78 lines
2.1 KiB
Plaintext
78 lines
2.1 KiB
Plaintext
|
# 2013-08-01
|
||
|
#
|
||
|
# The author disclaims copyright to this source code. In place of
|
||
|
# a legal notice, here is a blessing:
|
||
|
#
|
||
|
# May you do good and not evil.
|
||
|
# May you find forgiveness for yourself and forgive others.
|
||
|
# May you share freely, never taking more than you give.
|
||
|
#
|
||
|
#***********************************************************************
|
||
|
#
|
||
|
|
||
|
set testdir [file dirname $argv0]
|
||
|
source $testdir/tester.tcl
|
||
|
set testprefix corruptG
|
||
|
|
||
|
# Do not use a codec for tests in this file, as the database file is
|
||
|
# manipulated directly using tcl scripts (using the [hexio_write] command).
|
||
|
#
|
||
|
do_not_use_codec
|
||
|
|
||
|
# Create a simple database with a single entry. Then corrupt the
|
||
|
# header-size varint on the index payload so that it maps into a
|
||
|
# negative number. Try to use the database.
|
||
|
#
|
||
|
|
||
|
do_execsql_test 1.1 {
|
||
|
PRAGMA page_size=512;
|
||
|
CREATE TABLE t1(a,b,c);
|
||
|
INSERT INTO t1(rowid,a,b,c) VALUES(52,'abc','xyz','123');
|
||
|
CREATE INDEX t1abc ON t1(a,b,c);
|
||
|
}
|
||
|
|
||
|
set idxroot [db one {SELECT rootpage FROM sqlite_master WHERE name = 't1abc'}]
|
||
|
|
||
|
# Corrupt the file
|
||
|
db close
|
||
|
hexio_write test.db [expr {$idxroot*512 - 15}] 888080807f
|
||
|
sqlite3 db test.db
|
||
|
|
||
|
# Try to use the file.
|
||
|
do_test 1.2 {
|
||
|
catchsql {
|
||
|
SELECT c FROM t1 WHERE a>'abc';
|
||
|
}
|
||
|
} {0 {}}
|
||
|
do_test 1.3 {
|
||
|
catchsql {
|
||
|
PRAGMA integrity_check
|
||
|
}
|
||
|
} {0 ok}
|
||
|
do_test 1.4 {
|
||
|
catchsql {
|
||
|
SELECT c FROM t1 ORDER BY a;
|
||
|
}
|
||
|
} {1 {database disk image is malformed}}
|
||
|
|
||
|
# Corrupt the same file in a slightly different way. Make the record header
|
||
|
# sane, but corrupt one of the serial_type value to indicate a huge payload
|
||
|
# such that the payload begins in allocated space but overflows the buffer.
|
||
|
#
|
||
|
db close
|
||
|
hexio_write test.db [expr {$idxroot*512-15}] 0513ff7f01
|
||
|
sqlite3 db test.db
|
||
|
|
||
|
do_test 2.1 {
|
||
|
catchsql {
|
||
|
SELECT rowid FROM t1 WHERE a='abc' and b='xyz123456789XYZ';
|
||
|
}
|
||
|
# The following test result is brittle. The point above is to try to
|
||
|
# force a buffer overread by a corrupt database file. If we get an
|
||
|
# incorrect answer from a corrupt database file, that is OK. If the
|
||
|
# result below changes, that just means that "undefined behavior" has
|
||
|
# changed.
|
||
|
} {0 52}
|
||
|
|
||
|
finish_test
|