1# 2008 June 11 2# 3# The author disclaims copyright to this source code. In place of 4# a legal notice, here is a blessing: 5# 6# May you do good and not evil. 7# May you find forgiveness for yourself and forgive others. 8# May you share freely, never taking more than you give. 9# 10#*********************************************************************** 11# This file implements regression tests for SQLite library. 12# 13# This file implements tests to make sure SQLite does not crash or 14# segfault if it sees a corrupt database file. It specifically focuses 15# on corrupt cell offsets in a btree page. 16# 17# $Id: corrupt7.test,v 1.8 2009/08/10 10:18:08 danielk1977 Exp $ 18 19set testdir [file dirname $argv0] 20source $testdir/tester.tcl 21 22# We must have the page_size pragma for these tests to work. 23# 24ifcapable !pager_pragmas { 25 finish_test 26 return 27} 28 29# Create a simple, small database. 30# 31do_test corrupt7-1.1 { 32 execsql { 33 PRAGMA auto_vacuum=OFF; 34 PRAGMA page_size=1024; 35 CREATE TABLE t1(x); 36 INSERT INTO t1(x) VALUES(1); 37 INSERT INTO t1(x) VALUES(2); 38 INSERT INTO t1(x) SELECT x+2 FROM t1; 39 INSERT INTO t1(x) SELECT x+4 FROM t1; 40 INSERT INTO t1(x) SELECT x+8 FROM t1; 41 } 42 file size test.db 43} [expr {1024*2}] 44 45# Verify that the file format is as we expect. The page size 46# should be 1024 bytes. 47# 48do_test corrupt7-1.2 { 49 hexio_get_int [hexio_read test.db 16 2] 50} 1024 ;# The page size is 1024 51do_test corrupt7-1.3 { 52 hexio_get_int [hexio_read test.db 20 1] 53} 0 ;# Unused bytes per page is 0 54 55integrity_check corrupt7-1.4 56 57# Deliberately corrupt some of the cell offsets in the btree page 58# on page 2 of the database. 59# 60# The error message is different depending on whether or not the 61# SQLITE_ENABLE_OVERSIZE_CELL_CHECK compile-time option is engaged. 62# 63ifcapable oversize_cell_check { 64 do_test corrupt7-2.1 { 65 db close 66 hexio_write test.db 1062 FF 67 sqlite3 db test.db 68 db eval {PRAGMA integrity_check(1)} 69 } {{*** in database main *** 70Page 2: btreeInitPage() returns error code 11}} 71 do_test corrupt7-2.2 { 72 db close 73 hexio_write test.db 1062 04 74 sqlite3 db test.db 75 db eval {PRAGMA integrity_check(1)} 76 } {{*** in database main *** 77Page 2: btreeInitPage() returns error code 11}} 78} else { 79 do_test corrupt7-2.1 { 80 db close 81 hexio_write test.db 1062 FF 82 sqlite3 db test.db 83 db eval {PRAGMA integrity_check(1)} 84 } {{*** in database main *** 85Corruption detected in cell 15 on page 2}} 86 do_test corrupt7-2.2 { 87 db close 88 hexio_write test.db 1062 04 89 sqlite3 db test.db 90 db eval {PRAGMA integrity_check(1)} 91 } {{*** in database main *** 92Corruption detected in cell 15 on page 2}} 93} 94 95# The code path that was causing the buffer overrun that this test 96# case was checking for was removed. 97# 98#do_test corrupt7-3.1 { 99# execsql { 100# DROP TABLE t1; 101# CREATE TABLE t1(a, b); 102# INSERT INTO t1 VALUES(1, 'one'); 103# INSERT INTO t1 VALUES(100, 'one hundred'); 104# INSERT INTO t1 VALUES(100000, 'one hundred thousand'); 105# CREATE INDEX i1 ON t1(b); 106# } 107# db close 108# 109# # Locate the 3rd cell in the index. 110# set cell_offset [hexio_get_int [hexio_read test.db [expr 1024*2 + 12] 2]] 111# incr cell_offset [expr 1024*2] 112# incr cell_offset 1 113# 114# # This write corrupts the "header-size" field of the database record 115# # stored in the index cell. At one point this was causing sqlite to 116# # reference invalid memory. 117# hexio_write test.db $cell_offset FFFF7F 118# 119# sqlite3 db test.db 120# catchsql { 121# SELECT b FROM t1 WHERE b > 'o' AND b < 'p'; 122# } 123#} {1 {database disk image is malformed}} 124 125finish_test 126