130741eb0Sdan# 2017-03-03 230741eb0Sdan# 330741eb0Sdan# The author disclaims copyright to this source code. In place of 430741eb0Sdan# a legal notice, here is a blessing: 530741eb0Sdan# 630741eb0Sdan# May you do good and not evil. 730741eb0Sdan# May you find forgiveness for yourself and forgive others. 830741eb0Sdan# May you share freely, never taking more than you give. 930741eb0Sdan# 1030741eb0Sdan#*********************************************************************** 1130741eb0Sdan# 1230741eb0Sdan 1330741eb0Sdanset testdir [file dirname $argv0] 1430741eb0Sdansource $testdir/tester.tcl 1530741eb0Sdanset testprefix corruptK 1630741eb0Sdan 1730741eb0Sdanif {[permutation]=="mmap"} { 1830741eb0Sdan finish_test 1930741eb0Sdan return 2030741eb0Sdan} 2130741eb0Sdan 2230741eb0Sdan# This module uses hard-coded offsets which do not work if the reserved_bytes 2330741eb0Sdan# value is nonzero. 2430741eb0Sdanif {[nonzero_reserved_bytes]} {finish_test; return;} 2530741eb0Sdandatabase_may_be_corrupt 2630741eb0Sdan 2730741eb0Sdan# Initialize the database. 2830741eb0Sdan# 2930741eb0Sdando_execsql_test 1.1 { 3030741eb0Sdan PRAGMA page_size=1024; 3130741eb0Sdan PRAGMA auto_vacuum=0; 3230741eb0Sdan CREATE TABLE t1(x); 3330741eb0Sdan 3430741eb0Sdan INSERT INTO t1 VALUES(randomblob(20)); 3530741eb0Sdan INSERT INTO t1 VALUES(randomblob(100)); -- make this into a free slot 3630741eb0Sdan INSERT INTO t1 VALUES(randomblob(27)); -- this one will be corrupt 3730741eb0Sdan INSERT INTO t1 VALUES(randomblob(800)); 3830741eb0Sdan 3930741eb0Sdan DELETE FROM t1 WHERE rowid=2; -- free the 100 byte slot 4030741eb0Sdan PRAGMA page_count 4130741eb0Sdan} {2} 4230741eb0Sdan 4330741eb0Sdan 4430741eb0Sdan# Corrupt the database so that the blob stored immediately before 4530741eb0Sdan# the free slot (rowid==3) has an overlarge length field. So that 4630741eb0Sdan# we can use sqlite3_blob_write() to manipulate the size field of 4730741eb0Sdan# the free slot. 4830741eb0Sdan# 4930741eb0Sdan# Then use sqlite3_blob_write() to set the size of said free slot 5030741eb0Sdan# to 24 bytes (instead of the actual 100). 5130741eb0Sdan# 5230741eb0Sdan# Then use the new 24 byte slot. Leaving the in-memory version of 5330741eb0Sdan# the page with zero free slots and a large nFree value. Then try 5430741eb0Sdan# to allocate another slot to get to defragmentPage(). 5530741eb0Sdan# 5630741eb0Sdando_test 1.2 { 5730741eb0Sdan db close 5830741eb0Sdan hexio_write test.db [expr 1024 + 0x360] 21 5930741eb0Sdan hexio_write test.db [expr 1024 + 0x363] [format %x [expr 31*2 + 12]] 6030741eb0Sdan sqlite3 db test.db 6130741eb0Sdan 6230741eb0Sdan set fd [db incrblob t1 x 3] 6330741eb0Sdan fconfigure $fd -translation binary -encoding binary 6430741eb0Sdan seek $fd 30 6530741eb0Sdan puts -nonewline $fd "\x18" 6630741eb0Sdan close $fd 6730741eb0Sdan} {} 6830741eb0Sdando_execsql_test 1.3 { 6930741eb0Sdan INSERT INTO t1 VALUES(randomblob(20)); 7030741eb0Sdan} 71*68133509Sdrh 72*68133509Sdrh# This test no longer functions due to the deferred computation of 73*68133509Sdrh# MemPage.nFree. 74*68133509Sdrh# 75*68133509Sdrhif 0 { 7630741eb0Sdando_catchsql_test 1.4 { 7730741eb0Sdan INSERT INTO t1 VALUES(randomblob(90)); 7830741eb0Sdan} {1 {database disk image is malformed}} 79*68133509Sdrh} 8030741eb0Sdan 8130741eb0Sdan#------------------------------------------------------------------------- 8230741eb0Sdanreset_db 8330741eb0Sdando_execsql_test 2.1 { 8430741eb0Sdan PRAGMA page_size=1024; 8530741eb0Sdan PRAGMA auto_vacuum=0; 8630741eb0Sdan CREATE TABLE t1(x); 8730741eb0Sdan 8830741eb0Sdan INSERT INTO t1 VALUES(randomblob(20)); 8930741eb0Sdan INSERT INTO t1 VALUES(randomblob(20)); -- free this one 9030741eb0Sdan INSERT INTO t1 VALUES(randomblob(20)); 9130741eb0Sdan INSERT INTO t1 VALUES(randomblob(20)); -- and this one 9230741eb0Sdan INSERT INTO t1 