1 # 2008 June 11 2 # 3 # The author disclaims copyright to this source code. In place of 4 # a legal notice, here is a blessing: 5 # 6 # May you do good and not evil. 7 # May you find forgiveness for yourself and forgive others. 8 # May you share freely, never taking more than you give. 9 # 10 #*********************************************************************** 11 # This file implements regression tests for SQLite library. 12 # 13 # This file implements tests to make sure SQLite does not crash or 14 # segfault if it sees a corrupt database file. It specifically focuses 15 # on corrupt cell offsets in a btree page. 16 # 17 # $Id: corrupt7.test,v 1.8 2009/08/10 10:18:08 danielk1977 Exp $ 18 19 set testdir [file dirname $argv0] 20 source $testdir/tester.tcl 21 22 # Do not use a codec for tests in this file, as the database file is 23 # manipulated directly using tcl scripts (using the [hexio_write] command). 24 # 25 do_not_use_codec 26 27 # We must have the page_size pragma for these tests to work. 28 # 29 ifcapable !pager_pragmas { 30 finish_test 31 return 32 } 33 34 # Create a simple, small database. 35 # 36 do_test corrupt7-1.1 { 37 execsql { 38 PRAGMA auto_vacuum=OFF; 39 PRAGMA page_size=1024; 40 CREATE TABLE t1(x); 41 INSERT INTO t1(x) VALUES(1); 42 INSERT INTO t1(x) VALUES(2); 43 INSERT INTO t1(x) SELECT x+2 FROM t1; 44 INSERT INTO t1(x) SELECT x+4 FROM t1; 45 INSERT INTO t1(x) SELECT x+8 FROM t1; 46 } 47 file size test.db 48 } [expr {1024*2}] 49 50 # Verify that the file format is as we expect. The page size 51 # should be 1024 bytes. 52 # 53 do_test corrupt7-1.2 { 54 hexio_get_int [hexio_read test.db 16 2] 55 } 1024 ;# The page size is 1024 56 do_test corrupt7-1.3 { 57 hexio_get_int [hexio_read test.db 20 1] 58 } 0 ;# Unused bytes per page is 0 59 60 integrity_check corrupt7-1.4 61 62 # Deliberately corrupt some of the cell offsets in the btree page 63 # on page 2 of the database. 64 # 65 # The error message is different depending on whether or not the 66 # SQLITE_ENABLE_OVERSIZE_CELL_CHECK compile-time option is engaged. 67 # 68 ifcapable oversize_cell_check { 69 do_test corrupt7-2.1 { 70 db close 71 hexio_write test.db 1062 FF 72 sqlite3 db test.db 73 db eval {PRAGMA integrity_check(1)} 74 } {{*** in database main *** 75 Page 2: btreeInitPage() returns error code 11}} 76 do_test corrupt7-2.2 { 77 db close 78 hexio_write test.db 1062 04 79 sqlite3 db test.db 80 db eval {PRAGMA integrity_check(1)} 81 } {{*** in database main *** 82 Page 2: btreeInitPage() returns error code 11}} 83 } else { 84 do_test corrupt7-2.1 { 85 db close 86 hexio_write test.db 1062 FF 87 sqlite3 db test.db 88 db eval {PRAGMA integrity_check(1)} 89 } {{*** in database main *** 90 Corruption detected in cell 15 on page 2}} 91 do_test corrupt7-2.2 { 92 db close 93 hexio_write test.db 1062 04 94 sqlite3 db test.db 95 db eval {PRAGMA integrity_check(1)} 96 } {{*** in database main *** 97 On tree page 2 cell 15: Rowid 0 out of order (previous was 15)}} 98 } 99 100 # The code path that was causing the buffer overrun that this test 101 # case was checking for was removed. 102 # 103 #do_test corrupt7-3.1 { 104 # execsql { 105 # DROP TABLE t1; 106 # CREATE TABLE t1(a, b); 107 # INSERT INTO t1 VALUES(1, 'one'); 108 # INSERT INTO t1 VALUES(100, 'one hundred'); 109 # INSERT INTO t1 VALUES(100000, 'one hundred thousand'); 110 # CREATE INDEX i1 ON t1(b); 111 # } 112 # db close 113 # 114 # # Locate the 3rd cell in the index. 115 # set cell_offset [hexio_get_int [hexio_read test.db [expr 1024*2 + 12] 2]] 116 # incr cell_offset [expr 1024*2] 117 # incr cell_offset 1 118 # 119 # # This write corrupts the "header-size" field of the database record 120 # # stored in the index cell. At one point this was causing sqlite to 121 # # reference invalid memory. 122 # hexio_write test.db $cell_offset FFFF7F 123 # 124 # sqlite3 db test.db 125 # catchsql { 126 # SELECT b FROM t1 WHERE b > 'o' AND b < 'p'; 127 # } 128 #} {1 {database disk image is malformed}} 129 130 finish_test 131
