1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
|
# 2010 October 27
#
# May you do good and not evil.
# May you find forgiveness for yourself and forgive others.
# May you share freely, never taking more than you give.
#
#***********************************************************************
# Test that the FTS3 extension does not crash when it encounters a
# corrupt data structure on disk.
#
set testdir [file dirname $argv0]
source $testdir/tester.tcl
# If SQLITE_ENABLE_FTS3 is not defined, omit this file.
ifcapable !fts3 { finish_test ; return }
set ::testprefix fts3corrupt
# Test that a doclist with a length field that indicates that the doclist
# extends past the end of the node on which it resides is correctly identified
# as database corruption.
#
sqlite3_db_config db DEFENSIVE 0
do_execsql_test 1.0 {
CREATE VIRTUAL TABLE t1 USING fts3;
INSERT INTO t1 VALUES('hello');
} {}
do_test fts3corrupt-1.1 {
set blob [db one {SELECT root from t1_segdir}]
set blob [binary format a7ca* $blob 24 [string range $blob 8 end]]
execsql { UPDATE t1_segdir SET root = $blob }
} {}
do_test fts3corrupt-1.2 {
foreach w {a b c d e f g h i j k l m n o} {
execsql { INSERT INTO t1 VALUES($w) }
}
} {}
do_catchsql_test 1.3 {
INSERT INTO t1 VALUES('world');
} {1 {database disk image is malformed}}
do_test 1.3.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
do_execsql_test 1.4 {
DROP TABLE t1;
}
# This block of tests checks that corruption is correctly detected if the
# length field of a term on a leaf node indicates that the term extends past
# the end of the node on which it resides. There are two cases:
#
# 1. The first term on the node.
# 2. The second or subsequent term on the node (prefix compressed term).
#
do_execsql_test 2.0 {
CREATE VIRTUAL TABLE t1 USING fts3;
BEGIN;
INSERT INTO t1 VALUES('hello');
INSERT INTO t1 VALUES('hello');
INSERT INTO t1 VALUES('hello');
INSERT INTO t1 VALUES('hello');
INSERT INTO t1 VALUES('hello');
COMMIT;
} {}
do_test fts3corrupt-2.1 {
set blob [db one {SELECT root from t1_segdir}]
set blob [binary format a*a* "\x00\x7F" [string range $blob 2 end]]
execsql { UPDATE t1_segdir SET root = $blob }
} {}
do_catchsql_test 2.2 {
SELECT rowid FROM t1 WHERE t1 MATCH 'hello'
} {1 {database disk image is malformed}}
do_test 2.2.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
do_execsql_test 3.0 {
DROP TABLE t1;
CREATE VIRTUAL TABLE t1 USING fts3;
BEGIN;
INSERT INTO t1 VALUES('hello');
INSERT INTO t1 VALUES('world');
COMMIT;
} {}
do_test fts3corrupt-3.1 {
set blob [db one {SELECT quote(root) from t1_segdir}]
set blob [binary format a11a*a* $blob "\x7F" [string range $blob 12 end]]
execsql { UPDATE t1_segdir SET root = $blob }
} {}
do_catchsql_test 3.2 {
SELECT rowid FROM t1 WHERE t1 MATCH 'world'
} {1 {database disk image is malformed}}
do_test 3.2.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
do_execsql_test 4.0 {
DROP TABLE t1;
CREATE VIRTUAL TABLE t1 USING fts3;
INSERT INTO t1(t1) VALUES('nodesize=24');
}
do_test fts3corrupt-4.1 {
execsql BEGIN
foreach s {
"amxtvoo adqwroyhz auq aithtir avniqnuynvf axp ahibayfynig agbicpm"
"ajdtebs anteaxr aieynenwmd awpl alo akxcrwow aoxftge aoqvgul"
"amcfvdr auz apu aebelm ahuxyz aqc asyafdb agulvhvqu"
"apepwfyz azkhdvkw aenyelxzbk aslnitbyet aycdsdcpgr aqzzdbc agfi axnypydou"
"aaqrzzcm apcxdxo atumltzj aevvivo aodknoft aqoyytoz alobx apldt"
} {
execsql { INSERT INTO t1 VALUES($s) }
}
execsql COMMIT
} {}
do_catchsql_test 4.2 {
UPDATE t1_segdir SET root = X'FFFFFFFFFFFFFFFF';
SELECT rowid FROM t1 WHERE t1 MATCH 'world';
} {1 {database disk image is malformed}}
do_test 4.2.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
set blob [binary format cca*cca*cca*cca*cca*cca*cca*cca*cca*cca*a* \
22 120 [string repeat a 120] \
22 120 [string repeat b 120] \
22 120 [string repeat c 120] \
22 120 [string repeat d 120] \
22 120 [string repeat e 120] \
22 120 [string repeat f 120] \
22 120 [string repeat g 120] \
22 120 [string repeat h 120] \
22 120 [string repeat i 120] \
22 120 [string repeat j 120] \
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
]
do_catchsql_test 4.3 {
UPDATE t1_segdir SET root = $blob;
SELECT rowid FROM t1 WHERE t1 MATCH 'world';
