1# 2004 August 30 2# 3# The author disclaims copyright to this source code. In place of 4# a legal notice, here is a blessing: 5# 6# May you do good and not evil. 7# May you find forgiveness for yourself and forgive others. 8# May you share freely, never taking more than you give. 9# 10#*********************************************************************** 11# This file implements regression tests for SQLite library. 12# 13# This file implements tests to make sure SQLite does not crash or 14# segfault if it sees a corrupt database file. It creates a base 15# data base file, then tests that single byte corruptions in 16# increasingly larger quantities are handled gracefully. 17# 18# $Id: corruptC.test,v 1.14 2009/07/11 06:55:34 danielk1977 Exp $ 19 20catch {forcedelete test.db test.db-journal test.bu} 21 22set testdir [file dirname $argv0] 23source $testdir/tester.tcl 24 25# Do not use a codec for tests in this file, as the database file is 26# manipulated directly using tcl scripts (using the [hexio_write] command). 27# 28do_not_use_codec 29 30# These tests deal with corrupt database files 31# 32database_may_be_corrupt 33 34# Construct a compact, dense database for testing. 35# 36do_test corruptC-1.1 { 37 execsql { 38 PRAGMA auto_vacuum = 0; 39 PRAGMA legacy_file_format=1; 40 BEGIN; 41 CREATE TABLE t1(x,y); 42 INSERT INTO t1 VALUES(1,1); 43 INSERT OR IGNORE INTO t1 SELECT x*2,y FROM t1; 44 INSERT OR IGNORE INTO t1 SELECT x*3,y FROM t1; 45 INSERT OR IGNORE INTO t1 SELECT x*5,y FROM t1; 46 INSERT OR IGNORE INTO t1 SELECT x*7,y FROM t1; 47 INSERT OR IGNORE INTO t1 SELECT x*11,y FROM t1; 48 INSERT OR IGNORE INTO t1 SELECT x*13,y FROM t1; 49 CREATE INDEX t1i1 ON t1(x); 50 CREATE TABLE t2 AS SELECT x,2 as y FROM t1 WHERE rowid%5!=0; 51 COMMIT; 52 } 53} {} 54 55ifcapable {integrityck} { 56 integrity_check corruptC-1.2 57} 58 59# Generate random integer 60# 61proc random {range} { 62 return [expr {round(rand()*$range)}] 63} 64 65# Setup for the tests. Make a backup copy of the good database in test.bu. 66# 67db close 68forcecopy test.db test.bu 69sqlite3 db test.db 70set fsize [file size test.db] 71 72# Set a quasi-random random seed. 73if {[info exists ::G(issoak)]} { 74 # If we are doing SOAK tests, we want a different 75 # random seed for each run. Ideally we would like 76 # to use [clock clicks] or something like that here. 77 set qseed [file mtime test.db] 78} else { 79 # If we are not doing soak tests, 80 # make it repeatable. 81 set qseed 0 82} 83expr srand($qseed) 84 85# 86# First test some specific corruption tests found from earlier runs 87# with specific seeds. 88# 89 90# test that a corrupt content offset size is handled (seed 5577) 91do_test corruptC-2.1 { 92 db close 93 forcecopy test.bu test.db 94 95 # insert corrupt byte(s) 96 hexio_write test.db 2053 [format %02x 0x04] 97 98 sqlite3 db test.db 99 catchsql {PRAGMA integrity_check} 100} {1 {database disk image is malformed}} 101 102# test that a corrupt content offset size is handled (seed 5649) 103do_test corruptC-2.2 { 104 db close 105 forcecopy test.bu test.db 106 107 # insert corrupt byte(s) 108 hexio_write test.db 27 [format %02x 0x08] 109 hexio_write test.db 233 [format %02x 0x6a] 110 hexio_write test.db 328 [format %02x 0x67] 111 hexio_write test.db 750 [format %02x 0x1f] 112 hexio_write test.db 1132 [format %02x 0x52] 113 hexio_write test.db 1133 [format %02x 0x84] 114 hexio_write test.db 1220 [format %02x 0x01] 115 hexio_write test.db 3688 [format %02x 0xc1] 116 hexio_write test.db 3714 [format %02x 0x58] 117 hexio_write test.db 3746 [format %02x 0x9a] 118 119 sqlite3 db test.db 120 catchsql {UPDATE t1 SET y=1} 121} {1 {database disk image is malformed}} 122 123# test that a corrupt free cell size is handled (seed 13329) 124do_test corruptC-2.3 { 125 db close 126 forcecopy test.bu test.db 127 128 # insert corrupt byte(s) 129 hexio_write test.db 1094 [format %02x 0x76] 130 131 sqlite3 db test.db 132 catchsql {UPDATE t1 SET y=1} 133} {1 {database disk image is malformed}} 134 135# test that a corrupt free cell size is handled (seed 169571) 