From: drh <drh@noemail.net>
Date: Wed, 22 Jul 2020 21:05:23 +0000 (+0000)
Subject: Disable rootpage bounds checking when the SQLITE_TESTCTRL_EXTRA_SCHEMA_CHECKS
X-Git-Tag: version-3.33.0~36^2~8^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Frootpage-bounds-check;p=thirdparty%2Fsqlite.git

Disable rootpage bounds checking when the SQLITE_TESTCTRL_EXTRA_SCHEMA_CHECKS
setting is off, to facilitate reaching obscure error states during testing.

FossilOrigin-Name: d7dd4fc464c791915f646b1ad228697d1fa16f530fc7d0e9aa702c8df3068c65
---

diff --git a/manifest b/manifest
index f6a100715d..cdb9a6d8f5 100644
--- a/manifest
+++ b/manifest
@@ -1,15 +1,17 @@
 B d2aac001204621062e6cb3230ce2ac1b4545cb83b3ebb6bfebccee4d51162e97
-C Improvements\sto\srootpage\sbounds\schecking\sduring\sschema\sparse.
-D 2020-07-22T20:12:10.870
+C Disable\srootpage\sbounds\schecking\swhen\sthe\sSQLITE_TESTCTRL_EXTRA_SCHEMA_CHECKS\nsetting\sis\soff,\sto\sfacilitate\sreaching\sobscure\serror\sstates\sduring\stesting.
+D 2020-07-22T21:05:23.775
 F src/analyze.c 5cffff3d355858cd22bfc6e20ac7203510d2e1cc935086eb06f4abb2f579f628
 F src/btree.c a4720f51945a86379ecd962a715d6fe9de08651a67d1e6f7b4884612da83ceb5
 F src/btree.h 7af72bbb4863c331c8f6753277ab40ee67d2a2125a63256d5c25489722ec162b
 F src/btreeInt.h 83166f6daeb91062b6ae9ee6247b3ad07e40eba58f3c05ba9e8dedad4ab1ea38
-F src/build.c f2b73fbb2197fb6e6a35ff2e1750085f023dc50542185f1a2dfccd632223eb14
+F src/build.c 1b8436ed3ac339a0507e61b14e4bd823eb02b76a9499b2241fddc61a5ff38c1a
+F src/main.c eb8169cb49d36ef3481ed8f39459a4d1d61f07bd71ec26e6ee0b5da4ab73d49c
 F src/pager.c a5f65ff2cd73b8d381cc7b338cac382ca6978d578fa0b84fdaa11d3cdc3c3e18
-F src/prepare.c 8e7300f91270fd2dca9852419eb0a0d282220b0faddb04890131738f7fcd5c56
+F src/prepare.c 28193f0b7fc377e14682c56b10b9dd75cf7e41eb25b8ff1ce5a4536e680e1193
 F src/select.c 0e75d64091200a2a8fdc02abafe176a0c2e9b2654c4cc34564f25f0b408e91de
 F src/sqliteInt.h ec260b2441d94ef0b5be424c323cf255ae30d23e2fb2bd1c42a3a59c2fbafedb
+F src/test1.c f5cb6544a38edf0fb214384c9f7a5ab2b04b0094223b0854c004d18b8f0a7f34
 F src/util.c 9ae0b629657ca10abde2f27f5dc3e545cb66d298d111bac062b236a099f8df2d
 F src/vdbe.c 120fdb1add80309cf1b4d6cc88b7f4e0580e816ded743a8f495fff9ef35a4e0a
 F src/vdbe.h 83603854bfa5851af601fc0947671eb260f4363e62e960e8a994fb9bbcd2aaa1
@@ -17,8 +19,13 @@ F src/vdbeInt.h 762abffb7709f19c2cb74af1bba73a900f762e64f80d69c31c9ae89ed1066b60
 F src/vdbeaux.c 1cbbbffdb874c6f3e7aab40f3deb48abac4a71df1043cd95bb0d652d4e053871
 F src/wherecode.c 8064fe5c042824853a9b1fda670054a51a49033a6c79059988c97751ccf8088e
 F test/corrupt3.test 2520432b1fbf99994841e69804a3c59fb828183f4d09b85a1631bc7adca17e31
+F test/corruptL.test ddd255069ec87976587956c7afc1932005d7ee5eaf4fe426a8994d945b883770
+F test/dbfuzz001.test 55e1a3504f8dea84155e09912fe3b1c3ad77e0b1a938ec42ca03b8e51b321e30
+F test/fts3corrupt4.test b352268a7092e5581b1c3fb29b7f19b424fefbc1edfd3bb9ee4eeb0d4beef970
+F test/pager1.test 4fba160bf450cea19f6bf1d6483ef467545bac6405570e176c83c2c4b5d6d0d5
+F test/tester.tcl 6417cbb60c4169804e2e1b36ce1a840c9f33d0b0d97956e058f3cc49ed3904f0
 F tool/showdb.c 49e810f5c414c792b5bf38cd5557ca9639713ebfef32aaff32faf7cb7ccce513
-P 6c3a2727dc912ed800146e07db5d15d0f3468d13701165ba763c4b114c3e18e8
-R 8ead1dc407d0990e3de43a2746002935
+P 75599a9731be19e213a8ae174b038a43381bc6883a6b7f4058c2c1625fdea432
+R 9f768fbf5ac24d5cfc1f04bde3af2863
 U drh
-Z 6533392daf1a1cab3900f2468d6a420b
