1# 2004 August 30 2# 3# The author disclaims copyright to this source code. In place of 4# a legal notice, here is a blessing: 5# 6# May you do good and not evil. 7# May you find forgiveness for yourself and forgive others. 8# May you share freely, never taking more than you give. 9# 10#*********************************************************************** 11# This file implements regression tests for SQLite library. 12# 13# This file implements tests to make sure SQLite does not crash or 14# segfault if it sees a corrupt database file. 15# 16# $Id: corrupt2.test,v 1.20 2009/04/06 17:50:03 danielk1977 Exp $ 17 18set testdir [file dirname $argv0] 19source $testdir/tester.tcl 20set testprefix corrupt2 21 22# Do not use a codec for tests in this file, as the database file is 23# manipulated directly using tcl scripts (using the [hexio_write] command). 24# 25do_not_use_codec 26 27# These tests deal with corrupt database files 28# 29database_may_be_corrupt 30 31set presql "" 32catch { set presql "$::G(perm:presql);" } 33unset -nocomplain ::G(perm:presql) 34 35# The following tests - corrupt2-1.* - create some databases corrupted in 36# specific ways and ensure that SQLite detects them as corrupt. 37# 38do_test corrupt2-1.1 { 39 execsql { 40 PRAGMA auto_vacuum=0; 41 PRAGMA page_size=1024; 42 CREATE TABLE abc(a, b, c); 43 } 44} {} 45 46do_test corrupt2-1.2 { 47 48 # Corrupt the 16 byte magic string at the start of the file 49 forcedelete corrupt.db 50 forcedelete corrupt.db-journal 51 forcecopy test.db corrupt.db 52 set f [open corrupt.db RDWR] 53 seek $f 8 start 54 puts $f blah 55 close $f 56 57 sqlite3 db2 corrupt.db 58 catchsql " 59 $::presql 60 SELECT * FROM sqlite_master; 61 " db2 62} {1 {file is encrypted or is not a database}} 63 64do_test corrupt2-1.3 { 65 db2 close 66 67 # Corrupt the page-size (bytes 16 and 17 of page 1). 68 forcedelete corrupt.db 69 forcedelete corrupt.db-journal 70 forcecopy test.db corrupt.db 71 set f [open corrupt.db RDWR] 72 fconfigure $f -encoding binary 73 seek $f 16 start 74 puts -nonewline $f "\x00\xFF" 75 close $f 76 77 sqlite3 db2 corrupt.db 78 catchsql " 79 $::presql 80 SELECT * FROM sqlite_master; 81 " db2 82} {1 {file is encrypted or is not a database}} 83 84do_test corrupt2-1.4 { 85 db2 close 86 87 # Corrupt the free-block list on page 1. 88 forcedelete corrupt.db 89 forcedelete corrupt.db-journal 90 forcecopy test.db corrupt.db 91 set f [open corrupt.db RDWR] 92 fconfigure $f -encoding binary 93 seek $f 101 start 94 puts -nonewline $f "\xFF\xFF" 95 close $f 96 97 sqlite3 db2 corrupt.db 98 catchsql " 99 $::presql 100 SELECT * FROM sqlite_master; 101 " db2 102} {1 {database disk image is malformed}} 103 104do_test corrupt2-1.5 { 105 db2 close 106 107 # Corrupt the free-block list on page 1. 