VALUES(randomblob(20)); -- corrupt this one. 9330741eb0Sdan 9430741eb0Sdan DELETE FROM t1 WHERE rowid IN(2, 4); 9530741eb0Sdan PRAGMA page_count 9630741eb0Sdan} {2} 9730741eb0Sdan 9830741eb0Sdando_test 2.2 { 9930741eb0Sdan db close 10030741eb0Sdan hexio_write test.db [expr 1024 + 0x388] 53 10130741eb0Sdan hexio_write test.db [expr 1024 + 0x38A] 03812C 10230741eb0Sdan 10330741eb0Sdan sqlite3 db test.db 10430741eb0Sdan set fd [db incrblob t1 x 5] 10530741eb0Sdan fconfigure $fd -translation binary -encoding binary 10630741eb0Sdan 10730741eb0Sdan seek $fd 22 10830741eb0Sdan puts -nonewline $fd "\x5d" 10930741eb0Sdan close $fd 11030741eb0Sdan} {} 11130741eb0Sdan 11230741eb0Sdando_catchsql_test 2.3 { 11330741eb0Sdan INSERT INTO t1 VALUES(randomblob(900)); 11430741eb0Sdan} {1 {database disk image is malformed}} 11530741eb0Sdan 116f2f72a0fSdan#------------------------------------------------------------------------- 117f2f72a0fSdan 1189499b4a6Sdanifcapable vtab { 119f9703726Sdanif {[permutation]!="inmemory_journal"} { 1209499b4a6Sdan 121f2f72a0fSdan proc hex2blob {hex} { 122f2f72a0fSdan # Split on newlines: 123f2f72a0fSdan set bytes [list] 124f2f72a0fSdan foreach l [split $hex "\n"] { 125f2f72a0fSdan if {[string is space $l]} continue 126f2f72a0fSdan set L [list] 127f2f72a0fSdan foreach b [split $l] { 128f2f72a0fSdan if {[string is xdigit $b] && [string length $b]==2} { 129f2f72a0fSdan lappend L [expr "0x$b"] 130f2f72a0fSdan } 131f2f72a0fSdan } 132f2f72a0fSdan if {[llength $L]!=16} { 133f2f72a0fSdan error "Badly formed hex (1)" 134f2f72a0fSdan } 135f2f72a0fSdan set bytes [concat $bytes $L] 136f2f72a0fSdan } 137f2f72a0fSdan 138f2f72a0fSdan binary format c* $bytes 139f2f72a0fSdan } 140f2f72a0fSdan 141f2f72a0fSdan reset_db 142f2f72a0fSdan db func hex2blob hex2blob 143f2f72a0fSdan 144f2f72a0fSdan do_execsql_test 3.1 { 145f2f72a0fSdan PRAGMA page_size=1024; 146f2f72a0fSdan CREATE TABLE t1(a, b, c); 147f2f72a0fSdan CREATE TABLE t2(a, b, c); 148f2f72a0fSdan CREATE TABLE t3(a, b, c); 149f2f72a0fSdan CREATE TABLE t4(a, b, c); 150f2f72a0fSdan CREATE TABLE t5(a, b, c); 151f2f72a0fSdan } 1526ab91a7aSdrh sqlite3_db_config db DEFENSIVE 0 153f2f72a0fSdan do_execsql_test 3.2 { 154f2f72a0fSdan UPDATE sqlite_dbpage SET data = hex2blob(' 155f2f72a0fSdan 000: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3. 156f2f72a0fSdan 010: 04 00 01 01 20 40 20 20 00 00 3e d9 00 00 00 06 .... @ ..>..... 157f2f72a0fSdan 020: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 04 ................ 158f2f72a0fSdan 030: 0f 00 00 00 00 00 00 00 00 00 00 01 00 00 83 00 ................ 159f2f72a0fSdan 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 .............8.. 160f2f72a0fSdan 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e d9 ..............>. 161f2f72a0fSdan 060: 00 2d e6 07 0d 00 00 00 01 03 a0 00 03 e0 00 00 .-.............. 162f2f72a0fSdan 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 163f2f72a0fSdan 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 164f2f72a0fSdan 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 165f2f72a0fSdan 0a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 166f2f72a0fSdan 0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 167f2f72a0fSdan 0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 168f2f72a0fSdan 0d0: 00 00 00 00 00 c1 00 00 00 00 00 00 00 00 00 00 ................ 169f2f72a0fSdan 0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 170f2f72a0fSdan 0f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 171f2f72a0fSdan 100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 172f2f72a0fSdan 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 173f2f72a0fSdan 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 174f2f72a0fSdan 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 175f2f72a0fSdan 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 176f2f72a0fSdan 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 177f2f72a0fSdan 160: 00 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 178f2f72a0fSdan 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 179f2f72a0fSdan 180: 00 00 00 00 00 00 00 00 00 00 07 00 30 00 00 00 ............0... 