From: dan Date: Fri, 28 Sep 2012 20:23:42 +0000 (+0000) Subject: Avoid calling sqlite3BtreeEnter() in a corner case where the corresponding database... X-Git-Tag: version-3.7.15~110 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0094f37e1f2483d9b65d3058ccdcf3642e672c85;p=thirdparty%2Fsqlite.git Avoid calling sqlite3BtreeEnter() in a corner case where the corresponding database handle mutex (sqlite3.mutex) may not be held. This prevents a potential deadlock or crash that can occur if the backup API, shared-cache mode and SQLITE_HAVE_CODEC are all in use. FossilOrigin-Name: 89b8c377a6f03d9fa885f3f94c1f0b1eec263dea --- diff --git a/manifest b/manifest index 1dc244597a..8cde120245 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Modify\sthe\sclearCell\sfunction\sto\suse\sSQLITE_CORRUPT_BKPT\sin\sthe\sone\splace\sit\swas\snot. -D 2012-09-28T18:13:35.369 +C Avoid\scalling\ssqlite3BtreeEnter()\sin\sa\scorner\scase\swhere\sthe\scorresponding\sdatabase\shandle\smutex\s(sqlite3.mutex)\smay\snot\sbe\sheld.\sThis\sprevents\sa\spotential\sdeadlock\sor\scrash\sthat\scan\soccur\sif\sthe\sbackup\sAPI,\sshared-cache\smode\sand\sSQLITE_HAVE_CODEC\sare\sall\sin\suse. +D 2012-09-28T20:23:42.567 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in 5f4f26109f9d80829122e0e09f9cda008fa065fb F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -118,11 +118,11 @@ F src/alter.c 0c1716aa8d248bd6bc750e23be4c68ad05f8668c F src/analyze.c 7553068d21e32a57fc33ab6b2393fc8c1ba41410 F src/attach.c 577bf5675b0c50495fc28549f2fcbdb1bac71143 F src/auth.c 523da7fb4979469955d822ff9298352d6b31de34 -F src/backup.c 5b31b24d6814b11de763debf342c8cd0a15a4910 +F src/backup.c afc067b9a9050ff48b9d46285c53d096c556a73d F src/bitvec.c 26675fe8e431dc555e6f2d0e11e651d172234aa1 F src/btmutex.c 976f45a12e37293e32cae0281b15a21d48a8aaa7 -F src/btree.c 6e1b481435d04055eda89d24ae93ecd7a99cdf56 -F src/btree.h 4aee02e879211bfcfd3f551769578d2e940ab6c2 +F src/btree.c 821615a1e1002346d84d2e341ecd5e947196454b +F src/btree.h 5e6482bcabf39455385e39c9739a5954e4775bba F src/btreeInt.h 4e5c2bd0f9b36b2a815a6d84f771a61a65830621 F src/build.c c4555e16f8ccdadb2616014c617ed8166c5a93f7 F src/callback.c 0cb4228cdcd827dcc5def98fb099edcc9142dbcd @@ -1017,7 +1017,7 @@ F tool/vdbe-compress.tcl f12c884766bd14277f4fcedcae07078011717381 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381 F tool/win/sqlite.vsix 67d8a99aceb56384a81b3f30d6c71743146d2cc9 -P 1e874629d7cf568368b912b295bd3001147d0b52 -R f05735be438496d52bd0a75864235756 -U mistachkin -Z ea13a29c0e73e27415324aa966ef2598 +P 472beb306a4fa7103837d4417aef7d66eef49993 +R ea9a9130bee4f18f6369bb310e898b80 +U dan +Z 63a6a40692fb8e85a92f7431b790c782 diff --git a/manifest.uuid b/manifest.uuid index 9dc405edef..7b4ca77e44 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -472beb306a4fa7103837d4417aef7d66eef49993 \ No newline at end of file +89b8c377a6f03d9fa885f3f94c1f0b1eec263dea \ No newline at end of file diff --git a/src/backup.c b/src/backup.c index 4881215e96..6abc11c20c 100644 --- a/src/backup.c +++ b/src/backup.c @@ -219,13 +219,16 @@ static int backupOnePage(sqlite3_backup *p, Pgno iSrcPg, const u8 *zSrcData){ const int nCopy = MIN(nSrcPgsz, nDestPgsz); const i64 iEnd = (i64)iSrcPg*(i64)nSrcPgsz; #ifdef SQLITE_HAS_CODEC - int nSrcReserve = sqlite3BtreeGetReserve(p->pSrc); + /* Use BtreeGetReserveNoMutex() for the source b-tree, as although it is + ** guaranteed that the shared-mutex is held by this thread, handle + ** p->pSrc may not actually be the owner. */ + int nSrcReserve = sqlite3BtreeGetReserveNoMutex(p->pSrc); int nDestReserve = sqlite3BtreeGetReserve(p->pDest); #endif - int rc = SQLITE_OK; i64 iOff; + assert( sqlite3BtreeGetReserveNoMutex(p->pSrc)>=0 ); assert( p->bDestLocked ); assert( !isFatalError(p->rc) ); assert( iSrcPg!=PENDING_BYTE_PAGE(p->pSrc->pBt) ); diff --git a/src/btree.c b/src/btree.c index 7eab9fe158..eff70f3b36 100644 --- a/src/btree.c +++ b/src/btree.c @@ -2200,6 +2200,22 @@ int sqlite3BtreeGetPageSize(Btree *p){ return p->pBt->pageSize; } +/* +** This function is similar to sqlite3BtreeGetReserve(), except that it +** may only be called if it is guaranteed that the b-tree mutex is already +** held. +** +** This is useful in one special case in the backup API code where it is +** known that the shared b-tree mutex is held, but the mutex on the +** database handle that owns *p is not. In this case if sqlite3BtreeEnter() +** were to be called, it might collide with some other operation on the +** database handle that owns *p, causing undefined behaviour. +*/ +int sqlite3BtreeGetReserveNoMutex(Btree *p){ + assert( sqlite3_mutex_held(p->pBt->mutex) ); + return p->pBt->pageSize - p->pBt->usableSize; +} + #if !defined(SQLITE_OMIT_PAGER_PRAGMAS) || !defined(SQLITE_OMIT_VACUUM) /* ** Return the number of bytes of space at the end of every page that diff --git a/src/btree.h b/src/btree.h index 95897d5662..5a894f5f22 100644 --- a/src/btree.h +++ b/src/btree.h @@ -71,6 +71,7 @@ int sqlite3BtreeMaxPageCount(Btree*,int); u32 sqlite3BtreeLastPage(Btree*); int sqlite3BtreeSecureDelete(Btree*,int); int sqlite3BtreeGetReserve(Btree*); +int sqlite3BtreeGetReserveNoMutex(Btree *p); int sqlite3BtreeSetAutoVacuum(Btree *, int); int sqlite3BtreeGetAutoVacuum(Btree *); int sqlite3BtreeBeginTrans(Btree*,int);