108 forcedelete corrupt.db 109 forcedelete corrupt.db-journal 110 forcecopy test.db corrupt.db 111 set f [open corrupt.db RDWR] 112 fconfigure $f -encoding binary 113 seek $f 101 start 114 puts -nonewline $f "\x00\xC8" 115 seek $f 200 start 116 puts -nonewline $f "\x00\x00" 117 puts -nonewline $f "\x10\x00" 118 close $f 119 120 sqlite3 db2 corrupt.db 121 catchsql " 122 $::presql 123 SELECT * FROM sqlite_master; 124 " db2 125} {1 {database disk image is malformed}} 126db2 close 127 128# Corrupt a database by having 2 indices of the same name: 129do_test corrupt2-2.1 { 130 131 forcedelete corrupt.db 132 forcedelete corrupt.db-journal 133 forcecopy test.db corrupt.db 134 135 sqlite3 db2 corrupt.db 136 execsql " 137 $::presql 138 CREATE INDEX a1 ON abc(a); 139 CREATE INDEX a2 ON abc(b); 140 PRAGMA writable_schema = 1; 141 UPDATE sqlite_master 142 SET name = 'a3', sql = 'CREATE INDEX a3' || substr(sql, 16, 10000) 143 WHERE type = 'index'; 144 PRAGMA writable_schema = 0; 145 " db2 146 147 db2 close 148 sqlite3 db2 corrupt.db 149 catchsql " 150 $::presql 151 SELECT * FROM sqlite_master; 152 " db2 153} {1 {malformed database schema (a3) - index a3 already exists}} 154 155db2 close 156 157do_test corrupt2-3.1 { 158 forcedelete corrupt.db 159 forcedelete corrupt.db-journal 160 sqlite3 db2 corrupt.db 161 162 execsql " 163 $::presql 164 PRAGMA auto_vacuum = 1; 165 PRAGMA page_size = 1024; 166 CREATE TABLE t1(a, b, c); 167 CREATE TABLE t2(a, b, c); 168 INSERT INTO t2 VALUES(randomblob(100), randomblob(100), randomblob(100)); 169 INSERT INTO t2 SELECT * FROM t2; 170 INSERT INTO t2 SELECT * FROM t2; 171 INSERT INTO t2 SELECT * FROM t2; 172 INSERT INTO t2 SELECT * FROM t2; 173 " db2 174 175 db2 close 176 177 # On the root page of table t2 (page 4), set one of the child page-numbers 178 # to 0. This corruption will be detected when SQLite attempts to update 179 # the pointer-map after moving the content of page 4 to page 3 as part 180 # of the DROP TABLE operation below. 181 # 182 set fd [open corrupt.db r+] 183 fconfigure $fd -encoding binary -translation binary 184 seek $fd [expr 1024*3 + 12] 185 set zCelloffset [read $fd 2] 186 binary scan $zCelloffset S iCelloffset 187 seek $fd [expr 1024*3 + $iCelloffset] 188 puts -nonewline $fd "\00\00\00\00" 189 close $fd 190 191 sqlite3 db2 corrupt.db 192 catchsql " 193 $::presql 194 DROP TABLE t1; 195 " db2 196} {1 {database disk image is malformed}} 197 198do_test corrupt2-4.1 { 199 catchsql { 200 SELECT * FROM t2; 201 } db2 202} {1 {database disk image is malformed}} 203 204db2 close 205 206unset -nocomplain result 207do_test corrupt2-5.1 { 208 forcedelete corrupt.db 209 forcedelete corrupt.db-journal 210 sqlite3 db2 corrupt.db 211 212 execsql " 213 $::presql 214 PRAGMA auto_vacuum = 0; 215 PRAGMA page_size = 1024; 216 CREATE TABLE t1(a, b, c); 217 CREATE TABLE t2(a, b, c); 218 INSERT INTO t2 VALUES(randomblob(100), randomblob(100), randomblob(100)); 219 INSERT INTO t2 SELECT * FROM t2; 220 INSERT INTO t2 SELECT * FROM t2; 221 INSERT INTO t2 SELECT * FROM t2; 222 INSERT INTO t2 SELECT * FROM t2; 223 INSERT INTO t1 SELECT * FROM t2; 224 " db2 225 226 db2 close 227 228 # This block links a page from table t2 into the t1 table structure. 