180f2f72a0fSdan 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 181f2f72a0fSdan 1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 182f2f72a0fSdan 1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 183f2f72a0fSdan 1c0: 02 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 ................ 184f2f72a0fSdan 1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 185f2f72a0fSdan 1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 186f2f72a0fSdan 1f0: 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 187f2f72a0fSdan 200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 188f2f72a0fSdan 210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 189f2f72a0fSdan 220: 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 190f2f72a0fSdan 230: 0c 00 00 00 00 00 00 60 00 00 00 06 00 00 c3 00 .......`........ 191f2f72a0fSdan 240: 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 192f2f72a0fSdan 250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 193f2f72a0fSdan 260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 194f2f72a0fSdan 270: 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 ................ 195f2f72a0fSdan 280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 196f2f72a0fSdan 290: 04 00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 197f2f72a0fSdan 2a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 198f2f72a0fSdan 2b0: 00 00 00 00 83 00 8c 00 00 00 00 00 00 00 00 00 ................ 199f2f72a0fSdan 2c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 200f2f72a0fSdan 2d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 201f2f72a0fSdan 2e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 202f2f72a0fSdan 2f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 203f2f72a0fSdan 300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 204f2f72a0fSdan 310: 00 78 00 00 00 00 00 00 00 00 00 00 00 00 70 00 .x............p. 205f2f72a0fSdan 320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 206f2f72a0fSdan 330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 207f2f72a0fSdan 340: 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 ................ 208f2f72a0fSdan 350: 00 00 00 00 00 68 00 00 00 00 00 00 00 00 00 00 .....h.......... 209f2f72a0fSdan 360: 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 ................ 210f2f72a0fSdan 370: 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ................ 211f2f72a0fSdan 380: 00 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 ....p........... 212f2f72a0fSdan 390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 213f2f72a0fSdan 3a0: 5e 01 07 17 1b 1b 01 81 13 74 61 62 6c 65 73 65 ^........tablese 214f2f72a0fSdan 3b0: 6e 73 6f 32 73 73 65 6e 73 6f 72 73 02 43 52 45 nso2ssensors.CRE 215f2f72a0fSdan 3c0: 41 54 45 20 54 41 42 4c 45 20 73 65 6e 73 6f 72 ATE TABLE sensor 216f2f72a0fSdan 3d0: 73 20 0a 20 20 24 20 20 20 20 20 20 20 20 20 20 s . $ 217f2f72a0fSdan 3e0: b8 6e 61 6d 65 21 74 65 78 74 2c 20 79 61 6c 20 .name!text, yal 218f2f72a0fSdan 3f0: 72 65 61 6c 2c 20 74 69 6d 65 20 74 65 78 74 29 real, time text) 219f2f72a0fSdan ') WHERE pgno=1 220f2f72a0fSdan } 221f2f72a0fSdan 222f2f72a0fSdan db close 223f2f72a0fSdan sqlite3 db test.db 224f2f72a0fSdan 225f2f72a0fSdan do_catchsql_test 3.3 { 226f2f72a0fSdan PRAGMA integrity_check; 227f2f72a0fSdan } {1 {database disk image is malformed}} 22830741eb0Sdan 229f9703726Sdan} ;# [permutation]!="inmemory_journal" 2309499b4a6Sdan} ;# ifcapable vtab 2319499b4a6Sdan 23230741eb0Sdan 23330741eb0Sdan 23430741eb0Sdanfinish_test 235