} {1 {database disk image is malformed}}
do_test 4.3.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
# Test a special kind of corruption, where the %_stat table contains
# an invalid entry. At one point this could lead to a division-by-zero
# error in fts4.
#
do_execsql_test 5.0 {
DROP TABLE t1;
CREATE VIRTUAL TABLE t1 USING fts4;
}
do_test 5.1 {
db func nn nn
execsql BEGIN
execsql { INSERT INTO t1 VALUES('one') }
execsql { INSERT INTO t1 VALUES('two') }
execsql { INSERT INTO t1 VALUES('three') }
execsql { INSERT INTO t1 VALUES('four') }
execsql COMMIT
} {}
do_catchsql_test 5.2 {
UPDATE t1_stat SET value = X'0000';
SELECT matchinfo(t1, 'nxa') FROM t1 WHERE t1 MATCH 't*';
} {1 {database disk image is malformed}}
do_test 5.2.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
do_catchsql_test 5.3 {
UPDATE t1_stat SET value = NULL;
SELECT matchinfo(t1, 'nxa') FROM t1 WHERE t1 MATCH 't*';
} {1 {database disk image is malformed}}
do_test 5.3.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
# 2019-11-18 https://bugs.chromium.org/p/chromium/issues/detail?id=1025467
# bug1
db close
sqlite3 db :memory:
do_catchsql_test 6.10 {
CREATE VIRTUAL TABLE f using fts3(a,b);
CREATE TABLE f_stat(id INTEGER PRIMARY KEY, value BLOB);
INSERT INTO f_segdir VALUES (2000, 0,0,0, '16', '');
INSERT INTO f_segdir VALUES (1999, 0,0,0, '0 18',
x'000131030102000103323334050101010200');
INSERT INTO f_segments (blockid) values (16);
INSERT INTO f_segments values (0, x'');
INSERT INTO f_stat VALUES (1,x'cf0f01');
INSERT INTO f(f) VALUES ('merge=1');
} {1 {database disk image is malformed}}
# 2020-03-02 https://bugs.chromium.org/p/chromium/issues/detail?id=1057441
# The ticket complains of use of an uninitialized value. That part is harmless.
# The only reason to fix this is the failure to detect a subtly corrupt
# inverted index.
#
reset_db
do_catchsql_test 7.10 {
CREATE VIRTUAL TABLE f USING fts3(a,b);
INSERT INTO f_segdir VALUES (0,0,1,0,'0 0',x'01010101020101');
SELECT matchinfo( f , 'pcx') FROM f WHERE b MATCH x'c533';
} {1 {database disk image is malformed}}
reset_db
sqlite3_fts3_may_be_corrupt 1
do_execsql_test 8.1 {
CREATE VIRTUAL TABLE f USING fts3(a);
INSERT INTO f(f) VALUES('nodesize=24');
BEGIN;
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz0123456789');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz0123456789');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz0123456789');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz012345678X');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz012345678X');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz012345678X');
COMMIT;
BEGIN;
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz0123456789');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz0123456789');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz0123456789');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz012345678X');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz012345678X');
INSERT INTO f VALUES('abcdefghijklmnopqrstuvwxyz012345678X');
COMMIT;
SELECT count(*) FROM f_segments;
} {4}
do_execsql_test 8.2 {
UPDATE f_segments SET block = (
SELECT block FROM f_segments WHERE blockid=1
) WHERE blockid=2
}
do_catchsql_test 8.3 {
INSERT INTO f(f) VALUES('merge=2,2');
} {1 {database disk image is malformed}}
sqlite3_fts3_may_be_corrupt 0
finish_test
|