b92373f6bf5ab8775280f51
F test/corrupt9.test 794d284109c65c8f10a2b275479045e02d163bae F test/corrupt9.test 794d284109c65c8f10a2b275479045e02d163bae
F test/corruptA.test 99e95620b980161cb3e79f06a884a4bb8ae265ff F test/corruptA.test 99e95620b980161cb3e79f06a884a4bb8ae265ff
F test/corruptB.test 505331779fe7a96fe38ecbb817f19c63bc27d171 F test/corruptB.test 505331779fe7a96fe38ecbb817f19c63bc27d171
F test/corruptC.test c918825035449c5b1371182a584d75619d43b9ac F test/corruptC.test 02a12dee8b1b58b41d30eb68e6dc95f7e9e59243
F test/crash.test 1b6ac8410689ff78028887f445062dc897c9ac89 F test/crash.test 1b6ac8410689ff78028887f445062dc897c9ac89
F test/crash2.test 5b14d4eb58b880e231361d3b609b216acda86651 F test/crash2.test 5b14d4eb58b880e231361d3b609b216acda86651
F test/crash3.test 776f9363554c029fcce71d9e6600fa0ba6359ce7 F test/crash3.test 776f9363554c029fcce71d9e6600fa0ba6359ce7
@@ -654,7 +654,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
P 89ee5295bdea6f2c093eb6a44d69917dcc8459e3 P da869446c53ec6ed769bba01cdc2b6fd69a8b5c9
R b6fc8901bd4f0ae44bd1f62b8e1cdb9a R e4f0f76dc4c5672626cf25fdc1112cb0
U drh U shane
Z 3403243b8c159a96a13870a6dc806973 Z 42e5ec31ef7e6a7867cc9c00711cc593

2
manifest.uuid
View File

@@ -1 +1 @@
da869446c53ec6ed769bba01cdc2b6fd69a8b5c9 0659a666ff0a9fc81ee4df3c35e535164c79e588

12
src/btree.c
View File

@@ -9,7 +9,7 @@
** May you share freely, never taking more than you give. ** May you share freely, never taking more than you give.
** **
************************************************************************* *************************************************************************
** $Id: btree.c,v 1.528 2008/11/10 17:14:58 shane Exp $ ** $Id: btree.c,v 1.529 2008/11/11 17:36:30 shane Exp $
** **
** This file implements a external (disk-based) database using BTrees. ** This file implements a external (disk-based) database using BTrees.
** See the header comment on "btreeInt.h" for additional information. ** See the header comment on "btreeInt.h" for additional information.
@@ -6800,8 +6800,14 @@ static int checkTreePage(
if( hit==0 ){ if( hit==0 ){
pCheck->mallocFailed = 1; pCheck->mallocFailed = 1;
}else{ }else{
memset(hit, 0, usableSize ); u16 contentOffset = get2byte(&data[hdr+5]);
memset(hit, 1, get2byte(&data[hdr+5])); if (contentOffset > usableSize) {
checkAppendMsg(pCheck, 0,
"Corruption detected in header on page %d",iPage,0);
contentOffset = usableSize; /* try to keep going */
}
memset(hit+contentOffset, 0, usableSize-contentOffset);
memset(hit, 1, contentOffset);
nCell = get2byte(&data[hdr+3]); nCell = get2byte(&data[hdr+3]);
cellStart = hdr + 12 - 4*pPage->leaf; cellStart = hdr + 12 - 4*pPage->leaf;
for(i=0; i<nCell; i++){ for(i=0; i<nCell; i++){

