| # 2014-01-20 |
| # |
| # The author disclaims copyright to this source code. In place of |
| # a legal notice, here is a blessing: |
| # |
| # May you do good and not evil. |
| # May you find forgiveness for yourself and forgive others. |
| # May you share freely, never taking more than you give. |
| # |
| #*********************************************************************** |
| # |
| |
| set testdir [file dirname $argv0] |
| source $testdir/tester.tcl |
| set testprefix corruptI |
| |
| if {[permutation]=="mmap"} { |
| finish_test |
| return |
| } |
| |
| # This module uses hard-coded offsets which do not work if the reserved_bytes |
| # value is nonzero. |
| if {[nonzero_reserved_bytes]} {finish_test; return;} |
| |
| database_may_be_corrupt |
| |
| # Initialize the database. |
| # |
| do_execsql_test 1.1 { |
| PRAGMA page_size=1024; |
| PRAGMA auto_vacuum=0; |
| CREATE TABLE t1(a); |
| CREATE INDEX i1 ON t1(a); |
| INSERT INTO t1 VALUES('abcdefghijklmnop'); |
| } {} |
| db close |
| |
| do_test 1.2 { |
| set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]] |
| set off [expr 2*1024 + $offset + 1] |
| hexio_write test.db $off 7f06 |
| sqlite3 db test.db |
| catchsql { SELECT * FROM t1 WHERE a = 10 } |
| } {0 {}} |
| |
| do_test 1.3 { |
| db close |
| set offset [hexio_get_int [hexio_read test.db [expr 2*1024 + 8] 2]] |
| set off [expr 2*1024 + $offset + 1] |
| hexio_write test.db $off FFFF7f02 |
| sqlite3 db test.db |
| catchsql { SELECT * FROM t1 WHERE a = 10 } |
| } {1 {database disk image is malformed}} |
| |
| do_test 2.0 { |
| execsql { |
| CREATE TABLE r(x); |
| INSERT INTO r VALUES('ABCDEFGHIJK'); |
| CREATE INDEX r1 ON r(x); |
| } |
| set pg [db one {SELECT rootpage FROM sqlite_master WHERE name = 'r1'}] |
| } {5} |
| |
| do_test 2.1 { |
| db close |
| set offset [hexio_get_int [hexio_read test.db [expr (5-1)*1024 + 8] 2]] |
| set off [expr (5-1)*1024 + $offset + 1] |
| hexio_write test.db $off FFFF0004 |
| sqlite3 db test.db |
| catchsql { SELECT * FROM r WHERE x >= 10.0 } |
| } {1 {database disk image is malformed}} |
| |
| do_test 2.2 { |
| catchsql { SELECT * FROM r WHERE x >= 10 } |
| } {1 {database disk image is malformed}} |
| |
| if {[db one {SELECT sqlite_compileoption_used('ENABLE_OVERSIZE_CELL_CHECK')}]} { |
| # The following tests only work if OVERSIZE_CELL_CHECK is disabled |
| } else { |
| reset_db |
| do_execsql_test 3.1 { |
| PRAGMA auto_vacuum=0; |
| PRAGMA page_size = 512; |
| CREATE TABLE t1(a INTEGER PRIMARY KEY, b); |
| WITH s(a, b) AS ( |
| SELECT 2, 'abcdefghij' |
| UNION ALL |
| SELECT a+2, b FROM s WHERe a < 40 |
| ) |
| INSERT INTO t1 SELECT * FROM s; |
| } {} |
| |
| do_test 3.2 { |
| hexio_write test.db [expr 512+3] 0054 |
| db close |
| sqlite3 db test.db |
| execsql { INSERT INTO t1 VALUES(5, 'klmnopqrst') } |
| execsql { INSERT INTO t1 VALUES(7, 'klmnopqrst') } |
| } {} |
| |
| db close |
| sqlite3 db test.db |
| do_catchsql_test 3.3 { |
| INSERT INTO t1 VALUES(9, 'klmnopqrst'); |
| } {1 {database disk image is malformed}} |
| } ;# end-if !defined(ENABLE_OVERSIZE_CELL_CHECK) |
| |
| |
| #------------------------------------------------------------------------- |
| # Test that an assert() failure discovered by AFL corrupt database file |
| # testing has been fixed. |
| # |
| reset_db |
| do_execsql_test 4.0 { |
| PRAGMA page_size = 65536; |
| PRAGMA autovacuum = 0; |
| CREATE TABLE t1(a INTEGER PRIMARY KEY, b); |
| INSERT INTO t1 VALUES(-1, 'abcdefghij'); |
| INSERT INTO t1 VALUES(0, 'abcdefghij'); |
| } |
| |
| set root [db one {SELECT rootpage FROM sqlite_master}] |
| set offset [expr ($root-1) * 65536] |
| |
| ifcapable oversize_cell_check { |
| set res {1 {database disk image is malformed}} |
| } else { |
| set res {0 {}} |
| } |
| do_test 4.1 { |
| db close |
| hexio_write test.db [expr $offset + 8 + 2] 0000 |
| hexio_write test.db [expr $offset + 5] 0000 |
| sqlite3 db test.db |