+Z 56035c31aed5e13e385f056a7e4f58ad
diff --git a/manifest.uuid b/manifest.uuid
index de3900513b..abb52b5016 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-75599a9731be19e213a8ae174b038a43381bc6883a6b7f4058c2c1625fdea432
\ No newline at end of file
+d7dd4fc464c791915f646b1ad228697d1fa16f530fc7d0e9aa702c8df3068c65
\ No newline at end of file
diff --git a/src/build.c b/src/build.c
index 6f96888e75..65771a71ff 100644
--- a/src/build.c
+++ b/src/build.c
@@ -888,7 +888,10 @@ int sqlite3CheckObjectName(
   const char *zTblName      /* Parent table name for triggers and indexes */
 ){
   sqlite3 *db = pParse->db;
-  if( sqlite3WritableSchema(db) || db->init.imposterTable ){
+  if( sqlite3WritableSchema(db)
+   || db->init.imposterTable
+   || !sqlite3Config.bExtraSchemaChecks
+  ){
     /* Skip these error checks for writable_schema=ON */
     return SQLITE_OK;
   }
@@ -897,10 +900,8 @@ int sqlite3CheckObjectName(
      || sqlite3_stricmp(zName, db->init.azInit[1])
      || sqlite3_stricmp(zTblName, db->init.azInit[2])
     ){
-      if( sqlite3Config.bExtraSchemaChecks ){
-        sqlite3ErrorMsg(pParse, ""); /* corruptSchema() will supply the error */
-        return SQLITE_ERROR;
-      }
+      sqlite3ErrorMsg(pParse, ""); /* corruptSchema() will supply the error */
+      return SQLITE_ERROR;
     }
   }else{
     if( (pParse->nested==0 && 0==sqlite3StrNICmp(zName, "sqlite_", 7))
diff --git a/src/main.c b/src/main.c
index e0ceb1cb33..c25972f48a 100644
--- a/src/main.c
+++ b/src/main.c
@@ -4091,6 +4091,12 @@ int sqlite3_test_control(int op, ...){
     ** Set or clear a flag that causes SQLite to verify that type, name,
     ** and tbl_name fields of the sqlite_schema table.  This is normally
     ** on, but it is sometimes useful to turn it off for testing.
+    **
+    ** 2020-07-22:  Disabling EXTRA_SCHEMA_CHECKS also disables the
+    ** verification of rootpage numbers when parsing the schema.  This
+    ** is useful to make it easier to reach strange internal error states
+    ** during testing.  The EXTRA_SCHEMA_CHECKS settting is always enabled
+    ** in production.
     */
     case SQLITE_TESTCTRL_EXTRA_SCHEMA_CHECKS: {
       sqlite3GlobalConfig.bExtraSchemaChecks = va_arg(ap, int);
diff --git a/src/prepare.c b/src/prepare.c
index 0be11a226b..bee63cdb58 100644
--- a/src/prepare.c
+++ b/src/prepare.c
@@ -118,7 +118,9 @@ int sqlite3InitCallback(void *pInit, int argc, char **argv, char **NotUsed){
     if( sqlite3GetUInt32(argv[3], &db->init.newTnum)==0
      || (db->init.newTnum>pData->mxPage && pData->mxPage>0)
     ){
-      corruptSchema(pData, argv[1], "invalid rootpage");
+      if( sqlite3Config.bExtraSchemaChecks ){
+        corruptSchema(pData, argv[1], "invalid rootpage");
+      }
     }
     db->init.orphanTrigger = 0;
     db->init.azInit = argv;
@@ -160,7 +162,9 @@ int sqlite3InitCallback(void *pInit, int argc, char **argv, char **NotUsed){
      || (pIndex->tnum>pData->mxPage && pData->mxPage!=0)
      || sqlite3IndexHasDuplicateRootPage(pIndex)
     ){
-      corruptSchema(pData, argv[1], "invalid roopage");
+      if( sqlite3Config.bExtraSchemaChecks ){
+        corruptSchema(pData, argv[1], "invalid roopage");
+      }
     }
   }
   return 0;
diff --git a/src/test1.c b/src/test1.c
index f94adf2d60..2340d85b3e 100644
--- a/src/test1.c
+++ b/src/test1.c
@@ -6437,6 +6437,30 @@ static int SQLITE_TCLAPI prng_seed(
   return TCL_OK;
 }
 
