From: shane Date: Wed, 7 May 2008 18:59:28 +0000 (+0000) Subject: Added test cases for corrupt SerialTypeLen header values, and additional check to... X-Git-Tag: version-3.6.10~1076 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ca8bc08dd5f18bdfc209a131370675f7e2893e2;p=thirdparty%2Fsqlite.git Added test cases for corrupt SerialTypeLen header values, and additional check to improve detection of corrupt values. (CVS 5101) FossilOrigin-Name: 530c6360610f737e85608b23ede2646d69d1bc9a --- diff --git a/manifest b/manifest index ad0c35b2a1..56338c1f1f 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Modify\sthe\sheader\scomment\sin\sjrnlmode2.test.\sNo\scode\sor\stest\schanges.\s(CVS\s5100) -D 2008-05-07T15:44:26 +C Added\stest\scases\sfor\scorrupt\sSerialTypeLen\sheader\svalues,\sand\sadditional\scheck\sto\simprove\sdetection\sof\scorrupt\svalues.\s(CVS\s5101) +D 2008-05-07T18:59:29 F Makefile.arm-wince-mingw32ce-gcc ac5f7b2cef0cd850d6f755ba6ee4ab961b1fadf7 F Makefile.in 8b9b8263852f0217157f9042b8e3dae7427ec739 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -167,7 +167,7 @@ F src/update.c 2d7143b9014e955509cc4f323f9a9584fb898f34 F src/utf.c 8c94fa10efc78c2568d08d436acc59df4df7191b F src/util.c 43a77ab79275991b819428ded8ac8dc868604ac7 F src/vacuum.c c3b2b70677f874102b8753bf494c232e777f3998 -F src/vdbe.c 26964ba7ed76d2a1c52747d601aaf2dc5b09b651 +F src/vdbe.c 2bc3352c8109ef312ea129ae1cbad4c0328c5871 F src/vdbe.h f4bb70962d9c13e0f65b215c90e8acea1ae6e8ee F src/vdbeInt.h 18aebaa7857de4507d92ced62d8fe0844671a681 F src/vdbeapi.c c810f936b09a1cfcac6b3624ad237b7951ca1880 @@ -233,6 +233,7 @@ F test/corrupt2.test 8059c7354aaba91e7405b4503b79f456c816df8e F test/corrupt3.test 263e8bb04e2728df832fddf6973cf54c91db0c32 F test/corrupt4.test acdb01afaedf529004b70e55de1a6f5a05ae7fff F test/corrupt5.test 7796d5bdfe155ed824cee9dff371f49da237cfe0 +F test/corrupt6.test 9c32c74e41a6c9c2964bad75dca3785f956e556a F test/crash.test 1b6ac8410689ff78028887f445062dc897c9ac89 F test/crash2.test 26d7a4c5520201e5de2c696ea51ab946b59dc0e9 F test/crash3.test 0b09687ae1a3ccbcefdfaeb4b963e26e36255d76 @@ -633,7 +634,7 @@ F www/tclsqlite.tcl 8be95ee6dba05eabcd27a9d91331c803f2ce2130 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5 -P 0bf656a401b9fc16b33ecd49a6db9b769156494d -R 8f0ba5ce595d9ce17b29f3fa13b18680 -U danielk1977 -Z 8ee24fcee9bfb70ecd48023f6f69896f +P ed728104c8e77a5526a2fcb62fea577940731d90 +R 662f2572cbb8e504e1cbbe6b8cab0ff5 +U shane +Z d87bdc7540c0da4b026b69711c54995d diff --git a/manifest.uuid b/manifest.uuid index 5e3d4b98b9..7fbb5f90d2 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -ed728104c8e77a5526a2fcb62fea577940731d90 \ No newline at end of file +530c6360610f737e85608b23ede2646d69d1bc9a \ No newline at end of file diff --git a/src/vdbe.c b/src/vdbe.c index 35527f65dc..a7587610bf 100644 --- a/src/vdbe.c +++ b/src/vdbe.c @@ -43,7 +43,7 @@ ** in this file for details. If in doubt, do not deviate from existing ** commenting and indentation practices when changing or adding code. ** -** $Id: vdbe.c,v 1.737 2008/04/29 00:15:21 drh Exp $ +** $Id: vdbe.c,v 1.738 2008/05/07 18:59:29 shane Exp $ */ #include "sqliteInt.h" #include @@ -2047,9 +2047,11 @@ case OP_Column: { /* If we have read more header data than was contained in the header, ** or if the end of the last field appears to be past the end of the - ** record, then we must be dealing with a corrupt database. + ** record, or if the end of the last field appears to be before the end + ** of the record (when all fields present), then we must be dealing + ** with a corrupt database. */ - if( zIdx>zEndHdr || offset>payloadSize ){ + if( zIdx>zEndHdr || offset>payloadSize || (zIdx==zEndHdr && offset!