229 # 230 set fd [open corrupt.db r+] 231 fconfigure $fd -encoding binary -translation binary 232 seek $fd [expr 1024 + 12] 233 set zCelloffset [read $fd 2] 234 binary scan $zCelloffset S iCelloffset 235 seek $fd [expr 1024 + $iCelloffset] 236 set zChildPage [read $fd 4] 237 seek $fd [expr 2*1024 + 12] 238 set zCelloffset [read $fd 2] 239 binary scan $zCelloffset S iCelloffset 240 seek $fd [expr 2*1024 + $iCelloffset] 241 puts -nonewline $fd $zChildPage 242 close $fd 243 244 sqlite3 db2 corrupt.db 245 db2 eval $::presql 246 db2 eval {SELECT rowid FROM t1} { 247 set result [db2 eval {pragma integrity_check}] 248 break 249 } 250 set result 251} {{*** in database main *** 252On tree page 2 cell 0: 2nd reference to page 10 253Page 4 is never used}} 254 255db2 close 256 257proc corruption_test {args} { 258 set A(-corrupt) {} 259 set A(-sqlprep) {} 260 set A(-tclprep) {} 261 array set A $args 262 263 catch {db close} 264 forcedelete corrupt.db 265 forcedelete corrupt.db-journal 266 267 sqlite3 db corrupt.db 268 db eval $::presql 269 eval $A(-tclprep) 270 db eval $A(-sqlprep) 271 db close 272 273 eval $A(-corrupt) 274 275 sqlite3 db corrupt.db 276 eval $A(-test) 277} 278 279ifcapable autovacuum { 280 # The tests within this block - corrupt2-6.* - aim to test corruption 281 # detection within an incremental-vacuum. When an incremental-vacuum 282 # step is executed, the last non-free page of the database file is 283 # moved into a free space in the body of the file. After doing so, 284 # the page reference in the parent page must be updated to refer 285 # to the new location. These tests test the outcome of corrupting 286 # that page reference before performing the incremental vacuum. 287 # 288 289 # The last page in the database page is the second page 290 # in an overflow chain. 291 # 292 corruption_test -sqlprep { 293 PRAGMA auto_vacuum = incremental; 294 PRAGMA page_size = 1024; 295 CREATE TABLE t1(a, b); 296 INSERT INTO t1 VALUES(1, randomblob(2500)); 297 INSERT INTO t1 VALUES(2, randomblob(2500)); 298 DELETE FROM t1 WHERE a = 1; 299 } -corrupt { 300 hexio_write corrupt.db [expr 1024*5] 00000008 301 } -test { 302 do_test corrupt2-6.1 { 303 catchsql " $::presql pragma incremental_vacuum = 1 " 304 } {1 {database disk image is malformed}} 305 } 306 307 # The last page in the database page is a non-root b-tree page. 308 # 309 corruption_test -sqlprep { 310 PRAGMA auto_vacuum = incremental; 311 PRAGMA page_size = 1024; 312 CREATE TABLE t1(a INTEGER PRIMARY KEY, b); 313 INSERT INTO t1 VALUES(1, randomblob(2500)); 314 INSERT INTO t1 VALUES(2, randomblob(50)); 315 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 316 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 317 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 318 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 319 DELETE FROM t1 WHERE a = 1; 320 } -corrupt { 321 hexio_write corrupt.db [expr 1024*2 + 8] 00000009 322 } -test { 323 do_test corrupt2-6.2 { 324 catchsql " $::presql pragma incremental_vacuum = 1 " 325 } {1 {database disk image is malformed}} 326 } 327 328 # Set up a pointer-map entry so that the last page of the database 329 # file appears to be a b-tree root page. This should be detected 330 # as corruption. 