From: dan Date: Thu, 8 Apr 2021 15:19:46 +0000 (+0000) Subject: Handle a special case of corruption that can present if "PRAGMA writable_schema=1... X-Git-Tag: version-3.36.0~232 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1bae648b7329a725338a6beee45d93c7caf0db35;p=thirdparty%2Fsqlite.git Handle a special case of corruption that can present if "PRAGMA writable_schema=1" is set. Fix for dbsqlfuzz test case 6229ad63de49e3ba0630aaf0058868f36008bcca. FossilOrigin-Name: 58f36af2271517abafa9f4a46f2a5f97e66c001675c17868282197d599603d1b --- diff --git a/manifest b/manifest index 2f6e379c5d..4826bf41a4 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Hardden\sthe\sfilter_over\sgrammar\srule\sagainst\sOOM\sfaults.\ndbsqlfuzz\se47c54502a9c36778a5ed553199d5870e2ebd9f2 -D 2021-04-08T14:15:26.728 +C Handle\sa\sspecial\scase\sof\scorruption\sthat\scan\spresent\sif\s"PRAGMA\swritable_schema=1"\sis\sset.\sFix\sfor\sdbsqlfuzz\stest\scase\s6229ad63de49e3ba0630aaf0058868f36008bcca. +D 2021-04-08T15:19:46.185 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -483,7 +483,7 @@ F src/auth.c 08954fdc4cc2da5264ba5b75cfd90b67a6fc7d1710a02ccf917c38eadec77853 F src/backup.c 3014889fa06e20e6adfa0d07b60097eec1f6e5b06671625f476a714d2356513d F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 -F src/btree.c bd7d9d608f42c0202c03acd13e47de1fbb14bd0f79dc09f4142cbc58671fb01d +F src/btree.c 829bf06416fcc8b3ab1bca01475c82ff47d75e06b2786a0dcebc695d37ae239e F src/btree.h 096cc53baa58be22b02c896d1cf933c38cfc6d65f9253c1367ece8cc88a24de5 F src/btreeInt.h 7bc15a24a02662409ebcd6aeaa1065522d14b7fda71573a2b0568b458f514ae0 F src/build.c 3a63a0dd142e238247fba0c20d6321ef1a8917de7814657ad279a02d2ff6da78 @@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 38a1085cbd5b6dd5f418efa15c6da05de781f794b8f3dad3f871c96019fed099 -R 1d7c0bfa4648db3fd607bbdef3ff6d40 -U drh -Z ef9e8dda92779cb066dd8a613f6189de +P f375f541efee520042be83548ad96dfa889e2c349eda5db7612ac2336dd4e4f9 +R 399e530b9b47e95d4c487623c13f5939 +U dan +Z a74485b8a62e83c22667a323b825dd17 diff --git a/manifest.uuid b/manifest.uuid index f8c819da55..87b4d239a2 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -f375f541efee520042be83548ad96dfa889e2c349eda5db7612ac2336dd4e4f9 \ No newline at end of file +58f36af2271517abafa9f4a46f2a5f97e66c001675c17868282197d599603d1b \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index 82caeff0fa..88b4d61b18 100644 --- a/src/btree.c +++ b/src/btree.c @@ -8698,9 +8698,20 @@ int sqlite3BtreeInsert( assert( (flags & (BTREE_SAVEPOSITION|BTREE_APPEND|BTREE_PREFORMAT))==flags ); assert( (flags & BTREE_PREFORMAT)==0 || seekResult || pCur->pKeyInfo==0 ); - if( pCur->eState==CURSOR_FAULT ){ - assert( pCur->skipNext!=SQLITE_OK ); - return pCur->skipNext; + if( pCur->eState>=CURSOR_REQUIRESEEK ){ + /* The cursor can be in REQUIRESEEK state when seekResult is non-zero + ** only if the schema is corrupt such that there is more than one table or + ** index with the same root page as used by the cursor. Which can only + ** happen if the SQLITE_NoSchemaError flag was set when the schema was + ** loaded. This cannot be asserted though, as a user might set the flag, + ** load the schema, and then unset the flag. */ + assert( pCur->eState==CURSOR_REQUIRESEEK || pCur->eState==CURSOR_FAULT ); + assert( pCur->eState==CURSOR_REQUIRESEEK || pCur->skipNext!=SQLITE_OK ); + if( pCur->eState==CURSOR_REQUIRESEEK ){ + if( seekResult ) return SQLITE_CORRUPT_BKPT; + }else{ + return pCur->skipNext; + } } assert( cursorOwnsBtShared(pCur) );