From: drh Date: Thu, 13 Dec 2018 21:52:18 +0000 (+0000) Subject: dbfuzz2 found a NEVER() that is sometimes true. X-Git-Tag: version-3.27.0~295 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6301c43f236543ecb174e2639a0201bb29580fbe;p=thirdparty%2Fsqlite.git dbfuzz2 found a NEVER() that is sometimes true. FossilOrigin-Name: 1201615cbbd3070158ea5fab3d2c8c95f41b25d6da096a44cb9257a7b7405efc --- diff --git a/manifest b/manifest index 34ddbff50b..fde77760b4 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\sextra\stests\sfor\sdatabase\scorruption\sinside\sthe\sdefragmentPage()\sroutine,\nas\sdbfuzz2\shas\sfound\sways\sfor\scorruption\sto\sleak\sinto\sthat\spoint.\s\sAdd\stest\ncases\sin\sfuzzdata7.db. -D 2018-12-13T21:11:22.437 +C dbfuzz2\sfound\sa\sNEVER()\sthat\sis\ssometimes\strue. +D 2018-12-13T21:52:18.133 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in d8b254f8bb81bab43c340d70d17dc3babab40fcc8a348c8255881f780a45fee6 @@ -448,7 +448,7 @@ F src/auth.c 0fac71038875693a937e506bceb492c5f136dd7b1249fbd4ae70b4e8da14f9df F src/backup.c 78d3cecfbe28230a3a9a1793e2ead609f469be43e8f486ca996006be551857ab F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33 F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 -F src/btree.c e3e08171f90c6843d2a26d582d946a754093435acd48155b8cd339b06cc8cc1b +F src/btree.c 20fdad94111d772de675c6ab426ef45f6a54f2489032c54d9ff536be7434f16d F src/btree.h febb2e817be499570b7a2e32a9bbb4b607a9234f6b84bb9ae84916d4806e96f2 F src/btreeInt.h 620ab4c7235f43572cf3ac2ac8723cbdf68073be4d29da24897c7b77dda5fd96 F src/build.c ef9d7dc73e40dd9d10c28848343e21e8bc1baaab92cfb75eda893fff4fbf6b55 @@ -773,7 +773,7 @@ F test/dataversion1.test 6e5e86ac681f0782e766ebcb56c019ae001522d114e0e111e5ebf68 F test/date.test 9b73bbeb1b82d9c1f44dec5cf563bf7da58d2373 F test/date2.test 74c234bece1b016e94dd4ef9c8cc7a199a8806c0e2291cab7ba64bace6350b10 F test/dbfuzz.c 73047c920d6210e5912c87cdffd9a1c281d4252e -F test/dbfuzz001.test 24d24dbdbf3deb8a61921ecb36ecebb51248047195e209a2909613114c950c84 +F test/dbfuzz001.test 28f24ed01e9322f4c7aeba4c228f57e9e8ab6a96b474465e872425205a31b1b2 F test/dbfuzz2-seed1.db e6225c6f3d7b63f9c5b6867146a5f329d997ab105bee64644dc2b3a2f2aebaee F test/dbfuzz2.c b8ed9b32a1f287505e55970e55203bedcb9170f137ecefa2254033c9faccdfba F test/dbpage.test 650234ba683b9d82b899c6c51439819787e7609f17a0cc40e0080a7b6443bc38 @@ -1787,8 +1787,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 682053d1e603c21b8085c39db618a39b23ec8d2c4d822fd19634db0e03038ea2 b386fce9a23e628dce7362dcca2904b8d0af6da58a6fe6eb7f12f058a8363e49 -R a1122995324223304196c0f63a35c59e -T +closed b386fce9a23e628dce7362dcca2904b8d0af6da58a6fe6eb7f12f058a8363e49 +P 997b65117f8c12dba5fb85434fde9765cdb0d2a49cc3e31979abba3e21350086 +R af29ae4514bf6c6037181584412356da U drh -Z b4a67e64bc03ae62ccd56c8eb96ba51d +Z 9494dddc6a7ba7c94e12f1de4eb883b6 diff --git a/manifest.uuid b/manifest.uuid index f411d662da..230bcc072d 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -997b65117f8c12dba5fb85434fde9765cdb0d2a49cc3e31979abba3e21350086 \ No newline at end of file +1201615cbbd3070158ea5fab3d2c8c95f41b25d6da096a44cb9257a7b7405efc \ No newline at end of file diff --git a/src/btree.c b/src/btree.c index 3409f413b0..67a64a91f1 100644 --- a/src/btree.c +++ b/src/btree.c @@ -7039,8 +7039,7 @@ static int