331 # 332 corruption_test -sqlprep { 333 PRAGMA auto_vacuum = incremental; 334 PRAGMA page_size = 1024; 335 CREATE TABLE t1(a INTEGER PRIMARY KEY, b); 336 INSERT INTO t1 VALUES(1, randomblob(2500)); 337 INSERT INTO t1 VALUES(2, randomblob(2500)); 338 INSERT INTO t1 VALUES(3, randomblob(2500)); 339 DELETE FROM t1 WHERE a = 1; 340 } -corrupt { 341 set nPage [expr [file size corrupt.db] / 1024] 342 hexio_write corrupt.db [expr 1024 + ($nPage-3)*5] 010000000 343 } -test { 344 do_test corrupt2-6.3 { 345 catchsql " $::presql pragma incremental_vacuum = 1 " 346 } {1 {database disk image is malformed}} 347 } 348 349 corruption_test -sqlprep { 350 PRAGMA auto_vacuum = 1; 351 PRAGMA page_size = 1024; 352 CREATE TABLE t1(a INTEGER PRIMARY KEY, b); 353 INSERT INTO t1 VALUES(1, randomblob(2500)); 354 DELETE FROM t1 WHERE a = 1; 355 } -corrupt { 356 set nAppend [expr 1024*207 - [file size corrupt.db]] 357 set fd [open corrupt.db r+] 358 seek $fd 0 end 359 puts -nonewline $fd [string repeat x $nAppend] 360 close $fd 361 hexio_write corrupt.db 28 00000000 362 } -test { 363 do_test corrupt2-6.4 { 364 catchsql " 365 $::presql 366 BEGIN EXCLUSIVE; 367 COMMIT; 368 " 369 } {1 {database disk image is malformed}} 370 } 371} 372 373 374set sqlprep { 375 PRAGMA auto_vacuum = 0; 376 PRAGMA page_size = 1024; 377 CREATE TABLE t1(a INTEGER PRIMARY KEY, b); 378 CREATE INDEX i1 ON t1(b); 379 INSERT INTO t1 VALUES(1, randomblob(50)); 380 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 381 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 382 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 383 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 384 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 385 INSERT INTO t1 SELECT NULL, randomblob(50) FROM t1; 386} 387 388corruption_test -sqlprep $sqlprep -corrupt { 389 # Set the page-flags of one of the leaf pages of the index B-Tree to 390 # 0x0D (interpreted by SQLite as "leaf page of a table B-Tree"). 391 # 392 set fd [open corrupt.db r+] 393 fconfigure $fd -translation binary -encoding binary 394 seek $fd [expr 1024*2 + 8] 395 set zRightChild [read $fd 4] 396 binary scan $zRightChild I iRightChild 397 seek $fd [expr 1024*($iRightChild-1)] 398 puts -nonewline $fd "\x0D" 399 close $fd 400} -test { 401 do_test corrupt2-7.1 { 402 catchsql " $::presql SELECT b FROM t1 ORDER BY b ASC " 403 } {1 {database disk image is malformed}} 404} 405 406corruption_test -sqlprep $sqlprep -corrupt { 407 # Mess up the page-header of one of the leaf pages of the index B-Tree. 408 # The corruption is detected as part of an OP_Prev opcode. 409 # 410 set fd [open corrupt.db r+] 411 fconfigure $fd -translation binary -encoding binary 412 seek $fd [expr 1024*2 + 12] 413 set zCellOffset [read $fd 2] 414 binary scan $zCellOffset S iCellOffset 415 seek $fd [expr 1024*2 + $iCellOffset] 416 set zChild [read $fd 4] 417 binary scan $zChild I iChild 418 seek $fd [expr 1024*($iChild-1)+3] 419 puts -nonewline $fd "\xFFFF" 420 close $fd 421} -test { 422 do_test corrupt2-7.1 { 423 catchsql " $::presql SELECT b FROM t1 ORDER BY b DESC " 424 } {1 {database disk image is malformed}} 425} 426 427corruption_test -sqlprep $sqlprep -corrupt { 428 # Set the page-flags of one of the leaf pages of the table B-Tree to 429 # 0x0A (interpreted by SQLite as "leaf page of an index B-Tree"). 