136do_test corruptC-2.4 { 137 db close 138 forcecopy test.bu test.db 139 140 # insert corrupt byte(s) 141 hexio_write test.db 3119 [format %02x 0xdf] 142 143 sqlite3 db test.db 144 catchsql {UPDATE t2 SET y='abcdef-uvwxyz'} 145} {1 {database disk image is malformed}} 146 147# test that a corrupt free cell size is handled (seed 169571) 148do_test corruptC-2.5 { 149 db close 150 forcecopy test.bu test.db 151 152 # insert corrupt byte(s) 153 hexio_write test.db 3119 [format %02x 0xdf] 154 hexio_write test.db 4073 [format %02x 0xbf] 155 156 sqlite3 db test.db 157 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 158 catchsql {PRAGMA integrity_check} 159} {0 {{*** in database main *** 160Page 4: btreeInitPage() returns error code 11}}} 161 162# {0 {{*** in database main *** 163# Corruption detected in cell 710 on page 4 164# Multiple uses for byte 661 of page 4 165# Fragmented space is 249 byte reported as 21 on page 4}}} 166 167# test that a corrupt free cell size is handled (seed 169595) 168do_test corruptC-2.6 { 169 db close 170 forcecopy test.bu test.db 171 172 # insert corrupt byte(s) 173 hexio_write test.db 619 [format %02x 0xe2] 174 hexio_write test.db 3150 [format %02x 0xa8] 175 176 sqlite3 db test.db 177 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 178} {1 {database disk image is malformed}} 179 180# corruption (seed 178692) 181do_test corruptC-2.7 { 182 db close 183 forcecopy test.bu test.db 184 185 # insert corrupt byte(s) 186 hexio_write test.db 3074 [format %02x 0xa0] 187 188 sqlite3 db test.db 189 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 190} {1 {database disk image is malformed}} 191 192 193# corruption (seed 179069) 194# Obsolete. With single-pass DELETE the corruption in the 195# main database is not detected. 196if 0 { 197do_test corruptC-2.8 { 198 db close 199 forcecopy test.bu test.db 200 201 # insert corrupt byte(s) 202 hexio_write test.db 1393 [format %02x 0x7d] 203 hexio_write test.db 84 [format %02x 0x19] 204 hexio_write test.db 3287 [format %02x 0x3b] 205 hexio_write test.db 2564 [format %02x 0xed] 206 hexio_write test.db 2139 [format %02x 0x55] 207 208 sqlite3 db test.db 209 catchsql {BEGIN; DELETE FROM t1 WHERE x>13; ROLLBACK;} 210} {1 {database disk image is malformed}} 211} 212 213# corruption (seed 170434) 214# 215# UPDATE: Prior to 3.8.2, this used to return SQLITE_CORRUPT. It no longer 216# does. That is Ok, the point of these tests is to verify that no buffer 217# overruns or overreads can be caused by corrupt databases. 218do_test corruptC-2.9 { 219 db close 220 forcecopy test.bu test.db 221 222 # insert corrupt byte(s) 223 hexio_write test.db 2095 [format %02x 0xd6] 224 225 sqlite3 db test.db 226 catchsql {BEGIN; DELETE FROM t1 WHERE x>13; ROLLBACK;} 227} {0 {}} 228 229# corruption (seed 186504) 230do_test corruptC-2.10 { 231 db close 232 forcecopy test.bu test.db 233 234 # insert corrupt byte(s) 235 hexio_write test.db 3130 [format %02x 0x02] 236 237 sqlite3 db test.db 238 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 239} {1 {database disk image is malformed}} 240 241# corruption (seed 1589) 242do_test corruptC-2.11 { 243 db close 244 forcecopy test.bu test.db 245 246 # insert corrupt byte(s) 247 hexio_write test.db 55 [format %02x 0xa7] 248 249 sqlite3 db test.db 250 catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;} 251} {1 {database disk image is malformed}} 252 253# corruption (seed 14166) 254do_test corruptC-2.12 { 255 db close 256 forcecopy test.bu test.db 257 258 # insert corrupt byte(s) 259 hexio_write test.db 974 [format %02x 0x2e] 260 261 sqlite3 db test.db 262 catchsql {SELECT count(*) FROM sqlite_master;} 263} {1 {malformed database schema (t1i1) - corrupt database}} 264 265# corruption (seed 218803) 266do_test corruptC-2.13 { 267 db close 268 forcecopy test.bu test.db 269 270 # insert corrupt byte(s) 271 hexio_write test.db 102 [format %02x 0x12] 272 273 sqlite3 db test.db 274 catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;} 275} {1 {database disk image is malformed}} 276 277do_test corruptC-2.14 { 278 db close 