=payloadSize) ){ rc = SQLITE_CORRUPT_BKPT; goto op_column_out; } diff --git a/test/corrupt6.test b/test/corrupt6.test new file mode 100644 index 0000000000..3e96dc6336 --- /dev/null +++ b/test/corrupt6.test @@ -0,0 +1,143 @@ +# 2008 May 6 +# +# The author disclaims copyright to this source code. In place of +# a legal notice, here is a blessing: +# +# May you do good and not evil. +# May you find forgiveness for yourself and forgive others. +# May you share freely, never taking more than you give. +# +#*********************************************************************** +# This file implements regression tests for SQLite library. +# +# This file implements tests to make sure SQLite does not crash or +# segfault if it sees a corrupt database file. It specifically focuses +# on corrupt SerialTypeLen values. +# +# $Id: corrupt6.test,v 1.1 2008/05/07 18:59:29 shane Exp $ + +set testdir [file dirname $argv0] +source $testdir/tester.tcl + +# We must have the page_size pragma for these tests to work. +# +ifcapable !pager_pragmas { + finish_test + return +} + +# Create a simple, small database. +# +do_test corrupt6-1.1 { + execsql { + PRAGMA auto_vacuum=OFF; + PRAGMA page_size=1024; + CREATE TABLE t1(x); + INSERT INTO t1(x) VALUES('varint32-01234567890123456789012345678901234567890123456789'); + INSERT INTO t1(x) VALUES('varint32-01234567890123456789012345678901234567890123456789'); + } + file size test.db +} [expr {1024*2}] + +# Verify that the file format is as we expect. The page size +# should be 1024 bytes. +# +do_test corrupt6-1.2 { + hexio_get_int [hexio_read test.db 16 2] +} 1024 ;# The page size is 1024 +do_test corrupt6-1.3 { + hexio_get_int [hexio_read test.db 20 1] +} 0 ;# Unused bytes per page is 0 + +integrity_check corrupt6-1.4 + +# Verify SerialTypeLen for first field of two records as we expect. +# SerialTypeLen = (len*2+12) = 60*2+12 = 132 +do_test corrupt6-1.5.1 { + hexio_read test.db 1923 2 +} 8103 ;# First text field size if 81 03 == 131 +do_test corrupt6-1.5.2 { + hexio_read test.db 1987 2 +} 8103 ;# Second text field size if 81 03 == 131 + +# Verify simple query results as expected. +do_test corrupt6-1.6 { + db close + sqlite3 db test.db + catchsql { + SELECT substr(x,1,8) FROM t1 + } +} [list 0 {varint32 varint32} ] +integrity_check corrupt6-1.7 + +# Adjust value of record 1 / field 1 SerialTypeLen and see if the +# corruption is detected. +# Increase SerialTypeLen by 2. +do_test corrupt6-1.8.1 { + db close + hexio_write test.db 1923 8105 + sqlite3 db test.db + catchsql { + SELECT substr(x,1,8) FROM t1 + } +} [list 1 {database disk image is malformed}] + +# Adjust value of record 1 / field 1 SerialTypeLen and see if the +# corruption is detected. +# Decrease SerialTypeLen by 2. +do_test corrupt6-1.8.2 { + db close + hexio_write test.db 1923 8101 + sqlite3 db test.db + catchsql { + SELECT substr(x,1,8) FROM t1 + } +} [list 1 {database disk image is malformed}] + +# Put value of record 1 / field 1 SerialTypeLen back. +do_test corrupt6-1.8.3 { + db close + hexio_write test.db 1923 8103 + sqlite3 db test.db + catchsql { + SELECT substr(x,1,8) FROM t1 + } +} [list 0 {varint32 varint32} ] +integrity_check corrupt6-1.8.4 + +# Adjust value of record 2 / field 1 SerialTypeLen and see if the +# corruption is detected. +# Increase SerialTypeLen by 2. +do_test corrupt6-1.9.1 { + db close + hexio_write test.db 1987 8105 + sqlite3 db test.db + catchsql { + SELECT substr(x,1,8) FROM t1 + } +} [list 1 {database disk image is malformed}] + +# Adjust value of record 2 / field 2 SerialTypeLen and see if the +# corruption is detected. +# Decrease SerialTypeLen by 2. +do_test corrupt6-1.9.2 { + db close + hexio_write test.db 1987 8101 + sqlite3 db test.db + catchsql { + SELECT substr(x,1,8) FROM t1 + } +} [list 1 {database disk image is malformed}] + +# Put value of record 1 / field 2 SerialTypeLen back. +do_test corrupt6-1.9.3 { + db close + hexio_write test.db 1987 8103 + sqlite3 db test.db + catchsql { + SELECT substr(x,1,8) FROM t1 + } +} [list 0 {varint32 varint32} ] +integrity_check corrupt6-1.9.4 + +finish_test