From: drh <> Date: Sun, 4 Apr 2021 23:56:15 +0000 (+0000) Subject: Fix an assert() in sqlite3BtreeLast() that needs an "|| CORRUPT_DB" term. X-Git-Tag: version-3.36.0~266 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=319deefdb99d0fee86a509565a392015e4387ecc;p=thirdparty%2Fsqlite.git Fix an assert() in sqlite3BtreeLast() that needs an "|| CORRUPT_DB" term. Dbsqlfuzz case b92b72e4de80b5140c30ab71372ca719b8feb618. FossilOrigin-Name: ad718388a1f6e25ceba43a40160fac0d9d9d3f26888e98d7b9db478c0b1780be --- diff --git a/manifest b/manifest index 6743af04ce..95f312fee5 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Avoid\scompile\serror\swhen\sSQLITE_OMIT_VIRTUALTABLE\sdefined. -D 2021-04-04T14:22:02.952 +C Fix\san\sassert()\sin\ssqlite3BtreeLast()\sthat\sneeds\san\s"||\sCORRUPT_DB"\sterm.\nDbsqlfuzz\scase\sb92b72e4de80b5140c30ab71372ca719b8feb618. +D 2021-04-04T23:56:15.323 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -483,7 +483,7 @@ F src/auth.c 08954fdc4cc2da5264ba5b75cfd90b67a6fc7d1710a02ccf917c38eadec77853 F src/backup.c 3014889fa06e20e6adfa0d07b60097eec1f6e5b06671625f476a714d2356513d F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 -F src/btree.c cfd2a37794532d765e235a2550ad2732924a6d06b07a3bc9f6a71750e3b3cca1 +F src/btree.c 800eb0b92406897130cec04073dfb0089bcda1e77acc0864ee60acb5fec5c5a2 F src/btree.h 096cc53baa58be22b02c896d1cf933c38cfc6d65f9253c1367ece8cc88a24de5 F src/btreeInt.h 7bc15a24a02662409ebcd6aeaa1065522d14b7fda71573a2b0568b458f514ae0 F src/build.c 06089aaf769ec1e91d1ba607442aa32c22aeb97200d47fe405ceb373adbdf2d7 @@ -800,7 +800,7 @@ F test/corruptJ.test 4d5ccc4bf959464229a836d60142831ef76a5aa4 F test/corruptK.test 5b4212fe346699831c5ad559a62c54e11c0611bdde1ea8423a091f9c01aa32af F test/corruptL.test 22589f503602cc5984e80f27f46c4de2134f24f1515ba2440513c377cb692258 F test/corruptM.test 7d574320e08c1b36caa3e47262061f186367d593a7e305d35f15289cc2c3e067 -F test/corruptN.test 781c5f26a2d8918f03d45ac4968a738031eeb113a4b153c7588756d9b09c7b04 +F test/corruptN.test c9d458e1cd456c1f7a2482ee4a14869755273a3d62ec1aaad7bcb48d3372db7a F test/cost.test b11cdbf9f11ffe8ef99c9881bf390e61fe92baf2182bad1dbe6de59a7295c576 F test/count.test 5364003488249957750a5f15ee42ca1cd7b100b1131c2dc71fff266a1250bf55 F test/countofview.test e17d6e6688cf74f22783c9ec6e788c0790ee4fbbaee713affd00b1ac0bb39b86 @@ -1047,7 +1047,7 @@ F test/fuzz3.test 9c813e6613b837cb7a277b0383cd66bfa07042b4cf0317157c35852f30043c F test/fuzz4.test c229bcdb45518a89e1d208a21343e061503460ac69fae1539320a89f572eb634 F test/fuzz_common.tcl b7197de6ed1ee8250a4f82d67876f4561b42ee8cbbfc6160dcb66331bad3f830 F test/fuzz_malloc.test f348276e732e814802e39f042b1f6da6362a610af73a528d8f76898fde6b22f2 -F test/fuzzcheck.c 772110a59c6f839f95e49a9fd3e5f855bd9cbb90e9d366a6ccd15cb3616fc631 +F test/fuzzcheck.c 74a457891ba166e7f4121eaaae81f4dbceb053b65ddee47db3eccd2ba59cd67d F test/fuzzdata1.db