+/*
+** tclcmd:  extra_schema_checks BOOLEAN
+**
+** Enable or disable schema checks when parsing the sqlite_schema file.
+** This is always enabled in production, but it is sometimes useful to
+** disable the checks in order to make some internal error states reachable
+** for testing.
+*/
+static int SQLITE_TCLAPI extra_schema_checks(
+  ClientData clientData, /* Pointer to sqlite3_enable_XXX function */
+  Tcl_Interp *interp,    /* The TCL interpreter that invoked this command */
+  int objc,              /* Number of arguments */
+  Tcl_Obj *CONST objv[]  /* Command arguments */
+){
+  int i = 0;
+  if( objc!=2 ){
+    Tcl_WrongNumArgs(interp, 1, objv, "BOOLEAN");
+    return TCL_ERROR;
+  }
+  if( Tcl_GetBooleanFromObj(interp,objv[1],&i) ) return TCL_ERROR;
+  sqlite3_test_control(SQLITE_TESTCTRL_EXTRA_SCHEMA_CHECKS, i);
+  return TCL_OK;
+}
+
 /*
 ** tclcmd:  database_may_be_corrupt
 **
@@ -8003,6 +8027,7 @@ int Sqlitetest1_Init(Tcl_Interp *interp){
      { "restore_prng_state",            restore_prng_state, 0 },
      { "reset_prng_state",              reset_prng_state,   0 },
      { "prng_seed",                     prng_seed,          0 },
+     { "extra_schema_checks",           extra_schema_checks,    0},
      { "database_never_corrupt",        database_never_corrupt, 0},
      { "database_may_be_corrupt",       database_may_be_corrupt, 0},
      { "optimization_control",          optimization_control,0},
diff --git a/test/corruptL.test b/test/corruptL.test
index 6a2fa94fc1..0cdb2a65fa 100644
--- a/test/corruptL.test
+++ b/test/corruptL.test
@@ -1174,6 +1174,7 @@ do_test 14.0 {
 | end clusterfuzz-testcase-minimized-sqlite3_dbfuzz2_fuzzer-4806406219825152
 }]} {}
 