279 forcecopy test.bu test.db 280 281 sqlite3 db test.db 282 set blob [string repeat abcdefghij 10000] 283 execsql { INSERT INTO t1 VALUES (1, $blob) } 284 285 sqlite3 db test.db 286 set filesize [file size test.db] 287 hexio_write test.db [expr $filesize-2048] 00000001 288 catchsql {DELETE FROM t1 WHERE rowid = (SELECT max(rowid) FROM t1)} 289} {1 {database disk image is malformed}} 290 291# At one point this particular corrupt database was causing a buffer 292# overread. Which caused a crash in a run of all.test once. 293# 294do_test corruptC-2.15 { 295 db close 296 forcecopy test.bu test.db 297 hexio_write test.db 986 b9 298 sqlite3 db test.db 299 catchsql {SELECT count(*) FROM sqlite_master;} 300} {1 {database disk image is malformed}} 301 302# 303# Now test for a series of quasi-random seeds. 304# We loop over the entire file size and touch 305# each byte at least once. 306for {set tn 0} {$tn<$fsize} {incr tn 1} { 307 308 # setup for test 309 db close 310 forcecopy test.bu test.db 311 sqlite3 db test.db 312 313 # Seek to a random location in the file, and write a random single byte 314 # value. Then do various operations on the file to make sure that 315 # the database engine can handle the corruption gracefully. 316 # 317 set last 0 318 for {set i 1} {$i<=512 && !$last} {incr i 1} { 319 320 db close 321 if {$i==1} { 322 # on the first corrupt value, use location $tn 323 # this ensures that we touch each location in the 324 # file at least once. 325 set roffset $tn 326 } else { 327 # insert random byte at random location 328 set roffset [random $fsize] 329 } 330 set rbyte [format %02x [random 255]] 331 332 # You can uncomment the following to have it trace 333 # exactly how it's corrupting the file. This is 334 # useful for generating the "seed specific" tests 335 # above. 336 # set rline "$roffset $rbyte" 337 # puts stdout $rline 338 339 hexio_write test.db $roffset $rbyte 340 sqlite3 db test.db 341 342 # do a few random operations to make sure that if 343 # they error, they error gracefully instead of crashing. 344 do_test corruptC-3.$tn.($qseed).$i.1 { 345 catchsql {SELECT count(*) FROM sqlite_master} 346 set x {} 347 } {} 348 do_test corruptC-3.$tn.($qseed).$i.2 { 349 catchsql {SELECT count(*) FROM t1} 350 set x {} 351 } {} 352 do_test corruptC-3.$tn.($qseed).$i.3 { 353 catchsql {SELECT count(*) FROM t1 WHERE x>13} 354 set x {} 355 } {} 356 do_test corruptC-3.$tn.($qseed).$i.4 { 357 catchsql {SELECT count(*) FROM t2} 358 set x {} 359 } {} 360 do_test corruptC-3.$tn.($qseed).$i.5 { 361 catchsql {SELECT count(*) FROM t2 WHERE x<13} 362 set x {} 363 } {} 364 do_test corruptC-3.$tn.($qseed).$i.6 { 365 catchsql {BEGIN; UPDATE t1 SET y=1; ROLLBACK;} 366 set x {} 367 } {} 368 do_test corruptC-3.$tn.($qseed).$i.7 { 369 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 370 set x {} 371 } {} 372 do_test corruptC-3.$tn.($qseed).$i.8 { 373 catchsql {BEGIN; DELETE FROM t1 WHERE x>13; ROLLBACK;} 374 set x {} 375 } {} 376 do_test corruptC-3.$tn.($qseed).$i.9 { 377 catchsql {BEGIN; DELETE FROM t2 WHERE x<13; ROLLBACK;} 378 set x {} 379 } {} 380 do_test corruptC-3.$tn.($qseed).$i.10 { 381 catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;} 382 set x {} 383 } {} 384 385 # check the integrity of the database. 386 # once the corruption is detected, we can stop. 387 ifcapable {integrityck} { 388 set res [ catchsql {PRAGMA integrity_check} ] 389 set ans [lindex $res 1] 390 if { [ string compare $ans "ok" ] != 0 } { 391 set last -1 392 } 393 } 394 # if we are not capable of doing an integrity check, 395 # stop after corrupting 5 bytes. 396 ifcapable {!integrityck} { 397 if { $i > 5 } { 398 set last -1 399 } 400 } 401 402 # Check that no page references were leaked. 403 # TBD: need to figure out why this doesn't work 404 # work with ROLLBACKs... 405 if {0} { 406 do_test corruptC-3.$tn.($qseed).$i.11 { 407 set bt [btree_from_db db] 408 db_enter db 409 array set stats [btree_pager_stats $bt] 410 db_leave db 411 set stats(ref) 412 } {0} 413 } 414 } 415 # end for i 416 417} 418# end for tn 419 420finish_test 421