xref: /sqlite-3.40.0/test/corrupt7.test (revision af3906a7) 
1# 2008 June 11
2#
3# The author disclaims copyright to this source code.  In place of
4# a legal notice, here is a blessing:
5#
6#    May you do good and not evil.
7#    May you find forgiveness for yourself and forgive others.
8#    May you share freely, never taking more than you give.
9#
10#***********************************************************************
11# This file implements regression tests for SQLite library.
12#
13# This file implements tests to make sure SQLite does not crash or
14# segfault if it sees a corrupt database file.  It specifically focuses
15# on corrupt cell offsets in a btree page.
16#
17# $Id: corrupt7.test,v 1.8 2009/08/10 10:18:08 danielk1977 Exp $
18
19set testdir [file dirname $argv0]
20source $testdir/tester.tcl
21
22# This module uses hard-coded offsets which do not work if the reserved_bytes
23# value is nonzero.
24if {[nonzero_reserved_bytes]} {finish_test; return;}
25
26# These tests deal with corrupt database files
27#
28database_may_be_corrupt
29
30# We must have the page_size pragma for these tests to work.
31#
32ifcapable !pager_pragmas {
33  finish_test
34  return
35}
36
37# Create a simple, small database.
38#
39do_test corrupt7-1.1 {
40  execsql {
41    PRAGMA auto_vacuum=OFF;
42    PRAGMA page_size=1024;
43    CREATE TABLE t1(x);
44    INSERT INTO t1(x) VALUES(1);
45    INSERT INTO t1(x) VALUES(2);
46    INSERT INTO t1(x) SELECT x+2 FROM t1;
47    INSERT INTO t1(x) SELECT x+4 FROM t1;
48    INSERT INTO t1(x) SELECT x+8 FROM t1;
49  }
50  file size test.db
51} [expr {1024*2}]
52
53# Verify that the file format is as we expect.  The page size
54# should be 1024 bytes.
55#
56do_test corrupt7-1.2 {
57  hexio_get_int [hexio_read test.db 16 2]
58} 1024   ;# The page size is 1024
59do_test corrupt7-1.3 {
60  hexio_get_int [hexio_read test.db 20 1]
61} 0      ;# Unused bytes per page is 0
62
63integrity_check corrupt7-1.4
64
65# Deliberately corrupt some of the cell offsets in the btree page
66# on page 2 of the database.
67do_test corrupt7-2.1 {
68  db close
69  hexio_write test.db 1062 FF
70  sqlite3 db test.db
71  db eval {PRAGMA integrity_check(1)}
72} {{*** in database main ***
73On tree page 2 cell 15: Offset 65457 out of range 945..1020}}
74do_test corrupt7-2.2 {
75  db close
76  hexio_write test.db 1062 04
77  sqlite3 db test.db
78  db eval {PRAGMA integrity_check(1)}
79} {{*** in database main ***
80On tree page 2 cell 15: Offset 1201 out of range 945..1020}}
81
82# The code path that was causing the buffer overrun that this test
83# case was checking for was removed.
84#
85#do_test corrupt7-3.1 {
86#  execsql {
87#    DROP TABLE t1;
88#    CREATE TABLE t1(a, b);
89#    INSERT INTO t1 VALUES(1, 'one');
90#    INSERT INTO t1 VALUES(100, 'one hundred');
91#    INSERT INTO t1 VALUES(100000, 'one hundred thousand');
92#    CREATE INDEX i1 ON t1(b);
93#  }
94#  db close
95#
96#  # Locate the 3rd cell in the index.
97#  set cell_offset [hexio_get_int [hexio_read test.db [expr 1024*2 + 12] 2]]
98#  incr cell_offset [expr 1024*2]
99#  incr cell_offset 1
100#
101#  # This write corrupts the "header-size" field of the database record
102#  # stored in the index cell. At one point this was causing sqlite to
103#  # reference invalid memory.
104#  hexio_write test.db $cell_offset FFFF7F
105#
106#  sqlite3 db test.db
107#  catchsql {
108#    SELECT b FROM t1 WHERE b > 'o' AND b < 'p';
109#  }
110#} {1 {database disk image is malformed}}
111
112finish_test
113