+extra_schema_checks 0
 do_catchsql_test 14.1 {
   PRAGMA integrity_check;
 } {1 {database disk image is malformed}}
@@ -1181,6 +1182,7 @@ do_catchsql_test 14.1 {
 do_catchsql_test 14.2 {
   ALTER TABLE t1 RENAME TO alkjalkjdfiiiwuer987lkjwer82mx97sf98788s9789s; 
 } {1 {database disk image is malformed}}
+extra_schema_checks 1
 
 #-------------------------------------------------------------------------
 reset_db
@@ -1263,9 +1265,11 @@ do_test 15.0 {
 | end crash-3afa1ca9e9c1bd.db
 }]} {}
 
+extra_schema_checks 0
 do_execsql_test 15.1 {
   UPDATE c1 SET c= NOT EXISTS(SELECT 1 FROM c1 ORDER BY (SELECT 1 FROM c1 ORDER BY a)) +10 WHERE d BETWEEN 4 AND 7;
 } {}
+extra_schema_checks 1
 
 #-------------------------------------------------------------------------
 reset_db
@@ -1291,5 +1295,3 @@ do_catchsql_test 16.1 {
 } {1 {database disk image is malformed}}
 
 finish_test
-
-
diff --git a/test/dbfuzz001.test b/test/dbfuzz001.test
index 7ef4cd2a3f..2a430de12e 100644
--- a/test/dbfuzz001.test
+++ b/test/dbfuzz001.test
@@ -361,6 +361,7 @@ do_test dbfuzz001-310 {
   }]
 } {}
 
+extra_schema_checks 0
 do_catchsql_test dbfuzz001-320 {
   PRAGMA integrity_check;
 } {1 {database disk image is malformed}}
@@ -368,5 +369,6 @@ do_catchsql_test dbfuzz001-320 {
 do_catchsql_test dbfuzz001-330 {
   DELETE FROM t3 WHERE x IN (SELECT x FROM t4);
 } {1 {database disk image is malformed}}
+extra_schema_checks 1
 
 finish_test
diff --git a/test/fts3corrupt4.test b/test/fts3corrupt4.test
index 90a7c7d4c2..3a4b961511 100644
--- a/test/fts3corrupt4.test
+++ b/test/fts3corrupt4.test
@@ -27,6 +27,7 @@ ifcapable !fts3 {
 
 sqlite3_fts3_may_be_corrupt 1
 database_may_be_corrupt
+extra_schema_checks 0
 
 do_execsql_test 1.0 {
   BEGIN;
@@ -6281,5 +6282,6 @@ do_catchsql_test 46.2 {
 } {1 {database disk image is malformed}}
 
 set sqlite_fts3_enable_parentheses $saved
+extra_schema_checks 1
 
 finish_test
diff --git a/test/pager1.test b/test/pager1.test
index 8216b467ed..20fd8bd17a 100644
--- a/test/pager1.test
+++ b/test/pager1.test
@@ -1930,6 +1930,7 @@ do_test pager1-18.4 {
   catchsql { SELECT length(x||'') FROM t2 } db2
 } {1 {database disk image is malformed}}
 db2 close
+extra_schema_checks 0
 do_test pager1-18.5 {
   sqlite3 db ""
   sqlite3_db_config db DEFENSIVE 0
@@ -1944,6 +1945,7 @@ do_test pager1-18.5 {
   catchsql { SELECT * FROM x1 }
 } {1 {database disk image is malformed}}
 db close
+extra_schema_checks 1
 
 do_test pager1-18.6 {
   faultsim_delete_and_reopen
diff --git a/test/tester.tcl b/test/tester.tcl
index 2915e216b2..b1acb0686a 100644
--- a/test/tester.tcl
+++ b/test/tester.tcl
@@ -2479,6 +2479,7 @@ set sqlite_fts3_enable_parentheses 0
 # this setting by invoking "database_can_be_corrupt"
 #
 database_never_corrupt
+extra_schema_checks 1
 
 source $testdir/thread_common.tcl
 source $testdir/malloc_common.tcl