430 # 431 set fd [open corrupt.db r+] 432 fconfigure $fd -translation binary -encoding binary 433 seek $fd [expr 1024*1 + 8] 434 set zRightChild [read $fd 4] 435 binary scan $zRightChild I iRightChild 436 seek $fd [expr 1024*($iRightChild-1)] 437 puts -nonewline $fd "\x0A" 438 close $fd 439} -test { 440 do_test corrupt2-8.1 { 441 catchsql " $::presql SELECT * FROM t1 WHERE rowid=1000 " 442 } {1 {database disk image is malformed}} 443} 444 445corruption_test -sqlprep { 446 CREATE TABLE t1(a, b, c); CREATE TABLE t8(a, b, c); CREATE TABLE tE(a, b, c); 447 CREATE TABLE t2(a, b, c); CREATE TABLE t9(a, b, c); CREATE TABLE tF(a, b, c); 448 CREATE TABLE t3(a, b, c); CREATE TABLE tA(a, b, c); CREATE TABLE tG(a, b, c); 449 CREATE TABLE t4(a, b, c); CREATE TABLE tB(a, b, c); CREATE TABLE tH(a, b, c); 450 CREATE TABLE t5(a, b, c); CREATE TABLE tC(a, b, c); CREATE TABLE tI(a, b, c); 451 CREATE TABLE t6(a, b, c); CREATE TABLE tD(a, b, c); CREATE TABLE tJ(a, b, c); 452 CREATE TABLE x1(a, b, c); CREATE TABLE x8(a, b, c); CREATE TABLE xE(a, b, c); 453 CREATE TABLE x2(a, b, c); CREATE TABLE x9(a, b, c); CREATE TABLE xF(a, b, c); 454 CREATE TABLE x3(a, b, c); CREATE TABLE xA(a, b, c); CREATE TABLE xG(a, b, c); 455 CREATE TABLE x4(a, b, c); CREATE TABLE xB(a, b, c); CREATE TABLE xH(a, b, c); 456 CREATE TABLE x5(a, b, c); CREATE TABLE xC(a, b, c); CREATE TABLE xI(a, b, c); 457 CREATE TABLE x6(a, b, c); CREATE TABLE xD(a, b, c); CREATE TABLE xJ(a, b, c); 458} -corrupt { 459 set fd [open corrupt.db r+] 460 fconfigure $fd -translation binary -encoding binary 461 seek $fd 108 462 set zRightChild [read $fd 4] 463 binary scan $zRightChild I iRightChild 464 seek $fd [expr 1024*($iRightChild-1)+3] 465 puts -nonewline $fd "\x00\x00" 466 close $fd 467} -test { 468 do_test corrupt2-9.1 { 469 catchsql " $::presql SELECT sql FROM sqlite_master " 470 } {1 {database disk image is malformed}} 471} 472 473corruption_test -sqlprep { 474 CREATE TABLE t1(a, b, c); 475 CREATE TABLE t2(a, b, c); 476 PRAGMA writable_schema = 1; 477 UPDATE sqlite_master SET rootpage = NULL WHERE name = 't2'; 478} -test { 479 do_test corrupt2-10.1 { 480 catchsql " $::presql SELECT * FROM t2 " 481 } {1 {malformed database schema (t2)}} 482 do_test corrupt2-10.2 { 483 sqlite3_errcode db 484 } {SQLITE_CORRUPT} 485} 486 487corruption_test -sqlprep { 488 PRAGMA auto_vacuum = incremental; 489 CREATE TABLE t1(a INTEGER PRIMARY KEY, b); 490 CREATE TABLE t2(a INTEGER PRIMARY KEY, b); 491 INSERT INTO t1 VALUES(1, randstr(100,100)); 492 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 493 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 494 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 495 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 496 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 497 INSERT INTO t2 SELECT * FROM t1; 498 DELETE FROM t1; 499} -corrupt { 500 set offset [expr [file size corrupt.db] - 1024] 501 hexio_write corrupt.db $offset FF 502 hexio_write corrupt.db 24 12345678 503} -test { 504 do_test corrupt2-11.1 { 505 catchsql " $::presql PRAGMA incremental_vacuum " 506 } {1 {database disk image is malformed}} 507} 508corruption_test -sqlprep { 509 