-C Documentation\supdates:\s\sDescribe\srecursion\scapabilities\sfor\sthe\svarious\ncallbacks.\s(CVS\s5688)
-D 2008-09-10T13:09:24
+C Fix\sfor\shandling\sdatabase\sfiles\scorrupted\sin\ssuch\sa\swas\sas\sto\smake\sa\sb-tree\spage\sa\sdirect\sor\sindirect\sdescendant\sof\sitself.\s(CVS\s5689)
+D 2008-09-10T14:45:58
F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
F Makefile.in d15a7ebfe5e057a72a49805ffb302dbb601c8329
F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
F src/auth.c c8b2ab5c8bad4bd90ed7c294694f48269162c627
F src/bitvec.c 95c86bd18d8fedf0533f5af196192546e10a7e7d
F src/btmutex.c 709cad2cdca0afd013f0f612363810e53f59ec53
-F src/btree.c 6ea37de364f483496f60e47c996b429a9f313d54
+F src/btree.c 9e11a68fe66c751668e9fcd1b54c88d60f832b47
F src/btree.h 6371c5e599fab391a150c96afbc10062b276d107
F src/btreeInt.h ab18c7b4980314e9e4b402e5dcde09f3c2545576
F src/build.c 160c71acca8f643f436ed6c1ee2f684c88df4dfe
F test/corrupt8.test 9992ef7f67cefc576b92373f6bf5ab8775280f51
F test/corrupt9.test 794d284109c65c8f10a2b275479045e02d163bae
F test/corruptA.test 99e95620b980161cb3e79f06a884a4bb8ae265ff
+F test/corruptB.test 547c5f96a6c2b6d316f4b888c2d8186fc186579f
F test/crash.test 1b6ac8410689ff78028887f445062dc897c9ac89
F test/crash2.test 5b14d4eb58b880e231361d3b609b216acda86651
F test/crash3.test 776f9363554c029fcce71d9e6600fa0ba6359ce7
F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
F tool/speedtest8.c 1dbced29de5f59ba2ebf877edcadf171540374d1
F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P 099adfd31167a78d803e2992e5f50cf4e292dd43
-R 7853a8a5ccb659e8bb6ea1c2c2871c9f
-U drh
-Z d85bcb69ec2b69991a86141e52428a8c
+P edd80811d702bc0d7a25199d193c04ea057df4de
+R 86a7c41a00b3787bf3d3b2cfbbdffc97
+U danielk1977
+Z 5931af1cdd92a17ee908521206422339
** May you share freely, never taking more than you give.
**
*************************************************************************
-** $Id: btree.c,v 1.509 2008/09/05 05:02:47 danielk1977 Exp $
+** $Id: btree.c,v 1.510 2008/09/10 14:45:58 danielk1977 Exp $
**
** This file implements a external (disk-based) database using BTrees.
** See the header comment on "btreeInt.h" for additional information.
assert( pPage->pgno==sqlite3PagerPagenumber(pPage->pDbPage) );
assert( pPage == sqlite3PagerGetExtra(pPage->pDbPage) );
assert( pPage->aData == sqlite3PagerGetData(pPage->pDbPage) );
+ if( pPage==pParent ){
+ return SQLITE_CORRUPT_BKPT;
+ }
if( pPage->pParent!=pParent && (pPage->pParent!=0 || pPage->isInit) ){
/* The parent page should never change unless the file is corrupt */
return SQLITE_CORRUPT_BKPT;
){
int rc;
assert( sqlite3_mutex_held(pBt->mutex) );
+ assert( !pParent || pParent->isInit );
if( pgno==0 ){
return SQLITE_CORRUPT_BKPT;
}
rc = sqlite3BtreeGetPage(pBt, pgno, ppPage, 0);
- if( rc==SQLITE_OK && (*ppPage)->isInit==0 ){
- rc = sqlite3BtreeInitPage(*ppPage, pParent);
+ if( rc==SQLITE_OK ){
+ if( (*ppPage)->isInit==0 ){
+ rc = sqlite3BtreeInitPage(*ppPage, pParent);
+ }else if( pParent && ((*ppPage)==pParent || (*ppPage)->pParent!=pParent) ){
+ /* This condition indicates a loop in the b-tree structure (the scenario
+ ** where database corruption has caused a page to be a direct or
+ ** indirect descendant of itself).
+ */
+ rc = SQLITE_CORRUPT_BKPT;
+ }
if( rc!=SQLITE_OK ){
releasePage(*ppPage);
*ppPage = 0;
}
}
+
return rc;
}
for(i=0; i<pPage->nCell; i++){
pCell = findCell(pPage, i);
if( !pPage->leaf ){
- rc = clearDatabasePage(pBt, get4byte(pCell), pPage->pParent, 1);
+ rc = clearDatabasePage(pBt, get4byte(pCell), pPage, 1);
if( rc ) goto cleardatabasepage_out;
}
rc = clearCell(pPage, pCell);
if( rc ) goto cleardatabasepage_out;
}
if( !pPage->leaf ){
- rc = clearDatabasePage(pBt, get4byte(&pPage->aData[8]), pPage->pParent, 1);
+ rc = clearDatabasePage(pBt, get4byte(&pPage->aData[8]), pPage, 1);
if( rc ) goto cleardatabasepage_out;
}
if( freePageFlag ){
--- /dev/null
+# 2008 Sep 10
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#***********************************************************************
+# This file implements regression tests for SQLite library.
