summaryrefslogtreecommitdiffstats
path: root/test/corrupt.test
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:28:19 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:28:19 +0000
commit18657a960e125336f704ea058e25c27bd3900dcb (patch)
tree17b438b680ed45a996d7b59951e6aa34023783f2 /test/corrupt.test
parentInitial commit. (diff)
downloadsqlite3-18657a960e125336f704ea058e25c27bd3900dcb.tar.xz
sqlite3-18657a960e125336f704ea058e25c27bd3900dcb.zip
Adding upstream version 3.40.1.upstream/3.40.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/corrupt.test')
-rw-r--r--test/corrupt.test349
1 files changed, 349 insertions, 0 deletions
diff --git a/test/corrupt.test b/test/corrupt.test
new file mode 100644
index 0000000..62ead4d
--- /dev/null
+++ b/test/corrupt.test
@@ -0,0 +1,349 @@
+# 2004 August 30 {}
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#***********************************************************************
+# This file implements regression tests for SQLite library.
+#
+# This file implements tests to make sure SQLite does not crash or
+# segfault if it sees a corrupt database file.
+#
+# $Id: corrupt.test,v 1.12 2009/07/13 09:41:45 danielk1977 Exp $
+
+catch {forcedelete test.db test.db-journal test.bu}
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+
+# Do not use a codec for tests in this file, as the database file is
+# manipulated directly using tcl scripts (using the [hexio_write] command).
+#
+do_not_use_codec
+
+# These tests deal with corrupt database files
+#
+database_may_be_corrupt
+
+# Construct a large database for testing.
+#
+do_test corrupt-1.1 {
+ execsql {
+ BEGIN;
+ CREATE TABLE t1(x);
+ INSERT INTO t1 VALUES(randstr(100,100));
+ INSERT INTO t1 VALUES(randstr(90,90));
+ INSERT INTO t1 VALUES(randstr(80,80));
+ INSERT INTO t1 SELECT x || randstr(5,5) FROM t1;
+ INSERT INTO t1 SELECT x || randstr(6,6) FROM t1;
+ INSERT INTO t1 SELECT x || randstr(7,7) FROM t1;
+ INSERT INTO t1 SELECT x || randstr(8,8) FROM t1;
+ INSERT INTO t1 VALUES(randstr(3000,3000));
+ INSERT INTO t1 SELECT x || randstr(9,9) FROM t1;
+ INSERT INTO t1 SELECT x || randstr(10,10) FROM t1;
+ INSERT INTO t1 SELECT x || randstr(11,11) FROM t1;
+ INSERT INTO t1 SELECT x || randstr(12,12) FROM t1;
+ CREATE INDEX t1i1 ON t1(x);
+ CREATE TABLE t2 AS SELECT * FROM t1;
+ DELETE FROM t2 WHERE rowid%5!=0;
+ COMMIT;
+ }
+} {}
+integrity_check corrupt-1.2
+
+# Setup for the tests. Make a backup copy of the good database in test.bu.
+# Create a string of garbage data that is 256 bytes long.
+#
+forcecopy test.db test.bu
+set fsize [file size test.db]
+set junk "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+while {[string length $junk]<256} {append junk $junk}
+set junk [string range $junk 0 255]
+
+# Go through the database and write garbage data into each 256 segment
+# of the file. Then do various operations on the file to make sure that
+# the database engine can recover gracefully from the corruption.
+#
+for {set i [expr {1*256}]} {$i<$fsize-256} {incr i 256} {
+ set tn [expr {$i/256}]
+ db close
+ forcecopy test.bu test.db
+ set fd [open test.db r+]
+ fconfigure $fd -translation binary
+ seek $fd $i
+ puts -nonewline $fd $junk
+ close $fd
+ do_test corrupt-2.$tn.1 {
+ sqlite3 db test.db
+ catchsql {SELECT count(*) FROM sqlite_master}
+ set x {}
+ } {}
+ do_test corrupt-2.$tn.2 {
+ catchsql {SELECT count(*) FROM t1}
+ set x {}
+ } {}
+ do_test corrupt-2.$tn.3 {
+ catchsql {SELECT count(*) FROM t1 WHERE x>'abcdef'}
+ set x {}
+ } {}
+ do_test corrupt-2.$tn.4 {
+ catchsql {SELECT count(*) FROM t2}
+ set x {}
+ } {}
+ do_test corrupt-2.$tn.5 {
+ catchsql {CREATE TABLE t3 AS SELECT * FROM t1}
+ set x {}
+ } {}
+ do_test corrupt-2.$tn.6 {
+ catchsql {DROP TABLE t1}
+ set x {}
+ } {}
+ do_test corrupt-2.$tn.7 {
+ catchsql {PRAGMA integrity_check}
+ set x {}
+ } {}
+
+ # Check that no page references were leaked.
