]> git.ipfire.org Git - thirdparty/sqlite.git/commitdiff
On the first connection to a WAL-mode database that was not cleanly shut down
authordrh <drh@noemail.net>
Thu, 11 Oct 2018 13:51:48 +0000 (13:51 +0000)
committerdrh <drh@noemail.net>
Thu, 11 Oct 2018 13:51:48 +0000 (13:51 +0000)
and contains a left-over -shm file, truncate the -shm file to 3 bytes instead
of to 0 bytes. Avoiding a truncation to 0 means that system monitoring tools
can better detect if a process illegitimately tries to truncate a -shm file.
Such a rogue process might think it is being helpful by cleaning up old files,
but there is a race condition that can cause damage to the database.

FossilOrigin-Name: 90cf32cde072a305f30c75a71665d1f9e23e805c0a49f5306f015c056dd70f0c

manifest
manifest.uuid
src/os_unix.c

index c44252b604cd515b3bb6813f458cac65cc78c4b4..3584c8263d3bf1da469f882bcccfb2d49bbf5a9f 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C In\sthe\sCLI,\sfix\sa\sfile\sdescriptor\sleak\sfollowing\sOOM\sand\sa\smissing\sva_end()\ncall.
-D 2018-10-11T10:37:24.495
+C On\sthe\sfirst\sconnection\sto\sa\sWAL-mode\sdatabase\sthat\swas\snot\scleanly\sshut\sdown\nand\scontains\sa\sleft-over\s-shm\sfile,\struncate\sthe\s-shm\sfile\sto\s3\sbytes\sinstead\nof\sto\s0\sbytes.\sAvoiding\sa\struncation\sto\s0\smeans\sthat\ssystem\smonitoring\stools\ncan\sbetter\sdetect\sif\sa\sprocess\sillegitimately\stries\sto\struncate\sa\s-shm\sfile.\nSuch\sa\srogue\sprocess\smight\sthink\sit\sis\sbeing\shelpful\sby\scleaning\sup\sold\sfiles,\nbut\sthere\sis\sa\srace\scondition\sthat\scan\scause\sdamage\sto\sthe\sdatabase.
+D 2018-10-11T13:51:48.266
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in 01e95208a78b57d056131382c493c963518f36da4c42b12a97eb324401b3a334
@@ -487,7 +487,7 @@ F src/os.c 8aeb0b0f40f8f5b0da03fe49706695adaf42d2f516ab95abc72e86c245e119de
 F src/os.h 48388821692e87da174ea198bf96b1b2d9d83be5dfc908f673ee21fafbe0d432
 F src/os_common.h b2f4707a603e36811d9b1a13278bffd757857b85
 F src/os_setup.h 0dbaea40a7d36bf311613d31342e0b99e2536586
-F src/os_unix.c d4483c1a5462c9f03a4d62655cb208bc6434e549d614b132f652a747bcac9d32
+F src/os_unix.c f6e91b8fd82af7afbfd073c4974ad6cdb8e62d9f65ceddb45167835a0567fdc0
 F src/os_win.c 070cdbb400097c6cda54aa005356095afdc2f3ee691d17192c54724ef146a971
 F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a
 F src/pager.c a0d8f686ef64549ad5b356fd30429bd9ee7a06dd42b4d6faa096352ff26b1c5b
@@ -1771,7 +1771,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 7fbb083c5cf0948af3624b7538ffa086f77de27a3e84a7039ae7d6574f1a3a54
-R b6834208f7c836cdc5642ce75ee0475c
+P ec36d15a9e349f4295a9e2215dea0a18e9276e0e4ce2d05021e6b467ab7763bb
+R dd28e1032e7501a10c527d67fc7e62ed
 U drh
-Z 331652a34e41515169becdfffb61b371
+Z de92fbcb4550e9f483f9e1ba42f7c62c
index b0332906bdbae1a5841579a8b1b6c7be4c82467c..db516281c952133433433f89ec0e0a4941b0b927 100644 (file)
@@ -1 +1 @@
-ec36d15a9e349f4295a9e2215dea0a18e9276e0e4ce2d05021e6b467ab7763bb
\ No newline at end of file
+90cf32cde072a305f30c75a71665d1f9e23e805c0a49f5306f015c056dd70f0c
\ No newline at end of file
index 4228aaaf05c2f6c3945b746c3e7824eab4452f7d..f20763e5b0bc96dbdb7947ec6f919081d946c845 100644 (file)
@@ -4435,7 +4435,12 @@ static int unixLockSharedMemory(unixFile *pDbFd, unixShmNode *pShmNode){
       rc = SQLITE_READONLY_CANTINIT;
     }else{
       rc = unixShmSystemLock(pDbFd, F_WRLCK, UNIX_SHM_DMS, 1);
-      if( rc==SQLITE_OK && robust_ftruncate(pShmNode->hShm, 0) ){
+      /* The first connection to attach must truncate the -shm file.  We
+      ** truncate to 3 bytes (an arbitrary small number, less than the
+      ** -shm header size) rather than 0 as a system debugging aid, to
+      ** help detect if a -shm file truncation is legitimate or is the work
+      ** or a rogue process. */
+      if( rc==SQLITE_OK && robust_ftruncate(pShmNode->hShm, 3) ){
         rc = unixLogError(SQLITE_IOERR_SHMOPEN,"ftruncate",pShmNode->zFilename);
       }
     }