d36e88741b4f23bcbaaf55b006290669d03c6c891cf13c7b3a53bc1b097b693f F test/fuzzdata2.db 128b3feeb78918d075c9b14b48610145a0dd4c8d6f1ca7c2870c7e425f5bf31f F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba @@ -1055,7 +1055,7 @@ F test/fuzzdata4.db b502c7d5498261715812dd8b3c2005bad08b3a26e6489414bd13926cd3e4 F test/fuzzdata5.db e35f64af17ec48926481cfaf3b3855e436bd40d1cfe2d59a9474cb4b748a52a5 F test/fuzzdata6.db 92a80e4afc172c24f662a10a612d188fb272de4a9bd19e017927c95f737de6d7 F test/fuzzdata7.db 0166b56fd7a6b9636a1d60ef0a060f86ddaecf99400a666bb6e5bbd7199ad1f2 -F test/fuzzdata8.db c8325de6fbdd24d030cd3a01384a2ff325dda5d5e3ff5d531a26ada3d9d7e010 +F test/fuzzdata8.db 364b573f0675f562fef951ddbbae613c071efa840fb91f19351686126e938616 F test/fuzzer1.test 3d4c4b7e547aba5e5511a2991e3e3d07166cfbb8 F test/fuzzer2.test a85ef814ce071293bce1ad8dffa217cbbaad4c14 F test/fuzzerfault.test f64c4aef4c9e9edf1d6dc0d3f1e65dcc81e67c996403c88d14f09b74807a42bc @@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 35cf295e026d067c9f059fde6b150e65163fe171d37501eb1e5742e691793340 -R b6856395b3d64a18c31c1a89e8403e8e -U larrybr -Z 6e18e0790944042125cd753bd1390b1e +P 0ee0ef476ba9e17794c088a1347a136df3eb1ef864da884cfe81e3b2e94e9719 +R c27ae00d825ef839160a92e48eb8a7fc +U drh +Z 5e6d1cfae67dfc3863e867ea82b9ca5f diff --git a/manifest.uuid b/manifest.uuid index 6fa7a32581..21f1409760 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -0ee0ef476ba9e17794c088a1347a136df3eb1ef864da884cfe81e3b2e94e9719 \ No newline at end of file +ad718388a1f6e25ceba43a40160fac0d9d9d3f26888e98d7b9db478c0b1780be \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index 1623e01723..7d69857aa2 100644 --- a/src/btree.c +++ b/src/btree.c @@ -5394,7 +5394,9 @@ int sqlite3BtreeLast(BtCursor *pCur, int *pRes){ for(ii=0; iiiPage; ii++){ assert( pCur->aiIdx[ii]==pCur->apPage[ii]->nCell ); } - assert( pCur->ix==pCur->pPage->nCell-1 ); + assert( pCur->ix==pCur->pPage->nCell-1 || CORRUPT_DB ); + testcase( pCur->ix!=pCur->pPage->nCell-1 ); + /* ^-- dbsqlfuzz b92b72e4de80b5140c30ab71372ca719b8feb618 */ assert( pCur->pPage->leaf ); #endif *pRes = 0; diff --git a/test/corruptN.test b/test/corruptN.test index 4f7667ce1e..43ddfdd3a1 100644 --- a/test/corruptN.test +++ b/test/corruptN.test @@ -102,5 +102,52 @@ do_catchsql_test 1.1 { VACUUM; } {1 {database disk image is malformed}} +# 2021-04-05 dbsqlfuzz b92b72e4de80b5140c30ab71372ca719b8feb618 +do_test 2.0 { + sqlite3 db {} + db deserialize [decode_hexdb { +| size 16384 pagesize 4096 filename c-b92b.txt.db +| page 1 offset 0 +| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3. +| 16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 04 .....@ ........ +| 32: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 04 ................ +| 48: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ................ +| 96: 00 00 00 00 0d 0f f8 00 04 0f 12 00 0f 91 0f d3 ................ +| 112: 0f 67 0f 12 00 00 00 00 00 00 00 00 00 00 00 00 .g.............. +| 3856: 00 00 53 04 07 1b 13 11 08 81 0d 74 72 69 67 67 ..S........trigg +| 3872: 65 72 74 72 30 74 31 43 52 45 41 54 45 20 54 52 ertr0t1CREATE TR +| 3888: 49 47 47 45 52 20 74 72 30 20 44 45 4c 45 54 45 IGGER tr0 DELETE +| 3904: 20 4f 4e 20 74 31 20 42 45 47 49 4e 0a 20 20 55 ON t1 BEGIN. U +| 3920: 50 44 41 54 45 20 74 31 20 53 45 54 20 62 20 3d PDATE t1 SET b = +| 3936: 20 61 3b 0a 45 4e 44 28 03 06 17 11 11 01 3d 69 a;.END(......=i +| 3952: 6e 64 65 78 69 30 74 31 04 43 52 45 41 54 45 20 ndexi0t1.CREATE +| 3968: 49 4e 44 45 58 20 69 30 20 4f 4e 20 74 31 28 62 INDEX i0 ON t1(b +| 3984: 29 40 01 06 17 11 11 01 6d 74 61 62 6c 65 74 31 )@......mtablet1 +| 4000: 74 31 02 43 52 45 41 54 45 20 54 41 42 4c 45 20 t1.CREATE TABLE +| 4016: 74 31 28 61 20 55 4e 49 51 55 45 20 4f 4e 20 43 t1(a UNIQUE ON C +| 4032: 4f 4e 46 4c 49 43 54 20 52 45 50 4c 41 43 45 2c ONFLICT REPLACE, +| 4048: 20 62 29 23 02 06 17 37 11 01 00 69 6e 64 65 78 b)#...7...index +| 4064: 73 71 6c 69 74 65 5f 61 75 74 6f 69 6e 64 65 78 sqlite_autoindex +| 4080: 5f 74 31 5f 31 74 31 03 00 00 00 08 00 00 00 00 _t1_1t1......... +| page 2 offset 4096 +| 0: 0d 00 00 00 02 0f 00 00 00 00 00 00 00 00 00 00 ................ +| 4080: 00 00 05 02 03 01 01 09 0d 05 01 03 01 01 04 0c ................ +| page 3 offset 8192 +| 0: 0a 00 00 00 02 0f f5 00 0f fb 0f f5 00 00 00 00 ................ +| 4080: 00 00 00 00 00 05 03 01 01 09 02 04 03 01 09 04 ................ +| page 4 offset 12288 +| 0: 0a 00 00 00 02 0f f5 00 0f fb 0f f5 00 00 00 00 ................ +| 4080: 00 00 00 00 00 05 03 01 01 0d 02 04 03 00 00 00 ................ +| end c-b92b.txt.db +}]} {} + +prng_seed 0 db +do_catchsql_test 2.1 { +SELECT count(*) FROM sqlite_schema; +WITH RECURSIVE c(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM c WHERE x<1000) +INSERT INTO t1(a) SELECT randomblob(null) FROM c; +} {1 {database disk image is malformed}} + + finish_test diff --git a/test/fuzzcheck.c b/test/fuzzcheck.c index cb8509e23a..ea0543ca5e 100644 --- a/test/fuzzcheck.c +++ b/test/fuzzcheck.c @@ -936,7 +936,12 @@ int runCombinedDbSqlInput(const uint8_t *aData, size_t nByte, int iTimeout){ sqlite3_set_authorizer(cx.db, block_troublesome_sql, 0); /* Consistent PRNG seed */ +#ifdef SQLITE_TESTCTRL_PRNG_SEED + sqlite3_table_column_metadata(cx.db, 0, "x", 0, 0, 0, 0, 0, 0); + sqlite3_test_control(SQLITE_TESTCTRL_PRNG_SEED, 1, cx.db); +#else sqlite3_randomness(0,0); +#endif zSql = sqlite3_malloc( nSql + 1 ); if( zSql==0 ){ @@ -980,6 +985,8 @@ testrun_finished: sqlite3_memory_used(), nAlloc); exit(1); } + sqlite3_hard_heap_limit64(0); + sqlite3_soft_heap_limit64(0); return 0; } diff --git a/test/fuzzdata8.db b/test/fuzzdata8.db index a5e9084192..79d6ba03df 100644 Binary files a/test/fuzzdata8.db and b/test/fuzzdata8.db differ