| catchsql { DELETE FROM t1 WHERE a=0 } |
| } $res |
| |
| |
| #------------------------------------------------------------------------- |
| # Database properties: |
| # |
| # * Incremental vacuum mode. |
| # * Database root table has a single leaf page. |
| # * Free list consists of a single trunk page. |
| # |
| # The db is then corrupted by adding the root table leaf page as a free-list |
| # leaf page (so that it is referenced twice). |
| # |
| # Then, a new table is created. The new root page is the current free-list |
| # trunk. This means that the root table leaf page is made into the new |
| # free list trunk, which corrupts its header. Then, when the new entry is |
| # inserted into the root table, things would get chaotic. |
| # |
| reset_db |
| do_test 5.0 { |
| execsql { |
| PRAGMA page_size = 512; |
| PRAGMA auto_vacuum = 2; |
| } |
| for {set i 3} {1} {incr i} { |
| execsql "CREATE TABLE t${i}(x)" |
| if {[db one {PRAGMA page_count}]>$i} break |
| } |
| set nPage [db one {PRAGMA page_count}] |
| execsql { |
| CREATE TABLE t100(x); |
| DROP TABLE t100; |
| } |
| } {} |
| |
| do_execsql_test 5.1 { |
| PRAGMA page_count |
| } [expr $nPage+1] |
| |
| do_test 5.2 { |
| # The last page of the db is now the only leaf of the sqlite_master table. |
| # Corrupt the db by adding it to the free-list as well (the second last |
| # page of the db is the free-list trunk). |
| db close |
| hexio_write test.db [expr 512*($nPage-1)] [ |
| format "%.8X%.8X%.8X" 0 1 [expr $nPage+1] |
| ] |
| } {12} |
| |
| do_test 5.3 { |
| sqlite3 db test.db |
| catchsql { CREATE TABLE tx(x); } |
| } {1 {database disk image is malformed}} |
| |
| |
| #------------------------------------------------------------------------- |
| # Set the payload size of a cell to just less than 2^32 bytes (not |
| # possible in an uncorrupted db). Then try to delete the cell. At one |
| # point this led to an integer overflow that caused an assert() to fail. |
| # |
| reset_db |
| do_execsql_test 6.0 { |
| PRAGMA page_size = 512; |
| PRAGMA auto_vacuum=0; |
| CREATE TABLE t1(x); |
| INSERT INTO t1 VALUES(zeroblob(300)); |
| INSERT INTO t1 VALUES(zeroblob(600)); |
| } {} |
| do_test 6.1 { |
| db close |
| hexio_write test.db 616 8FFFFFFF7F02 |
| sqlite3 db test.db |
| execsql { DELETE FROM t1 WHERE rowid=2 } |
| } {} |
| |
| #------------------------------------------------------------------------- |
| # See what happens if the sqlite_master entry associated with a PRIMARY |
| # KEY or UNIQUE index is removed. |
| # |
| reset_db |
| do_execsql_test 7.0 { |
| PRAGMA auto_vacuum=0; |
| CREATE TABLE t1(x PRIMARY KEY, y); |
| INSERT INTO t1 VALUES('a', 'A'); |
| INSERT INTO t1 VALUES('b', 'A'); |
| INSERT INTO t1 VALUES('c', 'A'); |
| SELECT name FROM sqlite_master; |
| } {t1 sqlite_autoindex_t1_1} |
| sqlite3_db_config db DEFENSIVE 0 |
| do_execsql_test 7.1 { |
| PRAGMA writable_schema = 1; |
| DELETE FROM sqlite_master WHERE name = 'sqlite_autoindex_t1_1'; |
| } |
| do_test 7.2 { |
| db close |
| sqlite3 db test.db |
| catchsql { UPDATE t1 SET x='d' AND y='D' WHERE rowid = 2 } |
| } {1 {database disk image is malformed}} |
| |
| #------------------------------------------------------------------------- |
| # At one point an assert() would fail if attempt was made to free page 1. |
| # |
| reset_db |
| do_execsql_test 8.0 { |
| PRAGMA auto_vacuum=0; |
| CREATE TABLE t1(x); |
| INSERT INTO t1 VALUES(zeroblob(300)); |
| INSERT INTO t1 VALUES(zeroblob(300)); |
| INSERT INTO t1 VALUES(zeroblob(300)); |
| INSERT INTO t1 VALUES(zeroblob(300)); |
| } {} |
| |
| do_test 8.1 { |
| db close |
| hexio_write test.db [expr 1024 + 8] 00000001 |
| sqlite3 db test.db |
| catchsql { DELETE FROM t1 } |
| } {1 {database disk image is malformed}} |
| |
| do_test 8.2 { |
| db close |
| sqlite3 db test.db |
| execsql { PRAGMA integrity_check } |
| } {/.*in database main.*/} |
| |
| |
| finish_test |