+#
+# This file implements tests to make sure SQLite does not crash or
+# segfault if it sees a corrupt database file. It specifically focuses
+# on loops in the B-Tree structure. A loop is formed in a B-Tree structure
+# when there exists a page that is both an a descendent or ancestor of
+# itself.
+#
+# $Id: corruptB.test,v 1.1 2008/09/10 14:45:58 danielk1977 Exp $
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+
+
+do_test corruptB-1.1 {
+ execsql {
+ PRAGMA auto_vacuum = 1;
+ CREATE TABLE t1(x);
+ INSERT INTO t1 VALUES(randomblob(200));
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ }
+ expr {[file size test.db] > (1024*9)}
+} {1}
+integrity_check corruptB-1.2
+
+file copy -force test.db bak.db
+
+# Set the right-child of a B-Tree rootpage to refer to the root-page itself.
+#
+do_test corruptB-1.3.1 {
+ set ::root [execsql {SELECT rootpage FROM sqlite_master}]
+ set ::offset [expr {($::root-1)*1024}]
+ hexio_write test.db [expr $offset+8] [hexio_render_int32 $::root]
+} {4}
+do_test corruptB-1.3.2 {
+ sqlite3 db test.db
+ catchsql { SELECT * FROM t1 }
+} {1 {database disk image is malformed}}
+
+# Set the left-child of a cell in a B-Tree rootpage to refer to the
+# root-page itself.
+#
+do_test corruptB-1.4.1 {
+ db close
+ file copy -force bak.db test.db
+ set cell_offset [hexio_get_int [hexio_read test.db [expr $offset+12] 2]]
+ hexio_write test.db [expr $offset+$cell_offset] [hexio_render_int32 $::root]
+} {4}
+do_test corruptB-1.4.2 {
+ sqlite3 db test.db
+ catchsql { SELECT * FROM t1 }
+} {1 {database disk image is malformed}}
+
+# Now grow the table B-Tree so that it is more than 2 levels high.
+#
+do_test corruptB-1.5.1 {
+ db close
+ file copy -force bak.db test.db
+ sqlite3 db test.db
+ execsql {
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ INSERT INTO t1 SELECT randomblob(200) FROM t1;
+ }
+} {}
+
+file copy -force test.db bak.db
+
+# Set the right-child pointer of the right-child of the root page to point
+# back to the root page.
+#
+do_test corruptB-1.6.1 {
+ db close
+ set iRightChild [hexio_get_int [hexio_read test.db [expr $offset+8] 4]]
+ set c_offset [expr ($iRightChild-1)*1024]
+ hexio_write test.db [expr $c_offset+8] [hexio_render_int32 $::root]
+} {4}
+do_test corruptB-1.6.2 {
+ sqlite3 db test.db
+ catchsql { SELECT * FROM t1 }
+} {1 {database disk image is malformed}}
+
+# Set the left-child pointer of a cell of the right-child of the root page to
+# point back to the root page.
+#
+do_test corruptB-1.7.1 {
+ db close
+ file copy -force bak.db test.db
+ set cell_offset [hexio_get_int [hexio_read test.db [expr $c_offset+12] 2]]
+ hexio_write test.db [expr $c_offset+$cell_offset] [hexio_render_int32 $::root]
+} {4}
+do_test corruptB-1.7.2 {
+ sqlite3 db test.db
+ catchsql { SELECT * FROM t1 }
+} {1 {database disk image is malformed}}
+
+do_test corruptB-1.8.1 {
+ db close
+ set cell_offset [hexio_get_int [hexio_read test.db [expr $offset+12] 2]]
+ set iLeftChild [
+ hexio_get_int [hexio_read test.db [expr $offset+$cell_offset] 4]
+ ]
+ set c_offset [expr ($iLeftChild-1)*1024]
+ hexio_write test.db [expr $c_offset+8] [hexio_render_int32 $::root]
+} {4}
+do_test corruptB-1.8.2 {
+ sqlite3 db test.db
+ catchsql { SELECT * FROM t1 }
+} {1 {database disk image is malformed}}
+
+# Set the left-child pointer of a cell of the right-child of the root page to
+# point back to the root page.
+#
+do_test corruptB-1.9.1 {
+ db close
+ file copy -force bak.db test.db
+ set cell_offset [hexio_get_int [hexio_read test.db [expr $c_offset+12] 2]]
+ hexio_write test.db [expr $c_offset+$cell_offset] [hexio_render_int32 $::root]
+} {4}
+do_test corruptB-1.9.2 {
+ sqlite3 db test.db
+ catchsql { SELECT * FROM t1 }
+} {1 {database disk image is malformed}}
+
+finish_test
+
projects / thirdparty / sqlite.git / commitdiff