PRAGMA auto_vacuum = incremental; 510 CREATE TABLE t1(a INTEGER PRIMARY KEY, b); 511 CREATE TABLE t2(a INTEGER PRIMARY KEY, b); 512 INSERT INTO t1 VALUES(1, randstr(100,100)); 513 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 514 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 515 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 516 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 517 INSERT INTO t1 SELECT NULL, randstr(100,100) FROM t1; 518 INSERT INTO t2 SELECT * FROM t1; 519 DELETE FROM t1; 520} -corrupt { 521 set pgno [expr [file size corrupt.db] / 1024] 522 hexio_write corrupt.db [expr 1024+5*($pgno-3)] 03 523 hexio_write corrupt.db 24 12345678 524} -test { 525 do_test corrupt2-12.1 { 526 catchsql " $::presql PRAGMA incremental_vacuum " 527 } {1 {database disk image is malformed}} 528} 529 530ifcapable autovacuum { 531 # It is not possible for the last page in a database file to be the 532 # pending-byte page (AKA the locking page). This test verifies that if 533 # an attempt is made to commit a transaction to such an auto-vacuum 534 # database SQLITE_CORRUPT is returned. 535 # 536 corruption_test -tclprep { 537 db eval { 538 PRAGMA auto_vacuum = full; 539 PRAGMA page_size = 1024; 540 CREATE TABLE t1(a INTEGER PRIMARY KEY, b); 541 INSERT INTO t1 VALUES(NULL, randstr(50,50)); 542 } 543 for {set ii 0} {$ii < 10} {incr ii} { 544 db eval " $::presql INSERT INTO t1 SELECT NULL, randstr(50,50) FROM t1 " 545 } 546 } -corrupt { 547 do_test corrupt2-13.1 { 548 file size corrupt.db 549 } $::sqlite_pending_byte 550 hexio_write corrupt.db [expr $::sqlite_pending_byte+1023] 00 551 hexio_write corrupt.db 28 00000000 552 } -test { 553 do_test corrupt2-13.2 { 554 file size corrupt.db 555 } [expr $::sqlite_pending_byte + 1024] 556 do_test corrupt2-13.3 { 557 catchsql { DELETE FROM t1 WHERE rowid < 30; } 558 } {1 {database disk image is malformed}} 559 } 560} 561 562#------------------------------------------------------------------------- 563# Test that PRAGMA integrity_check detects cases where the freelist-count 564# header field is smaller than the actual number of pages on the freelist. 565# 566 567reset_db 568do_execsql_test 14.0 { 569 PRAGMA auto_vacuum = 0; 570 CREATE TABLE t1(x); 571 INSERT INTO t1 VALUES(randomblob(3500)); 572 DELETE FROM t1; 573} 574 575do_execsql_test 14.1 { 576 PRAGMA integrity_check; 577 PRAGMA freelist_count; 578} {ok 3} 579 580# There are now 3 free pages. Modify the header-field so that it 581# (incorrectly) says that just 2 are free. 582do_test 14.2 { 583 db close 584 hexio_write test.db 36 [hexio_render_int32 2] 585 sqlite3 db test.db 586 execsql { PRAGMA freelist_count } 587} {2} 588 589do_execsql_test 14.3 { 590 PRAGMA integrity_check; 591} {{*** in database main *** 592Main freelist: free-page count in header is too small}} 593 594# Use 2 of the free pages on the free-list. 595# 596do_execsql_test 14.4 { 597 INSERT INTO t1 VALUES(randomblob(2500)); 598 PRAGMA freelist_count; 599} {0} 600 601do_execsql_test 14.5 { 602 PRAGMA integrity_check; 603} {{*** in database main *** 604Page 3 is never used}} 605 606 607finish_test 608 609finish_test 610