From: drh Date: Thu, 11 Oct 2018 13:51:48 +0000 (+0000) Subject: On the first connection to a WAL-mode database that was not cleanly shut down X-Git-Tag: version-3.26.0~91 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f7f2a82aa0b3e4a166f6d838e216088e047bc9c2;p=thirdparty%2Fsqlite.git On the first connection to a WAL-mode database that was not cleanly shut down and contains a left-over -shm file, truncate the -shm file to 3 bytes instead of to 0 bytes. Avoiding a truncation to 0 means that system monitoring tools can better detect if a process illegitimately tries to truncate a -shm file. Such a rogue process might think it is being helpful by cleaning up old files, but there is a race condition that can cause damage to the database. FossilOrigin-Name: 90cf32cde072a305f30c75a71665d1f9e23e805c0a49f5306f015c056dd70f0c --- diff --git a/manifest b/manifest index c44252b604..3584c8263d 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C In\sthe\sCLI,\sfix\sa\sfile\sdescriptor\sleak\sfollowing\sOOM\sand\sa\smissing\sva_end()\ncall. -D 2018-10-11T10:37:24.495 +C On\sthe\sfirst\sconnection\sto\sa\sWAL-mode\sdatabase\sthat\swas\snot\scleanly\sshut\sdown\nand\scontains\sa\sleft-over\s-shm\sfile,\struncate\sthe\s-shm\sfile\sto\s3\sbytes\sinstead\nof\sto\s0\sbytes.\sAvoiding\sa\struncation\sto\s0\smeans\sthat\ssystem\smonitoring\stools\ncan\sbetter\sdetect\sif\sa\sprocess\sillegitimately\stries\sto\struncate\sa\s-shm\sfile.\nSuch\sa\srogue\sprocess\smight\sthink\sit\sis\sbeing\shelpful\sby\scleaning\sup\sold\sfiles,\nbut\sthere\sis\sa\srace\scondition\sthat\scan\scause\sdamage\sto\sthe\sdatabase. +D 2018-10-11T13:51:48.266 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in 01e95208a78b57d056131382c493c963518f36da4c42b12a97eb324401b3a334 @@ -487,7 +487,7 @@ F src/os.c 8aeb0b0f40f8f5b0da03fe49706695adaf42d2f516ab95abc72e86c245e119de F src/os.h 48388821692e87da174ea198bf96b1b2d9d83be5dfc908f673ee21fafbe0d432 F src/os_common.h b2f4707a603e36811d9b1a13278bffd757857b85 F src/os_setup.h 0dbaea40a7d36bf311613d31342e0b99e2536586 -F src/os_unix.c d4483c1a5462c9f03a4d62655cb208bc6434e549d614b132f652a747bcac9d32 +F src/os_unix.c f6e91b8fd82af7afbfd073c4974ad6cdb8e62d9f65ceddb45167835a0567fdc0 F src/os_win.c 070cdbb400097c6cda54aa005356095afdc2f3ee691d17192c54724ef146a971 F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a F src/pager.c a0d8f686ef64549ad5b356fd30429bd9ee7a06dd42b4d6faa096352ff26b1c5b @@ -1771,7 +1771,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 7fbb083c5cf0948af3624b7538ffa086f77de27a3e84a7039ae7d6574f1a3a54 -R b6834208f7c836cdc5642ce75ee0475c +P ec36d15a9e349f4295a9e2215dea0a18e9276e0e4ce2d05021e6b467ab7763bb +R dd28e1032e7501a10c527d67fc7e62ed U drh -Z 331652a34e41515169becdfffb61b371 +Z de92fbcb4550e9f483f9e1ba42f7c62c diff --git a/manifest.uuid b/manifest.uuid index b0332906bd..db516281c9 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -ec36d15a9e349f4295a9e2215dea0a18e9276e0e4ce2d05021e6b467ab7763bb \ No newline at end of file +90cf32cde072a305f30c75a71665d1f9e23e805c0a49f5306f015c056dd70f0c \ No newline at end of file diff --git a/src/os_unix.c b/src/os_unix.c index 4228aaaf05..f20763e5b0 100644 --- a/src/os_unix.c +++ b/src/os_unix.c @@ -4435,7 +4435,12 @@ static int unixLockSharedMemory(unixFile *pDbFd, unixShmNode *pShmNode){ rc = SQLITE_READONLY_CANTINIT; }else{ rc = unixShmSystemLock(pDbFd, F_WRLCK, UNIX_SHM_DMS, 1); - if( rc==SQLITE_OK && robust_ftruncate(pShmNode->hShm, 0) ){ + /* The first connection to attach must truncate the -shm file. We + ** truncate to 3 bytes (an arbitrary small number, less than the + ** -shm header size) rather than 0 as a system debugging aid, to + ** help detect if a -shm file truncation is legitimate or is the work + ** or a rogue process. */ + if( rc==SQLITE_OK && robust_ftruncate(pShmNode->hShm, 3) ){ rc = unixLogError(SQLITE_IOERR_SHMOPEN,"ftruncate",pShmNode->zFilename); } }