gitlab.com/CoiaPrant/sqlite3@v1.19.1/testdata/tcl/corruptD.test (about) 1 # 2009 June 3 2 # 3 # The author disclaims copyright to this source code. In place of 4 # a legal notice, here is a blessing: 5 # 6 # May you do good and not evil. 7 # May you find forgiveness for yourself and forgive others. 8 # May you share freely, never taking more than you give. 9 # 10 #*********************************************************************** 11 # 12 # $Id: corruptD.test,v 1.2 2009/06/05 17:09:12 drh Exp $ 13 14 set testdir [file dirname $argv0] 15 source $testdir/tester.tcl 16 17 # Do not use a codec for tests in this file, as the database file is 18 # manipulated directly using tcl scripts (using the [hexio_write] command). 19 # 20 do_not_use_codec 21 22 # These tests deal with corrupt database files 23 # 24 database_may_be_corrupt 25 26 #-------------------------------------------------------------------------- 27 # OVERVIEW 28 # 29 # This test file attempts to verify that SQLite does not read past the 30 # end of any in-memory buffers as a result of corrupted database page 31 # images. Usually this happens because a field within a database page 32 # that contains an offset to some other structure within the same page 33 # is set to too large a value. A database page contains the following 34 # such fields: 35 # 36 # 1. The page header field that contains the offset to the first 37 # free block of space. 38 # 39 # 2. The first two bytes of all but the last free block on the free-block 40 # list (the offset to the next free block). 41 # 42 # 3. The page header field containing the number of cells on the page 43 # (implicitly defines the offset to the final element in the cell offset 44 # array, which could potentially be off the end of the page). 45 # 46 # 4. The page header field containing the offset to the start of the cell 47 # content area. 48 # 49 # 5. The contents of the cell offset array. 50 # 51 # 6. The first few bytes of each cell determine the size of the cell 52 # stored within the page, and hence the offset to the final byte of 53 # the cell. 54 # 55 # If any of the above fields are set to too large a value, then a buffer 56 # overread may occur. This test script creates and operates on various 57 # strategically corrupted database files to attempt to provoke such buffer 58 # overreads. 59 # 60 # Very often, a buffer overread passes unnoticed, particularly in workstation 61 # environments. For this reason, this test script should be run using valgrind 62 # (or similar) in order to verify that no overreads occur. 63 # 64 # TEST PLAN 65 # 66 # Test cases corruptD-1.* are white-box tests. They attempt to corrupt 67 # one of the above fields, then exercise each part of the code in btree.c 68 # that uses said field. 69 # 70 # Offset variables 1, 2, 3 and 4 are all checked to make sure they 71 # will not result in buffer overruns as part of page initialization in 72 # sqlite3BtreeInitPage(). Offsets 5 and 6 cannot be tested as part of 73 # page initialization, as trying to do so causes a performance hit. 74 # 75 76 do_test corruptD-1.0 { 77 execsql { 78 PRAGMA auto_vacuum = 0; 79 PRAGMA page_size = 1024; 80 CREATE TABLE t1(a, b); 81 CREATE INDEX i1 ON t1(a, b); 82 } 83 for {set ii 1} {$ii < 50} {incr ii} { 84 execsql { INSERT INTO t1 VALUES($ii, $ii * $ii) } 85 } 86 execsql { 87 DELETE FROM t1 WHERE a = 10; 88 DELETE FROM t1 WHERE a = 20; 89 DELETE FROM t1 WHERE a = 30; 90 DELETE FROM t1 WHERE a = 40; 91 } 92 forcecopy test.db test.bu 93 } {} 94 95 proc incr_change_counter {} { 96 hexio_write test.db 24 [ 97 hexio_render_int32 [expr [hexio_get_int [hexio_read test.db 24 4]] + 1] 98 ] 99 } 100 101 proc restore_file {} { 102 db close 103 forcecopy test.bu test.db 104 sqlite3 db test.db 105 } 106 107 #------------------------------------------------------------------------- 108 # The following tests, corruptD-1.1.*, focus on the page header field 109 # containing the offset of the first free block in a page. 110 # 111 do_test corruptD-1.1.1 { 112 incr_change_counter 113 hexio_write test.db [expr 1024+1] FFFF 114 catchsql { PRAGMA quick_check } 115 } {0 {{*** in database main *** 116 Page 2: free space corruption}}} 117 do_test corruptD-1.1.2 { 118 incr_change_counter 119 hexio_write test.db [expr 1024+1] [hexio_render_int32 1021] 120 catchsql { SELECT * FROM t1 ORDER BY rowid } 121 } {1 {database disk image is malformed}} 122 123 #------------------------------------------------------------------------- 124 # The following tests, corruptD-1.2.*, focus on the offsets contained 125 # in the first 2 byte of each free-block on the free-list. 126 # 127 do_test corruptD-1.2.1 { 128 restore_file 129 } {} 130 do_test corruptD-1.2.2 { 131 } {} 132 133 #------------------------------------------------------------------------- 134 # The following tests, corruptD-1.4.*, ... 135 # 136 137 138 #------------------------------------------------------------------------- 139 # The following tests, corruptD-1.5.*, focus on the offsets contained 140 # in the cell offset array. 141 # 142 # defragmentPage 143 # 144 145 finish_test