1: # 2004 August 30 {}
2: #
3: # The author disclaims copyright to this source code. In place of
4: # a legal notice, here is a blessing:
5: #
6: # May you do good and not evil.
7: # May you find forgiveness for yourself and forgive others.
8: # May you share freely, never taking more than you give.
9: #
10: #***********************************************************************
11: # This file implements regression tests for SQLite library.
12: #
13: # This file implements tests to make sure SQLite does not crash or
14: # segfault if it sees a corrupt database file.
15: #
16: # $Id: corrupt.test,v 1.1.1.1 2012/02/21 17:04:16 misho Exp $
17:
18: catch {forcedelete test.db test.db-journal test.bu}
19:
20: set testdir [file dirname $argv0]
21: source $testdir/tester.tcl
22:
23: # Do not use a codec for tests in this file, as the database file is
24: # manipulated directly using tcl scripts (using the [hexio_write] command).
25: #
26: do_not_use_codec
27:
28: # Construct a large database for testing.
29: #
30: do_test corrupt-1.1 {
31: execsql {
32: BEGIN;
33: CREATE TABLE t1(x);
34: INSERT INTO t1 VALUES(randstr(100,100));
35: INSERT INTO t1 VALUES(randstr(90,90));
36: INSERT INTO t1 VALUES(randstr(80,80));
37: INSERT INTO t1 SELECT x || randstr(5,5) FROM t1;
38: INSERT INTO t1 SELECT x || randstr(6,6) FROM t1;
39: INSERT INTO t1 SELECT x || randstr(7,7) FROM t1;
40: INSERT INTO t1 SELECT x || randstr(8,8) FROM t1;
41: INSERT INTO t1 VALUES(randstr(3000,3000));
42: INSERT INTO t1 SELECT x || randstr(9,9) FROM t1;
43: INSERT INTO t1 SELECT x || randstr(10,10) FROM t1;
44: INSERT INTO t1 SELECT x || randstr(11,11) FROM t1;
45: INSERT INTO t1 SELECT x || randstr(12,12) FROM t1;
46: CREATE INDEX t1i1 ON t1(x);
47: CREATE TABLE t2 AS SELECT * FROM t1;
48: DELETE FROM t2 WHERE rowid%5!=0;
49: COMMIT;
50: }
51: } {}
52: integrity_check corrupt-1.2
53:
54: # Setup for the tests. Make a backup copy of the good database in test.bu.
55: # Create a string of garbage data that is 256 bytes long.
56: #
57: forcecopy test.db test.bu
58: set fsize [file size test.db]
59: set junk "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
60: while {[string length $junk]<256} {append junk $junk}
61: set junk [string range $junk 0 255]
62:
63: # Go through the database and write garbage data into each 256 segment
64: # of the file. Then do various operations on the file to make sure that
65: # the database engine can recover gracefully from the corruption.
66: #
67: for {set i [expr {1*256}]} {$i<$fsize-256} {incr i 256} {
68: set tn [expr {$i/256}]
69: db close
70: forcecopy test.bu test.db
71: set fd [open test.db r+]
72: fconfigure $fd -translation binary
73: seek $fd $i
74: puts -nonewline $fd $junk
75: close $fd
76: do_test corrupt-2.$tn.1 {
77: sqlite3 db test.db
78: catchsql {SELECT count(*) FROM sqlite_master}
79: set x {}
80: } {}
81: do_test corrupt-2.$tn.2 {
82: catchsql {SELECT count(*) FROM t1}
83: set x {}
84: } {}
85: do_test corrupt-2.$tn.3 {
86: catchsql {SELECT count(*) FROM t1 WHERE x>'abcdef'}
87: set x {}
88: } {}
89: do_test corrupt-2.$tn.4 {
90: catchsql {SELECT count(*) FROM t2}
91: set x {}
92: } {}
93: do_test corrupt-2.$tn.5 {
94: catchsql {CREATE TABLE t3 AS SELECT * FROM t1}
95: set x {}
96: } {}
97: do_test corrupt-2.$tn.6 {
98: catchsql {DROP TABLE t1}
99: set x {}
100: } {}
101: do_test corrupt-2.$tn.7 {
102: catchsql {PRAGMA integrity_check}
103: set x {}
104: } {}
105:
106: # Check that no page references were leaked.
107: do_test corrupt-2.$tn.8 {
108: set bt [btree_from_db db]
109: db_enter db
110: array set stats [btree_pager_stats $bt]
111: db_leave db
112: set stats(ref)
113: } {0}
114: }
115:
116: #------------------------------------------------------------------------
117: # For these tests, swap the rootpage entries of t1 (a table) and t1i1 (an
118: # index on t1) in sqlite_master. Then perform a few different queries
119: # and make sure this is detected as corruption.