balance_quick(MemPage *pParent, MemPage *pPage, u8 *pSpace){ assert( sqlite3PagerIswriteable(pParent->pDbPage) ); assert( pPage->nOverflow==1 ); - /* This error condition is now caught prior to reaching this function */ - if( NEVER(pPage->nCell==0) ) return SQLITE_CORRUPT_BKPT; + if( pPage->nCell==0 ) return SQLITE_CORRUPT_BKPT; /* dbfuzz001.test */ /* Allocate a new page. This page will become the right-sibling of ** pPage. Make the parent page writable, so that the new divider cell diff --git a/test/dbfuzz001.test b/test/dbfuzz001.test index bb9ab7e73c..75117f7291 100644 --- a/test/dbfuzz001.test +++ b/test/dbfuzz001.test @@ -18,6 +18,7 @@ ifcapable !deserialize { finish_test return } +database_may_be_corrupt # In the following database file, there is 384 bytes of free space # on page 8 that does not appear on the freeblock list. @@ -180,4 +181,92 @@ do_execsql_test dbfuzz001-110 { DELETE FROM t3 WHERE x IS NOT NULL AND +rowid=6; } {} +# This is a dbfuzz2-generate test case that can cause a page with +# pPage->nCell==0 to enter the balancer. +# +do_test dbfuzz001-200 { + db deserialize [decode_hexdb { + | size 3076 pagesize 512 filename c03.db + | page 1 offset 0 + | 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3. + | 16: 02 00 01 01 00 40 20 20 00 00 00 0c 00 00 00 07 .....@ ........ + | 32: 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 04 ................ + | 48: 00 00 00 00 00 00 00 03 e8 00 00 01 00 00 00 00 ................ + | 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c ................ + | 96: 00 2e 2c 50 0d 00 00 00 06 01 06 00 01 da 01 b0 ..,P............ + | 112: 01 56 01 86 01 2a 01 06 00 00 00 00 00 00 00 00 .V...*.......... + | 128: 00 00 00 00 00 00 00 00 ef 00 00 00 00 00 00 00 ................ + | 192: 00 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + | 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 ff e9 00 ................ + | 256: 00 00 00 00 00 00 22 07 06 17 11 11 01 31 74 61 ......"......1ta + | 272: 62 6c 65 74 34 74 34 07 43 52 45 41 54 45 20 54 blet4t4.CREATE T + | 288: 41 42 4c 45 20 74 34 28 78 29 2a 06 06 17 13 11 ABLE t4(x)*..... + | 304: 01 3f 69 6e 64 65 78 74 33 78 74 33 06 43 52 45 .?indext3xt3.CRE + | 320: 41 54 45 20 49 4e 44 45 58 20 74 33 64 20 4f 4e ATE INDEX t3d ON + | 336: 20 74 33 28 78 29 2e 04 06 17 15 11 01 45 69 6e t3(x).......Ein + | 352: 64 65 78 74 32 63 64 74 32 05 43 52 45 41 54 45 dext2cdt2.CREATE + | 368: 20 49 4e 44 45 58 20 74 32 63 64 20 4f 4e 20 74 INDEX t2cd ON t + | 384: 32 28 63 2c 64 29 28 05 06 17 11 11 01 3d 74 61 2(c,d)(......=ta + | 400: 62 6c 65 74 33 74 33 04 43 52 45 41 54 45 20 54 blet3t3.CREATE T + | 416: 41 42 4c 45 20 74 33 28 63 2c 78 2c 65 2c 66 29 ABLE t3(c,x,e,f) + | 432: 28 02 06 17 11 11 01 3d 74 61 62 6c 65 74 32 74 (......=tablet2t + | 448: 32 03 43 52 45 41 54 45 20 54 41 42 4c 45 20 74 2.CREATE TABLE t + | 464: 32 28 63 2c 64 2c 65 2c 66 29 24 01 06 17 11 11 2(c,d,e,f)$..... + | 480: 01 35 74 61 62 6c 65 74 31 74 31 02 43 52 45 41 .5tablet1t1.CREA + | 496: 54 45 20 54 41 42 4c 45 20 74 31 28 61 2c 62 29 TE TABLE t1(a,b) + | page 2 offset 512 + | 0: 0d 00 00 00 04 01 cf 00 01 fa 01 f3 01 de 01 cf ................ + | 176: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + | 256: 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + | 368: 00 00 00 00 00 00 00 00 00 00 00 00 1e 00 00 00 ................ + | 416: 00 00 00 1b 00 00 00 00 04 00 00 00 00 00 00 00 ................ + | 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d ................ + | 464: 04 03 17 17 73 65 76 65 6e 65 69 67 68 74 13 03 ....seveneight.. + | 480: 03 07 07 40 14 00 00 00 00 00 00 40 18 00 00 00 ...@.......@.... + | 496: 00 00 00 05 02 03 01 01 03 04 04 01 03 09 01 02 ................ + | page 3 offset 1024 + | 0: 0d 00 00 00 08 01 54 00 01 f7 01 ec 01 c5 01 aa ......T......... + | 16: 01 a1 01 96 01 6f 01 54 00 00 00 00 00 00 00 00 .....o.T........ + | 32: 00 00 00 00 00 00 00 03 e8 00 00 00 00 00 00 00 ................ + | 336: 00 00 00 00 19 08 05 16 17 17 17 65 69 67 68 74 ...........eight + | 352: 65 69 67 68 74 73 65 76 65 6e 73 65 76 ff ff ff eightsevensev... + | 368: 0e 05 07 07 07 07 40 18 00 00 00 00 00 00 40 18 ......@.......@. + | 384: 00 00 00 00 00 00 40 14 00 00 00 00 00 00 40 14 ......@.......@. + | 400: 00 00 00 00 00 00 09 06 05 01 01 01 01 04 04 03 ................ + | 416: 03 07 05 05 01 01 09 09 02 02 19 04 05 17 17 17 ................ + | 432: 17 73 65 6f 65 6e 65 69 67 68 74 65 69 67 68 74 .seoeneighteight + | 448: 73 65 76 65 6e 25 03 05 07 07 07 07 40 14 00 00 seven%......@... + | 464: 00 00 00 00 40 18 00 00 00 00 00 00 40 18 00 00 ....@.......@... + | 480: 00 00 00 00 40 14 00 00 00 00 00 00 09 02 05 01 ....@........... + | 496: 01 01 01 03 04 04 03 07 01 05 09 01 01 09 02 02 ................ + | page 4 offset 1536 + | 0: 0d 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ................ + | 160: 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 ................ + | 336: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 ............ ... + | page 5 offset 2048 + | 0: 0a 00 00 00 08 01 96 00 01 fa 01 c4 01 f2 01 bc ................ + | 16: 01 dc 01 a6 01 96 01 cc 00 00 00 00 00 00 00 00 ................ + | 48: 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................ + | 288: 00 00 00 00 00 00 00 00 00 64 00 00 00 2b 00 00 .........d...+.. + | 400: 00 00 00 00 00 00 0f 04 17 17 01 65 69 67 68 74 ...........eight + | 416: 65 69 6f 68 74 08 15 04 07 07 01 40 18 00 00 00 eioht......@.... + | 432: 00 00 00 40 18 00 00 00 00 00 00 07 07 04 01 01 ...@............ + | 448: 01 04 04 06 07 04 01 01 01 02 02 05 0f 04 17 17 ................ + | 464: 01 73 65 76 65 6e 65 69 67 68 74 04 15 04 07 07 .seveneight..... + | 480: 01 40 14 00 00 00 00 00 00 40 18 00 00 00 00 00 .@.......@...... + | 496: 00 03 07 04 01 01 01 03 04 02 05 04 09 01 09 02 ................ + | page 6 offset 2560 + | 0: 0a 00 00 00 00 02 00 00 00 00 00 00 00 0d 00 00 ................ + | 16: 00 08 01 c2 00 01 fb 01 f6 01 f1 01 ec 01 e0 01 ................ + | 32: d4 01 cb 01 c2 00 00 00 00 00 00 00 00 00 00 00 ................ + | 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 ................ + | 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 ................ + | 464: 08 02 17 65 69 67 68 74 07 07 02 17 65 69 67 68 ...eight....eigh + | 480: 74 0a 06 02 07 40 18 00 00 00 00 00 00 0a 05 02 t....@.......... + | 496: 07 40 18 00 04 02 01 04 03 03 02 01 04 03 02 02 .@.............. + | end x/c03.db + }] + catchsql {INSERT INTO t3 SELECT * FROM t2;} +} {1 {database disk image is malformed}} + finish_test