From: dan Date: Thu, 10 Dec 2015 18:06:21 +0000 (+0000) Subject: Add tests to ensure that an sqlite3_snapshot_open() client cannot be tricked into... X-Git-Tag: version-3.10.0~44^2~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7d15979420c6cf911862945bc07f69a309894fba;p=thirdparty%2Fsqlite.git Add tests to ensure that an sqlite3_snapshot_open() client cannot be tricked into reading a corrupt snapshot even if another process fails mid-checkpoint. FossilOrigin-Name: b908048b6cfa1ee2fe1f7a17bae475ddd9d0376c --- diff --git a/manifest b/manifest index e571284281..2b87b9f307 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Have\ssqlite3_snapshot_open()\savoid\sa\srace\scondition\sby\staking\sa\sshared\sCHECKPOINTER\slock\swhile\schecking\spInfo->nBackfillAttempted. -D 2015-12-10T15:45:15.186 +C Add\stests\sto\sensure\sthat\san\ssqlite3_snapshot_open()\sclient\scannot\sbe\stricked\sinto\sreading\sa\scorrupt\ssnapshot\seven\sif\sanother\sprocess\sfails\smid-checkpoint. +D 2015-12-10T18:06:21.050 F Makefile.in 28bcd6149e050dff35d4dcfd97e890cd387a499d F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc e8fdca1cb89a1b58b5f4d3a130ea9a3d28cb314d @@ -1020,7 +1020,8 @@ F test/skipscan2.test d1d1450952b7275f0b0a3a981f0230532743951a F test/skipscan3.test ec5bab3f81c7038b43450e7b3062e04a198bdbb5 F test/skipscan5.test 67817a4b6857c47e0e33ba3e506da6f23ef68de2 F test/skipscan6.test 5866039d03a56f5bd0b3d172a012074a1d90a15b -F test/snapshot.test f91d907460e7acc01d531834d068e1215ccac7e4 +F test/snapshot.test 5631669a133c96aaa228f7233989f6d2d069fb02 +F test/snapshot_fault.test 06472056c516be4610834de4688ea3357e8bde01 F test/soak.test 0b5b6375c9f4110c828070b826b3b4b0bb65cd5f F test/softheap1.test 843cd84db9891b2d01b9ab64cef3e9020f98d087 F test/sort.test 3f492e5b7be1d3f756728d2ff6edf4f6091e84cb @@ -1409,7 +1410,7 @@ F tool/vdbe_profile.tcl 246d0da094856d72d2c12efec03250d71639d19f F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P 3a18526fc2253658dad84c5e600481c8a62efe40 -R 7bb35c02cb12ea2ff304c777229238a5 +P 8084eae0bc4f6513b1147fb890a6b2813f1c0a09 +R b7a6ff87063d246e894cc3fd88f3e89f U dan -Z 0b9f17bd41106b46c64f60d98c85b1e3 +Z 1fe7db1e51b0eef5aa529631bb7527d1 diff --git a/manifest.uuid b/manifest.uuid index 825f8d1181..82eea9660d 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -8084eae0bc4f6513b1147fb890a6b2813f1c0a09 \ No newline at end of file +b908048b6cfa1ee2fe1f7a17bae475ddd9d0376c \ No newline at end of file diff --git a/test/snapshot.test b/test/snapshot.test index 965e10b683..c74a2859fe 100644 --- a/test/snapshot.test +++ b/test/snapshot.test @@ -8,10 +8,9 @@ # May you share freely, never taking more than you give. # #*********************************************************************** -# This file implements regression tests for SQLite library. The -# focus of this file is testing the SELECT statement. +# This file implements regression tests for SQLite library. The focus +# of this file is the sqlite3_snapshot_xxx() APIs. # -# $Id: select1.test,v 1.70 2009/05/28 01:00:56 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl diff --git a/test/snapshot_fault.test b/test/snapshot_fault.test new file mode 100644 index 0000000000..a7731b8161 --- /dev/null +++ b/test/snapshot_fault.test @@ -0,0 +1,164 @@ +# 2015 December 10 +# +# The author disclaims copyright to this source code. In place of +# a legal notice, here is a blessing: +# +# May you do good and not evil. +# May you find forgiveness for yourself and forgive others. +# May you share freely, never taking more than you give. +# +#*********************************************************************** +# This file implements regression tests for SQLite library. The focus +# of this file is the sqlite3_snapshot_xxx() APIs. +# + +set testdir [file dirname $argv0] +source $testdir/tester.tcl +set testprefix snapshot_fault + +#------------------------------------------------------------------------- +# Check that an sqlite3_snapshot_open() client cannot be tricked into +# reading a corrupt snapshot even if a second client fails while +# checkpointing the db. +# +do_faultsim_test 1.0 -prep { + faultsim_delete_and_reopen + sqlite3 db2 test.db + db2 eval { + CREATE TABLE t1(a, b UNIQUE, c UNIQUE); + INSERT INTO t1 VALUES(1, randomblob(500), randomblob(500)); + INSERT INTO t1 VALUES(2, randomblob(500), randomblob(500)); + PRAGMA journal_mode = wal; + INSERT INTO t1 VALUES(3, randomblob(500), randomblob(500)); + BEGIN; + SELECT a FROM t1; + } + set ::snapshot [sqlite3_snapshot_get db2 main] + db2 eval COMMIT + db2 eval { + UPDATE t1 SET b=randomblob(501), c=randomblob(501) WHERE a=1; + INSERT INTO t1 VALUES(4, randomblob(500), randomblob(500)); + INSERT INTO t1 VALUES(5, randomblob(500), randomblob(500)); + INSERT INTO t1 VALUES(6, randomblob(500), randomblob(500)); + } +} -body { + db eval { PRAGMA wal_checkpoint } +} -test { + db2 eval BEGIN + if {[catch { sqlite3_snapshot_open db2 main $::snapshot } msg]} { + if {$msg != "SQLITE_BUSY_SNAPSHOT" && $msg != "SQLITE_BUSY"} { + error "error is $msg" + } + } else { + set res [db2 eval { + SELECT a FROM t1; + PRAGMA integrity_check; + }] + if {$res != "1 2 3 ok"} { error "res is $res" } + } + + sqlite3_snapshot_free $::snapshot +} + +#------------------------------------------------------------------------- +# This test is similar to the previous one. Except, after the +# "PRAGMA wal_checkpoint" command fails the db is closed and reopened +# so as to require wal file recovery. It should not be possible to open +# a snapshot that is part of the body of a recovered wal file. +# +do_faultsim_test 2.0 -prep { + faultsim_delete_and_reopen + db eval { + CREATE TABLE t1(a, b UNIQUE, c UNIQUE); + INSERT INTO t1 VALUES(1, randomblob(500), randomblob(500)); + INSERT INTO t1 VALUES(2, randomblob(500), randomblob(500)); + PRAGMA journal_mode = wal; + INSERT INTO t1 VALUES(3, randomblob(500), randomblob(500)); + BEGIN; + SELECT a FROM t1; + } + set ::snapshot [sqlite3_snapshot_get db main] + db eval COMMIT + + db eval { + UPDATE t1 SET b=randomblob(501), c=randomblob(501) WHERE a=1; + INSERT INTO t1 VALUES(4, randomblob(500), randomblob(500)); + INSERT INTO t1 VALUES(5, randomblob(500), randomblob(500)); + INSERT INTO t1 VALUES(6, randomblob(500), randomblob(500)); + } +} -body { + db eval { PRAGMA wal_checkpoint } +} -test { + + db_save + db close + db_restore_and_reopen + db eval { SELECT * FROM t1 } + + db eval BEGIN + if {[catch { sqlite3_snapshot_open db main $::snapshot } msg]} { + if {$msg != "SQLITE_BUSY_SNAPSHOT" && $msg != "SQLITE_BUSY"} { + error "error is $msg" + } + } else { + # This branch should actually never be taken. But it was useful in + # determining whether or not this test was actually working (by + # running a modified version of SQLite that allowed snapshots to be + # opened following a recovery). + error "TEST HAS FAILED" + + set res [db eval { + SELECT a FROM t1; + PRAGMA integrity_check; + }] + if {$res != "1 2 3 ok"} { error "res is $res" } + } + + sqlite3_snapshot_free $::snapshot +} + +#------------------------------------------------------------------------- +# Test the handling of faults that occur within sqlite3_snapshot_open(). +# +do_faultsim_test 3.0 -prep { + faultsim_delete_and_reopen + db eval { + CREATE TABLE t1(a, b UNIQUE, c UNIQUE); + INSERT INTO t1 VALUES(1, randomblob(500), randomblob(500)); + INSERT INTO t1 VALUES(2, randomblob(500), randomblob(500)); + PRAGMA journal_mode = wal; + INSERT INTO t1 VALUES(3, randomblob(500), randomblob(500)); + BEGIN; + SELECT a FROM t1; + } + set ::snapshot [sqlite3_snapshot_get db main] + db eval COMMIT + db eval { + UPDATE t1 SET b=randomblob(501), c=randomblob(501) WHERE a=1; + INSERT INTO t1 VALUES(4, randomblob(500), randomblob(500)); + INSERT INTO t1 VALUES(5, randomblob(500), randomblob(500)); + INSERT INTO t1 VALUES(6, randomblob(500), randomblob(500)); + BEGIN; + } +} -body { + if { [catch { sqlite3_snapshot_open db main $::snapshot } msg] } { + error $msg + } +} -test { + faultsim_test_result {0 {}} {1 SQLITE_IOERR} \ + {1 SQLITE_IOERR_NOMEM} {1 SQLITE_IOERR_READ} + if {$testrc==0} { + set res [db eval { + SELECT a FROM t1; + PRAGMA integrity_check; + }] + if {$res != "1 2 3 ok"} { error "res is $res" } + } + + sqlite3_snapshot_free $::snapshot +} + + + +finish_test +