120: #
121: do_test corrupt-3.1 {
122: db close
123: forcecopy test.bu test.db
124: sqlite3 db test.db
125: list
126: } {}
127: do_test corrupt-3.2 {
128: set t1_r [execsql {SELECT rootpage FROM sqlite_master WHERE name = 't1i1'}]
129: set t1i1_r [execsql {SELECT rootpage FROM sqlite_master WHERE name = 't1'}]
130: set cookie [expr [execsql {PRAGMA schema_version}] + 1]
131: execsql "
132: PRAGMA writable_schema = 1;
133: UPDATE sqlite_master SET rootpage = $t1_r WHERE name = 't1';
134: UPDATE sqlite_master SET rootpage = $t1i1_r WHERE name = 't1i1';
135: PRAGMA writable_schema = 0;
136: PRAGMA schema_version = $cookie;
137: "
138: } {}
139:
140: # This one tests the case caught by code in checkin [2313].
141: do_test corrupt-3.3 {
142: db close
143: sqlite3 db test.db
144: catchsql {
145: INSERT INTO t1 VALUES('abc');
146: }
147: } {1 {database disk image is malformed}}
148: do_test corrupt-3.4 {
149: db close
150: sqlite3 db test.db
151: catchsql {
152: SELECT * FROM t1;
153: }
154: } {1 {database disk image is malformed}}
155: do_test corrupt-3.5 {
156: db close
157: sqlite3 db test.db
158: catchsql {
159: SELECT * FROM t1 WHERE oid = 10;
160: }
161: } {1 {database disk image is malformed}}
162: do_test corrupt-3.6 {
163: db close
164: sqlite3 db test.db
165: catchsql {
166: SELECT * FROM t1 WHERE x = 'abcde';
167: }
168: } {1 {database disk image is malformed}}
169:
170: do_test corrupt-4.1 {
171: db close
172: forcedelete test.db test.db-journal
173: sqlite3 db test.db
174: execsql {
175: PRAGMA page_size = 1024;
176: CREATE TABLE t1(a INTEGER PRIMARY KEY, b TEXT);
177: }
178: for {set i 0} {$i < 10} {incr i} {
179: set text [string repeat $i 220]
180: execsql { INSERT INTO t1 VALUES($i, $text) }
181: }
182: execsql { CREATE INDEX i1 ON t1(b) }
183: } {}
184: do_test corrupt-4.2 {
185: set iRoot [db one {SELECT rootpage FROM sqlite_master WHERE name = 'i1'}]
186: set iOffset [hexio_get_int [hexio_read test.db [expr 12+($iRoot-1)*1024] 2]]
187: set data [hexio_render_int32 [expr $iRoot - 1]]
188: hexio_write test.db [expr ($iRoot-1)*1024 + $iOffset] $data
189: db close
190: sqlite3 db test.db
191:
192: # The following DELETE statement attempts to delete a cell stored on the
193: # root page of index i1. After this cell is deleted it must be replaced
194: # by a cell retrieved from the child page (a leaf) of the deleted cell.
195: # This will fail, as the block modified the database image so that the
196: # child page of the deleted cell is from a table (intkey) b-tree, not an
197: # index b-tree as expected. At one point this was causing an assert()
198: # to fail.
199: catchsql { DELETE FROM t1 WHERE rowid = 3 }
200: } {1 {database disk image is malformed}}
201:
202: do_test corrupt-5.1 {
203: db close
204: forcedelete test.db test.db-journal
205: sqlite3 db test.db
206:
207: execsql { PRAGMA page_size = 1024 }
208: set ct "CREATE TABLE t1(c0 "
209: set i 0
210: while {[string length $ct] < 950} { append ct ", c[incr i]" }
211: append ct ")"
212: execsql $ct
213: } {}
214:
215: do_test corrupt-5.2 {
216: db close
217: hexio_write test.db 108 00000000
218: sqlite3 db test.db
219: catchsql { SELECT * FROM sqlite_master }
220: } {1 {database disk image is malformed}}
221:
222: # At one point, the specific corruption caused by this test case was
223: # causing a buffer overwrite. Although a crash was never demonstrated,
224: # running this testcase under valgrind revealed the problem.
225: do_test corrupt-6.1 {
226: db close
227: forcedelete test.db test.db-journal
228: sqlite3 db test.db
229: execsql {
230: PRAGMA page_size = 1024; CREATE TABLE t1(x);
231: }
232:
233: # The root page of t1 is 1024 bytes in size. The header is 8 bytes, and
234: # each of the cells inserted by the following INSERT statements consume
235: # 16 bytes (including the 2 byte cell-offset array entry). So the page
236: # can contain up to 63 cells.
