From: drh <> Date: Tue, 22 Mar 2022 23:33:20 +0000 (+0000) Subject: Ensure that database corruption does not cause the cursor passed into X-Git-Tag: version-3.39.0~288 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=500d7e542ce30c37a6427ffc20df16e942ea0820;p=thirdparty%2Fsqlite.git Ensure that database corruption does not cause the cursor passed into sqlite3BtreeDelete() to be invalid. dbsqlfuzz 209bf3de9ee11ae440848ab9bc9c13858f9be2e4. FossilOrigin-Name: a85126f96614c53b030c6e6c43ff239eae458048597a10e9a0361fcec8628ecf --- diff --git a/manifest b/manifest index e8a0b85d78..8a9aac75fc 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Harden\sthe\sxShmLock\smethod\sof\sboth\sthe\sunix\sand\sWindows\sVFSes\sso\sthat\sthey\nare\srobust\sagainst\sbeing\sinvoked\swhen\sthe\sSHM\sfile\sis\snot\sopen. -D 2022-03-22T19:41:55.891 +C Ensure\sthat\sdatabase\scorruption\sdoes\snot\scause\sthe\scursor\spassed\sinto\nsqlite3BtreeDelete()\sto\sbe\sinvalid.\ndbsqlfuzz\s209bf3de9ee11ae440848ab9bc9c13858f9be2e4. +D 2022-03-22T23:33:20.814 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -492,7 +492,7 @@ F src/auth.c f4fa91b6a90bbc8e0d0f738aa284551739c9543a367071f55574681e0f24f8cf F src/backup.c a2891172438e385fdbe97c11c9745676bec54f518d4447090af97189fd8e52d7 F src/bitvec.c 7c849aac407230278445cb069bebc5f89bf2ddd87c5ed9459b070a9175707b3d F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 -F src/btree.c dd4d780d2382551c4876b67d8716360a0df44ecbb3ca6b538877bc4109bf4215 +F src/btree.c 11a4719bbae5dc1da6d0e1e892302589420c054ad24ca523c10a66a39a123d06 F src/btree.h 74d64b8f28cfa4a894d14d4ed64fa432cd697b98b61708d4351482ae15913e22 F src/btreeInt.h 8ce1332edd89dfd2461d561ac10a0ab5601c8e06200cb5230596c3caaf54482e F src/build.c a0cc68fe8172c0a31b54576f9c6c0fe6f7c82b1b5e1387afdd6a5a13132bc131 @@ -1945,8 +1945,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 81f8746bc65828fb91e170393f22f1f4e9c587a8938e8c11b72315fcd6131403 -R d298ad7f59290d0a6efedfc24438d25c +P 67d8b434f628d44c4a90ce8ff5ab2e381f500bb42bdbfab9a17d21925a2ec6cd +R e6b2a5be1ca94fee0075c0fb950011d0 U drh -Z 4cb272d1327d5bb30f85a15fc2446351 +Z 7ec50fc10da9dc3290e1ed4062490cc2 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 4c5bd46b09..06cb848392 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -67d8b434f628d44c4a90ce8ff5ab2e381f500bb42bdbfab9a17d21925a2ec6cd \ No newline at end of file +a85126f96614c53b030c6e6c43ff239eae458048597a10e9a0361fcec8628ecf \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index 41087825ba..d31d30c5ed 100644 --- a/src/btree.c +++ b/src/btree.c @@ -9430,12 +9430,16 @@ int sqlite3BtreeDelete(BtCursor *pCur, u8 flags){ assert( hasSharedCacheTableLock(p, pCur->pgnoRoot, pCur->pKeyInfo!=0, 2) ); assert( !hasReadConflicts(p, pCur->pgnoRoot) ); assert( (flags & ~(BTREE_SAVEPOSITION | BTREE_AUXDELETE))==0 ); - if( pCur->eState==CURSOR_REQUIRESEEK ){ - rc = btreeRestoreCursorPosition(pCur); - assert( rc!=SQLITE_OK || CORRUPT_DB || pCur->eState==CURSOR_VALID ); - if( rc || pCur->eState!=CURSOR_VALID ) return rc; + if( pCur->eState!=CURSOR_VALID ){ + if( pCur->eState>=CURSOR_REQUIRESEEK ){ + rc = btreeRestoreCursorPosition(pCur); + assert( rc!=SQLITE_OK || CORRUPT_DB || pCur->eState==CURSOR_VALID ); + if( rc || pCur->eState!=CURSOR_VALID ) return rc; + }else{ + return SQLITE_CORRUPT_BKPT; + } } - assert( CORRUPT_DB || pCur->eState==CURSOR_VALID ); + assert( pCur->eState==CURSOR_VALID ); iCellDepth = pCur->iPage; iCellIdx = pCur->ix; @@ -9467,7 +9471,8 @@ int sqlite3BtreeDelete(BtCursor *pCur, u8 flags){ bPreserve = (flags & BTREE_SAVEPOSITION)!=0; if( bPreserve ){ if( !pPage->leaf - || (pPage->nFree+pPage->xCellSize(pPage,pCell)+2)>(int)(pBt->usableSize*2/3) + || (pPage->nFree+pPage->xCellSize(pPage,pCell)+2) > + (int)(pBt->usableSize*2/3) || pPage->nCell==1 /* See dbfuzz001.test for a test case */ ){ /* A b-tree rebalance will be required after deleting this entry.