+ do_test corrupt-2.$tn.8 {
+ set bt [btree_from_db db]
+ db_enter db
+ array set stats [btree_pager_stats $bt]
+ db_leave db
+ set stats(ref)
+ } {0}
+}
+
+#------------------------------------------------------------------------
+# For these tests, swap the rootpage entries of t1 (a table) and t1i1 (an
+# index on t1) in sqlite_master. Then perform a few different queries
+# and make sure this is detected as corruption.
+#
+do_test corrupt-3.1 {
+ db close
+ forcecopy test.bu test.db
+ sqlite3 db test.db
+ list
+} {}
+do_test corrupt-3.2 {
+ set t1_r [execsql {SELECT rootpage FROM sqlite_master WHERE name = 't1i1'}]
+ set t1i1_r [execsql {SELECT rootpage FROM sqlite_master WHERE name = 't1'}]
+ set cookie [expr [execsql {PRAGMA schema_version}] + 1]
+ sqlite3_db_config db DEFENSIVE 0
+ execsql "
+ PRAGMA writable_schema = 1;
+ UPDATE sqlite_master SET rootpage = $t1_r WHERE name = 't1';
+ UPDATE sqlite_master SET rootpage = $t1i1_r WHERE name = 't1i1';
+ PRAGMA writable_schema = 0;
+ PRAGMA schema_version = $cookie;
+ "
+} {}
+
+# This one tests the case caught by code in checkin [2313].
+do_test corrupt-3.3 {
+ db close
+ sqlite3 db test.db
+ catchsql {
+ INSERT INTO t1 VALUES('abc');
+ }
+} {1 {database disk image is malformed}}
+do_test corrupt-3.4 {
+ db close
+ sqlite3 db test.db
+ catchsql {
+ SELECT * FROM t1;
+ }
+} {1 {database disk image is malformed}}
+do_test corrupt-3.5 {
+ db close
+ sqlite3 db test.db
+ catchsql {
+ SELECT * FROM t1 WHERE oid = 10;
+ }
+} {1 {database disk image is malformed}}
+do_test corrupt-3.6 {
+ db close
+ sqlite3 db test.db
+ catchsql {
+ SELECT * FROM t1 WHERE x = 'abcde';
+ }
+} {1 {database disk image is malformed}}
+
+do_test corrupt-4.1 {
+ db close
+ forcedelete test.db test.db-journal
+ sqlite3 db test.db
+ execsql {
+ PRAGMA page_size = 1024;
+ CREATE TABLE t1(a INTEGER PRIMARY KEY, b TEXT);
+ }
+ for {set i 0} {$i < 10} {incr i} {
+ set text [string repeat $i 220]
+ execsql { INSERT INTO t1 VALUES($i, $text) }
+ }
+ execsql { CREATE INDEX i1 ON t1(b) }
+} {}
+do_test corrupt-4.2 {
+ set iRoot [db one {SELECT rootpage FROM sqlite_master WHERE name = 'i1'}]
+ set iOffset [hexio_get_int [hexio_read test.db [expr 12+($iRoot-1)*1024] 2]]
+ set data [hexio_render_int32 [expr $iRoot - 1]]
+ hexio_write test.db [expr ($iRoot-1)*1024 + $iOffset] $data
+ db close
+ sqlite3 db test.db
+
+ # The following DELETE statement attempts to delete a cell stored on the
+ # root page of index i1. After this cell is deleted it must be replaced
+ # by a cell retrieved from the child page (a leaf) of the deleted cell.
+ # This will fail, as the block modified the database image so that the
+ # child page of the deleted cell is from a table (intkey) b-tree, not an
+ # index b-tree as expected. At one point this was causing an assert()
+ # to fail.
+ catchsql { DELETE FROM t1 WHERE rowid = 3 }
+} {1 {database disk image is malformed}}
+
+do_test corrupt-5.1 {
+ db close
+ forcedelete test.db test.db-journal
+ sqlite3 db test.db
+
+ execsql { PRAGMA page_size = 1024 }
+ set ct "CREATE TABLE t1(c0 "
+ set i 0
+ while {[string length $ct] < 950} { append ct ", c[incr i]" }
+ append ct ")"
+ execsql $ct
+} {}
+
+do_test corrupt-5.2 {
+ db close
+ hexio_write test.db 108 00000000
+ sqlite3 db test.db
+ catchsql { SELECT * FROM sqlite_master }
+} {1 {database disk image is malformed}}
+
+# At one point, the specific corruption caused by this test case was
+# causing a buffer overwrite. Although a crash was never demonstrated,
+# running this testcase under valgrind revealed the problem.