237: for {set i 0} {$i < 63} {incr i} {
238: execsql { INSERT INTO t1 VALUES( randomblob(10) ) }
239: }
240:
241: # Free the cell stored right at the end of the page (at offset pgsz-14).
242: execsql { DELETE FROM t1 WHERE rowid=1 }
243: set rootpage [db one {SELECT rootpage FROM sqlite_master WHERE name = 't1'}]
244: db close
245:
246: set offset [expr ($rootpage * 1024)-14+2]
247: hexio_write test.db $offset 00FF
248: sqlite3 db test.db
249:
250: catchsql { INSERT INTO t1 VALUES( randomblob(10) ) }
251: } {1 {database disk image is malformed}}
252:
253: ifcapable oversize_cell_check {
254: db close
255: forcedelete test.db test.db-journal
256: sqlite3 db test.db
257: execsql {
258: PRAGMA page_size = 1024; CREATE TABLE t1(x);
259: }
260:
261: do_test corrupt-7.1 {
262: for {set i 0} {$i < 39} {incr i} {
263: execsql {
264: INSERT INTO t1 VALUES(X'000100020003000400050006000700080009000A');
265: }
266: }
267: } {}
268: db close
269:
270: # Corrupt the root page of table t1 so that the first offset in the
271: # cell-offset array points to the data for the SQL blob associated with
272: # record (rowid=10). The root page still passes the checks in btreeInitPage(),
273: # because the start of said blob looks like the start of a legitimate
274: # page cell.
275: #
276: # Test case cc-2 overwrites the blob so that it no longer looks like a
277: # real cell. But, by the time it is overwritten, btreeInitPage() has already
278: # initialized the root page, so no corruption is detected.
279: #
280: # Test case cc-3 inserts an extra record into t1, forcing balance-deeper
281: # to run. After copying the contents of the root page to the new child,
282: # btreeInitPage() is called on the child. This time, it detects corruption
283: # (because the start of the blob associated with the (rowid=10) record
284: # no longer looks like a real cell). At one point the code assumed that
285: # detecting corruption was not possible at that point, and an assert() failed.
286: #
287: set fd [open test.db r+]
288: fconfigure $fd -translation binary -encoding binary
289: seek $fd [expr 1024+8]
290: puts -nonewline $fd "\x03\x14"
291: close $fd
292:
293: sqlite3 db test.db
294: do_test corrupt-7.2 {
295: execsql {
296: UPDATE t1 SET x = X'870400020003000400050006000700080009000A'
297: WHERE rowid = 10;
298: }
299: } {}
300: do_test corrupt-7.3 {
301: catchsql {
302: INSERT INTO t1 VALUES(X'000100020003000400050006000700080009000A');
303: }
304: } {1 {database disk image is malformed}}
305: }
306:
307: db close
308: forcedelete test.db test.db-journal
309: do_test corrupt-8.1 {
310: sqlite3 db test.db
311: execsql {
312: PRAGMA page_size = 1024;
313: PRAGMA secure_delete = on;
314: PRAGMA auto_vacuum = 0;
315: CREATE TABLE t1(x INTEGER PRIMARY KEY, y);
316: INSERT INTO t1 VALUES(5, randomblob(1900));
317: }
318:
319: hexio_write test.db 2044 [hexio_render_int32 2]
320: hexio_write test.db 24 [hexio_render_int32 45]
321:
322: catchsql { INSERT OR REPLACE INTO t1 VALUES(5, randomblob(1900)) }
323: } {1 {database disk image is malformed}}
324:
325: db close
326: forcedelete test.db test.db-journal
327: do_test corrupt-8.2 {
328: sqlite3 db test.db
329: execsql {
330: PRAGMA page_size = 1024;
331: PRAGMA secure_delete = on;
332: PRAGMA auto_vacuum = 0;
333: CREATE TABLE t1(x INTEGER PRIMARY KEY, y);
334: INSERT INTO t1 VALUES(5, randomblob(900));
335: INSERT INTO t1 VALUES(6, randomblob(900));
336: }
337:
338: hexio_write test.db 2047 FF
339: hexio_write test.db 24 [hexio_render_int32 45]
340:
341: catchsql { INSERT INTO t1 VALUES(4, randomblob(1900)) }
342: } {1 {database disk image is malformed}}
343:
344: finish_test
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to corrupt.test CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sqlite3 / test