50
test/corruptC.test
View File

@@ -15,13 +15,16 @@
# data base file, then tests that single byte corruptions in # data base file, then tests that single byte corruptions in
# increasingly larger quantities are handled gracefully. # increasingly larger quantities are handled gracefully.
# #
# $Id: corruptC.test,v 1.1 2008/10/31 13:57:40 shane Exp $ # $Id: corruptC.test,v 1.2 2008/11/11 17:36:30 shane Exp $
catch {file delete -force test.db test.db-journal test.bu} catch {file delete -force test.db test.db-journal test.bu}
set testdir [file dirname $argv0] set testdir [file dirname $argv0]
source $testdir/tester.tcl source $testdir/tester.tcl
# Set a uniform random seed
expr srand(0)
# Construct a compact, dense database for testing. # Construct a compact, dense database for testing.
# #
do_test corruptC-1.1 { do_test corruptC-1.1 {
@@ -68,7 +71,32 @@ proc copy_file {from to} {
copy_file test.db test.bu copy_file test.db test.bu
set fsize [file size test.db] set fsize [file size test.db]
for {set tn 1} {$tn<=1024} {incr tn 1} { #
# first test some specific corruption tests found from earlier runs
#
# test that a corrupt content offset size is handled (seed 5577)
do_test corruptC-2.1 {
db close
copy_file test.bu test.db
# insert corrupt byte(s)
hexio_write test.db 2053 04
sqlite3 db test.db
catchsql {PRAGMA integrity_check}
} {0 {{*** in database main ***
Corruption detected in header on page 3
Multiple uses for byte 604 of page 3}}}
#
# now test for a series of quasi-random seeds
#
for {set tn 0} {$tn<=1024} {incr tn 1} {
# Set a quasi-random random seed
expr srand($tn)
# setup for test # setup for test
db close db close
@@ -82,32 +110,28 @@ for {set tn 1} {$tn<=1024} {incr tn 1} {
for {set i 1} {$i<=1024 && !$last} {incr i 1} { for {set i 1} {$i<=1024 && !$last} {incr i 1} {
# insert random byte at random location # insert random byte at random location
set fd [open test.db r+] hexio_write test.db [random $fsize] [format %02x [random 255]]
fconfigure $fd -translation binary
seek $fd [random $fsize]
puts -nonewline $fd [format "%c" [expr [random 255]]]
close $fd
# do a few random operations to make sure that if # do a few random operations to make sure that if
# they error, they error gracefully instead of crashing. # they error, they error gracefully instead of crashing.
do_test corruptC-2.$tn.$i.1 { do_test corruptC-3.$tn.$i.1 {
sqlite3 db test.db sqlite3 db test.db
catchsql {SELECT count(*) FROM sqlite_master} catchsql {SELECT count(*) FROM sqlite_master}
set x {} set x {}
} {} } {}
do_test corruptC-2.$tn.$i.2 { do_test corruptC-3.$tn.$i.2 {
catchsql {SELECT count(*) FROM t1} catchsql {SELECT count(*) FROM t1}
set x {} set x {}
} {} } {}
do_test corruptC-2.$tn.$i.3 { do_test corruptC-3.$tn.$i.3 {
catchsql {SELECT count(*) FROM t1 WHERE x>13} catchsql {SELECT count(*) FROM t1 WHERE x>13}
set x {} set x {}
} {} } {}
do_test corruptC-2.$tn.$i.4 { do_test corruptC-3.$tn.$i.4 {
catchsql {SELECT count(*) FROM t2} catchsql {SELECT count(*) FROM t2}
set x {} set x {}
} {} } {}
do_test corruptC-2.$tn.$i.5 { do_test corruptC-3.$tn.$i.5 {
catchsql {SELECT count(*) FROM t2 WHERE x<13} catchsql {SELECT count(*) FROM t2 WHERE x<13}
set x {} set x {}
} {} } {}
@@ -130,7 +154,7 @@ for {set tn 1} {$tn<=1024} {incr tn 1} {
} }
# Check that no page references were leaked. # Check that no page references were leaked.
do_test corruptC-2.$tn.$i.6 { do_test corruptC-3.$tn.$i.6 {
set bt [btree_from_db db] set bt [btree_from_db db]
db_enter db db_enter db
array set stats [btree_pager_stats $bt] array set stats [btree_pager_stats $bt]