+do_test corrupt-6.1 {
+ db close
+ forcedelete test.db test.db-journal
+ sqlite3 db test.db
+ execsql {
+ PRAGMA page_size = 1024; CREATE TABLE t1(x);
+ }
+
+ # The root page of t1 is 1024 bytes in size. The header is 8 bytes, and
+ # each of the cells inserted by the following INSERT statements consume
+ # 16 bytes (including the 2 byte cell-offset array entry). So the page
+ # can contain up to 63 cells.
+ for {set i 0} {$i < 63} {incr i} {
+ execsql { INSERT INTO t1 VALUES( randomblob(10) ) }
+ }
+
+ # Free the cell stored right at the end of the page (at offset pgsz-14).
+ execsql { DELETE FROM t1 WHERE rowid=1 }
+ set rootpage [db one {SELECT rootpage FROM sqlite_master WHERE name = 't1'}]
+ db close
+
+ set offset [expr ($rootpage * 1024)-14+2]
+ hexio_write test.db $offset 00FF
+ sqlite3 db test.db
+
+ catchsql { INSERT INTO t1 VALUES( randomblob(10) ) }
+} {1 {database disk image is malformed}}
+
+ifcapable oversize_cell_check {
+ db close
+ forcedelete test.db test.db-journal
+ sqlite3 db test.db
+ execsql {
+ PRAGMA page_size = 1024; CREATE TABLE t1(x);
+ }
+
+ do_test corrupt-7.1 {
+ for {set i 0} {$i < 39} {incr i} {
+ execsql {
+ INSERT INTO t1 VALUES(X'000100020003000400050006000700080009000A');
+ }
+ }
+ } {}
+ db close
+
+ # Corrupt the root page of table t1 so that the first offset in the
+ # cell-offset array points to the data for the SQL blob associated with
+ # record (rowid=10). The root page still passes the checks in btreeInitPage(),
+ # because the start of said blob looks like the start of a legitimate
+ # page cell.
+ #
+ # Test case cc-2 overwrites the blob so that it no longer looks like a
+ # real cell. But, by the time it is overwritten, btreeInitPage() has already
+ # initialized the root page, so no corruption is detected.
+ #
+ # Test case cc-3 inserts an extra record into t1, forcing balance-deeper
+ # to run. After copying the contents of the root page to the new child,
+ # btreeInitPage() is called on the child. This time, it detects corruption
+ # (because the start of the blob associated with the (rowid=10) record
+ # no longer looks like a real cell). At one point the code assumed that
+ # detecting corruption was not possible at that point, and an assert() failed.
+ #
+ set fd [open test.db r+]
+ fconfigure $fd -translation binary -encoding binary
+ seek $fd [expr 1024+8]
+ puts -nonewline $fd "\x03\x14"
+ close $fd
+
+ sqlite3 db test.db
+ do_test corrupt-7.2 {
+ execsql {
+ UPDATE t1 SET x = X'870400020003000400050006000700080009000A'
+ WHERE rowid = 10;
+ }
+ } {}
+ do_test corrupt-7.3 {
+ catchsql {
+ INSERT INTO t1 VALUES(X'000100020003000400050006000700080009000A');
+ }
+ } {1 {database disk image is malformed}}
+}
+
+db close
+forcedelete test.db test.db-journal
+do_test corrupt-8.1 {
+ sqlite3 db test.db
+ execsql {
+ PRAGMA page_size = 1024;
+ PRAGMA secure_delete = on;
+ PRAGMA auto_vacuum = 0;
+ CREATE TABLE t1(x INTEGER PRIMARY KEY, y);
+ INSERT INTO t1 VALUES(5, randomblob(1900));
+ }
+
+ hexio_write test.db 2044 [hexio_render_int32 2]
+ hexio_write test.db 24 [hexio_render_int32 45]
+
+ catchsql { INSERT OR REPLACE INTO t1 VALUES(5, randomblob(1900)) }
+} {1 {database disk image is malformed}}
+
+db close
+forcedelete test.db test.db-journal
+do_test corrupt-8.2 {
+ sqlite3 db test.db
+ execsql {
+ PRAGMA page_size = 1024;
+ PRAGMA secure_delete = on;
+ PRAGMA auto_vacuum = 0;
+ CREATE TABLE t1(x INTEGER PRIMARY KEY, y);
+ INSERT INTO t1 VALUES(5, randomblob(900));
+ INSERT INTO t1 VALUES(6, randomblob(900));
+ }
+
+ hexio_write test.db 2047 FF
+ hexio_write test.db 24 [hexio_render_int32 45]
+
+ catchsql { INSERT INTO t1 VALUES(4, randomblob(1900)) }
+} {1 {database disk image is malformed}}
+
+finish_test