From: drh <> Date: Fri, 4 Nov 2022 11:54:42 +0000 (+0000) Subject: Enhance the ability of the OP_Found and similar opcodes to detect truncated X-Git-Tag: version-3.40.0~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=093677add459cac0f472a64d22af0b547562b074;p=thirdparty%2Fsqlite.git Enhance the ability of the OP_Found and similar opcodes to detect truncated index records and report SQLITE_CORRUPT. dbsqlfuzz 2b12f90aeff8e081706c7e9b58834f04869f446c. Test cases in TH3. FossilOrigin-Name: 059a09da2c5fd9c7e723c713565fbaf71602079feef0704129cc5cbbd0033936 --- diff --git a/manifest b/manifest index 722381d98d..98392fbb49 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Correct\ssqlite3-wasm.c's\sSQLITE_DEFAULT_CACHE_SIZE\s(it's\smeasured\sin\skb,\snot\sbytes). -D 2022-11-04T09:02:21.697 +C Enhance\sthe\sability\sof\sthe\sOP_Found\sand\ssimilar\sopcodes\sto\sdetect\struncated\nindex\srecords\sand\sreport\sSQLITE_CORRUPT.\ndbsqlfuzz\s2b12f90aeff8e081706c7e9b58834f04869f446c.\s\sTest\scases\sin\sTH3. +D 2022-11-04T11:54:42.284 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -712,7 +712,7 @@ F src/vdbe.c 0c7cb1b934ad8611e14e7efaf2c3a95df7dd3f7964d63ea07fef42a23df86131 F src/vdbe.h 58675f47dcf3105bab182c3ad3726efd60ffd003e954386904ac9107d0d2b743 F src/vdbeInt.h 17b7461ffcf9ee760d1341731715a419f6b8c763089a7ece25c2e8098d702b3f F src/vdbeapi.c 1e8713d0b653acb43cd1bdf579c40e005c4844ea90f414f065946a83db3c27fb -F src/vdbeaux.c 6d0a75c1fbc7efea6924f6895ebceca664001464bc7ac56949d3c60aa5e498a0 +F src/vdbeaux.c 87684b89877eae0c58c78b340bb5356aa1c8fb1dd650b29410c8b745aeeb20b5 F src/vdbeblob.c 5e61ce31aca17db8fb60395407457a8c1c7fb471dde405e0cd675974611dcfcd F src/vdbemem.c 6cfed43758d57b6e3b99d9cdedfeccd86e45a07e427b22d8487cbdbebb6c522a F src/vdbesort.c 43756031ca7430f7aec3ef904824a7883c4ede783e51f280d99b9b65c0796e35 @@ -901,7 +901,7 @@ F test/corruptH.test 79801d97ec5c2f9f3c87739aa1ec2eb786f96454 F test/corruptI.test a17bbf54fdde78d43cf3cc34b0057719fd4a173a3d824285b67dc5257c064c7b F test/corruptJ.test 4d5ccc4bf959464229a836d60142831ef76a5aa4 F test/corruptK.test 5b4212fe346699831c5ad559a62c54e11c0611bdde1ea8423a091f9c01aa32af -F test/corruptL.test ecce40d7b9b909a670a42a45d86e30d927735d7e7f09041af438b19529d35532 +F test/corruptL.test 7fcb0686fb7ca6e758753fcae7edf5b7f8904f7f81e9c218c9dab01c67331029 F test/corruptM.test 7d574320e08c1b36caa3e47262061f186367d593a7e305d35f15289cc2c3e067 F test/corruptN.test 7c099d153a554001b4fb829c799b01f2ea6276cbc32479131e0db0da4efd9cc4 F test/cost.test b11cdbf9f11ffe8ef99c9881bf390e61fe92baf2182bad1dbe6de59a7295c576 @@ -2054,8 +2054,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P e55d8eba83012492d85418dc0faedce5896027ecc70295a5ca1826f61a5edbaf -R ed499c9cb026bf1534e3c8df6cd8d101 -U stephan -Z 6c99d342f72317b3aef3c23e350c462b +P 479ad980dfe509403e184e39a5aa441171e47b3297e05039f85516e72e9f15be +R ea5a2ea0615ceff4124a8a06806293de +U drh +Z 42163979e271d3b2ca0257f8b39abb54 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 5db0742a44..81d7094062 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -479ad980dfe509403e184e39a5aa441171e47b3297e05039f85516e72e9f15be \ No newline at end of file +059a09da2c5fd9c7e723c713565fbaf71602079feef0704129cc5cbbd0033936 \ No newline at end of file diff --git a/src/vdbeaux.c b/src/vdbeaux.c index 131740ac6c..2e5e769d74 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -4575,7 +4575,7 @@ int sqlite3VdbeRecordCompareWithSkip( assert( pPKey2->pKeyInfo->aSortFlags!=0 ); assert( pPKey2->pKeyInfo->nKeyField>0 ); assert( idx1<=szHdr1 || CORRUPT_DB ); - do{ + while( 1 /*exit-by-break*/ ){ u32 serial_type; /* RHS is an integer */ @@ -4713,8 +4713,13 @@ int sqlite3VdbeRecordCompareWithSkip( if( i==pPKey2->nField ) break; pRhs++; d1 += sqlite3VdbeSerialTypeLen(serial_type); + if( d1>(unsigned)nKey1 ) break; idx1 += sqlite3VarintLen(serial_type); - }while( idx1<(unsigned)szHdr1 && d1<=(unsigned)nKey1 ); + if( idx1>=(unsigned)szHdr1 ){ + pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT; + return 0; /* Corrupt index */ + } + } /* No memory allocation is ever used on mem1. Prove this using ** the following assert(). If the assert() fails, it indicates a diff --git a/test/corruptL.test b/test/corruptL.test index 7361a0b35e..98b7de31e2 100644 --- a/test/corruptL.test +++ b/test/corruptL.test @@ -1479,13 +1479,8 @@ do_test 19.0 { do_execsql_test 19.1 { PRAGMA writable_schema=ON; } - -set err "UNIQUE constraint failed: index 'a'" -ifcapable oversize_cell_check { - set err "database disk image is malformed" -} do_catchsql_test 19.2 { UPDATE t1 SET a=1; -} [list 1 $err] +} {1 {database disk image is malformed}} finish_test