From: dan Date: Mon, 8 Nov 2021 15:46:08 +0000 (+0000) Subject: Fix an assert() in memdbTruncate() that could fail when processing a corrupt database. X-Git-Tag: version-3.37.0~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1a39e4561960582d83b84b3fcaf4826e1d9eb8e1;p=thirdparty%2Fsqlite.git Fix an assert() in memdbTruncate() that could fail when processing a corrupt database. FossilOrigin-Name: b1e2929860557cf88f98f0a4f2472e1a16be126bbb8050f0d728350f0cfe987a --- diff --git a/manifest b/manifest index 6e1e5337d6..6d595de1c3 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Ensure\sthat\sthe\swindow\sfunction\srewrite\sdoes\snot\sleave\sthe\sparse\stree\nin\san\sinvalid\sstate\sthat\smight\scause\sproblems\sdownstream\sbefore\sthe\nerror\sis\srecognized\sand\sunwinds\sthe\sstack.\s\sAlso\stake\ssteps\ssuch\sthat\nan\sinvalid\sparse\stree\sdoes\snot\scause\sproblems\seven\sif\sit\sgoes\s\nunrecognized.\s\s\n[forum:/forumpost/398e9d5aa9|Forum\spost\s398e9d5aa9]. -D 2021-11-07T23:33:01.004 +C Fix\san\sassert()\sin\smemdbTruncate()\sthat\scould\sfail\swhen\sprocessing\sa\scorrupt\sdatabase. +D 2021-11-08T15:46:08.854 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -521,7 +521,7 @@ F src/mem1.c c12a42539b1ba105e3707d0e628ad70e611040d8f5e38cf942cee30c867083de F src/mem2.c c8bfc9446fd0798bddd495eb5d9dbafa7d4b7287d8c22d50a83ac9daa26d8a75 F src/mem3.c 30301196cace2a085cbedee1326a49f4b26deff0af68774ca82c1f7c06fda4f6 F src/mem5.c 9bf955937b07f8c32541c8a9991f33ce3173d944 -F src/memdb.c a6c2bb1257c3398b4dd058f81888d647472b140bb1d262d47be50606eed75d55 +F src/memdb.c c2dc88f97c410eb68a24468344b65526685e18354ddfd15906750c1eaf9dc2dd F src/memjournal.c a85f0dc5c02a42453d0bc3819ecfb5666cb6433e5deefcd93ccbe05c9f088b83 F src/msvc.h 3a15918220367a8876be3fa4f2abe423a861491e84b864fb2b7426bf022a28f8 F src/mutex.c 5e3409715552348732e97b9194abe92fdfcd934cfb681df4ba0ab87ac6c18d25 @@ -1199,7 +1199,7 @@ F test/malloctraceviewer.tcl b7a54595270c1d201abf1c3f3d461f27eaf24cdef623ad08a0f F test/manydb.test 28385ae2087967aa05c38624cec7d96ec74feb3e F test/mem5.test c6460fba403c5703141348cd90de1c294188c68f F test/memdb.test c1f2a343ad14398d5d6debda6ea33e80d0dafcc7 -F test/memdb1.test 1705e850e32969b61e19cbbc9d8a3ba3ba310092812d10948b8303394bf00f40 +F test/memdb1.test ddc9ca6528fa1248b0fe76009e70a903f0e88065192a1f23199c6861b5758940 F test/memjournal.test 70f3a00c7f84ee2978ad14e831231caa1e7f23915a2c54b4f775a021d5740c6c F test/memleak.test 10b9c6c57e19fc68c32941495e9ba1c50123f6e2 F test/memsubsys1.test 9e7555a22173b8f1c96c281ce289b338fcba2abe8b157f8798ca195bbf1d347e @@ -1931,7 +1931,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 0dc963f63aebc42960125f96865029f16b3f6867126aab350da12882505edb82 -R 3e89981cb2c8fbf47d84ee585ebde83e -U drh -Z 073fd661537b1ec07fc06b4c7f20875c +P 0f9fc6b6073365d5159cd71e7fe08f8dadbc7b42abd324361e809502f4359155 +R d589207b4da48162e0cabc9d665e988e +U dan +Z 002c28892e3ca1452bf9a4418afbeb4c diff --git a/manifest.uuid b/manifest.uuid index fe0c9ac0b1..e3f31aedab 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -0f9fc6b6073365d5159cd71e7fe08f8dadbc7b42abd324361e809502f4359155 \ No newline at end of file +b1e2929860557cf88f98f0a4f2472e1a16be126bbb8050f0d728350f0cfe987a \ No newline at end of file diff --git a/src/memdb.c b/src/memdb.c index 1cc9fc2e68..31b2324b93 100644 --- a/src/memdb.c +++ b/src/memdb.c @@ -331,8 +331,9 @@ static int memdbTruncate(sqlite3_file *pFile, sqlite_int64 size){ MemStore *p = ((MemFile*)pFile)->pStore; int rc = SQLITE_OK; memdbEnter(p); - if( NEVER(size>p->sz) ){ - rc = SQLITE_FULL; + if( size>p->sz ){ + /* This can only happen with a corrupt wal mode db */ + rc = SQLITE_CORRUPT; }else{ p->sz = size; } diff --git a/test/memdb1.test b/test/memdb1.test index 93b638feaa..122d9290c1 100644 --- a/test/memdb1.test +++ b/test/memdb1.test @@ -229,4 +229,40 @@ ifcapable vtab { } {1 {table t1 already exists}} } + +#------------------------------------------------------------------------- +# dbsqlfuzz 0a13dfb474d4f2f11a48a2ea57075c96fb456dd7 +# +reset_db +do_execsql_test 800 { + PRAGMA autovacuum = 0; + PRAGMA page_size = 8192; + PRAGMA journal_mode = wal; + CREATE TABLE t1(x, y); + INSERT INTO t1 VALUES(1, 2); + CREATE TABLE t2(x, y); +} {wal} +db close + +set fd [open test.db] +fconfigure $fd -translation binary -encoding binary +set data [read $fd [expr 20*1024]] + +sqlite3 db "" +db deserialize $data + +do_execsql_test 810 { + PRAGMA locking_mode = exclusive; + SELECT * FROM t1 +} {exclusive 1 2} + +do_execsql_test 820 { + INSERT INTO t1 VALUES(3, 4); + SELECT * FROM t1; +} {1 2 3 4} + +do_catchsql_test 830 { + PRAGMA wal_checkpoint; +} {1 {database disk image is malformed}} + finish_test