1# 2008 June 11 2# 3# The author disclaims copyright to this source code. In place of 4# a legal notice, here is a blessing: 5# 6# May you do good and not evil. 7# May you find forgiveness for yourself and forgive others. 8# May you share freely, never taking more than you give. 9# 10#*********************************************************************** 11# This file implements regression tests for SQLite library. 12# 13# This file implements tests to make sure SQLite does not crash or 14# segfault if it sees a corrupt database file. It specifically focuses 15# on corrupt cell offsets in a btree page. 16# 17# $Id: corrupt7.test,v 1.8 2009/08/10 10:18:08 danielk1977 Exp $ 18 19set testdir [file dirname $argv0] 20source $testdir/tester.tcl 21 22# Do not use a codec for tests in this file, as the database file is 23# manipulated directly using tcl scripts (using the [hexio_write] command). 24# 25do_not_use_codec 26 27# These tests deal with corrupt database files 28# 29database_may_be_corrupt 30 31# We must have the page_size pragma for these tests to work. 32# 33ifcapable !pager_pragmas { 34 finish_test 35 return 36} 37 38# Create a simple, small database. 39# 40do_test corrupt7-1.1 { 41 execsql { 42 PRAGMA auto_vacuum=OFF; 43 PRAGMA page_size=1024; 44 CREATE TABLE t1(x); 45 INSERT INTO t1(x) VALUES(1); 46 INSERT INTO t1(x) VALUES(2); 47 INSERT INTO t1(x) SELECT x+2 FROM t1; 48 INSERT INTO t1(x) SELECT x+4 FROM t1; 49 INSERT INTO t1(x) SELECT x+8 FROM t1; 50 } 51 file size test.db 52} [expr {1024*2}] 53 54# Verify that the file format is as we expect. The page size 55# should be 1024 bytes. 56# 57do_test corrupt7-1.2 { 58 hexio_get_int [hexio_read test.db 16 2] 59} 1024 ;# The page size is 1024 60do_test corrupt7-1.3 { 61 hexio_get_int [hexio_read test.db 20 1] 62} 0 ;# Unused bytes per page is 0 63 64integrity_check corrupt7-1.4 65 66# Deliberately corrupt some of the cell offsets in the btree page 67# on page 2 of the database. 68# 69# The error message is different depending on whether or not the 70# SQLITE_ENABLE_OVERSIZE_CELL_CHECK compile-time option is engaged. 71# 72ifcapable oversize_cell_check { 73 do_test corrupt7-2.1 { 74 db close 75 hexio_write test.db 1062 FF 76 sqlite3 db test.db 77 db eval {PRAGMA integrity_check(1)} 78 } {{*** in database main *** 79Page 2: btreeInitPage() returns error code 11}} 80 do_test corrupt7-2.2 { 81 db close 82 hexio_write test.db 1062 04 83 sqlite3 db test.db 84 db eval {PRAGMA integrity_check(1)} 85 } {{*** in database main *** 86Page 2: btreeInitPage() returns error code 11}} 87} else { 88 do_test corrupt7-2.1 { 89 db close 90 hexio_write test.db 1062 FF 91 sqlite3 db test.db 92 db eval {PRAGMA integrity_check(1)} 93 } {{*** in database main *** 94Corruption detected in cell 15 on page 2}} 95 do_test corrupt7-2.2 { 96 db close 97 hexio_write test.db 1062 04 98 sqlite3 db test.db 99 db eval {PRAGMA integrity_check(1)} 100 } {{*** in database main *** 101On tree page 2 cell 15: Rowid 0 out of order (previous was 15)}} 102} 103 104# The code path that was causing the buffer overrun that this test 105# case was checking for was removed. 106# 107#do_test corrupt7-3.1 { 108# execsql { 109# DROP TABLE t1; 110# CREATE TABLE t1(a, b); 111# INSERT INTO t1 VALUES(1, 'one'); 112# INSERT INTO t1 VALUES(100, 'one hundred'); 113# INSERT INTO t1 VALUES(100000, 'one hundred thousand'); 114# CREATE INDEX i1 ON t1(b); 115# } 116# db close 117# 118# # Locate the 3rd cell in the index. 119# set cell_offset [hexio_get_int [hexio_read test.db [expr 1024*2 + 12] 2]] 120# incr cell_offset [expr 1024*2] 121# incr cell_offset 1 122# 123# # This write corrupts the "header-size" field of the database record 124# # stored in the index cell. At one point this was causing sqlite to 125# # reference invalid memory. 126# hexio_write test.db $cell_offset FFFF7F 127# 128# sqlite3 db test.db 129# catchsql { 130# SELECT b FROM t1 WHERE b > 'o' AND b < 'p'; 131# } 132#} {1 {database disk image is malformed}} 133 134finish_test 135