1# 2004 August 30 2# 3# The author disclaims copyright to this source code. In place of 4# a legal notice, here is a blessing: 5# 6# May you do good and not evil. 7# May you find forgiveness for yourself and forgive others. 8# May you share freely, never taking more than you give. 9# 10#*********************************************************************** 11# This file implements regression tests for SQLite library. 12# 13# This file implements tests to make sure SQLite does not crash or 14# segfault if it sees a corrupt database file. It creates a base 15# data base file, then tests that single byte corruptions in 16# increasingly larger quantities are handled gracefully. 17# 18# $Id: corruptC.test,v 1.14 2009/07/11 06:55:34 danielk1977 Exp $ 19 20catch {file delete -force test.db test.db-journal test.bu} 21 22set testdir [file dirname $argv0] 23source $testdir/tester.tcl 24 25# Do not use a codec for tests in this file, as the database file is 26# manipulated directly using tcl scripts (using the [hexio_write] command). 27# 28do_not_use_codec 29 30# Construct a compact, dense database for testing. 31# 32do_test corruptC-1.1 { 33 execsql { 34 PRAGMA auto_vacuum = 0; 35 PRAGMA legacy_file_format=1; 36 BEGIN; 37 CREATE TABLE t1(x,y); 38 INSERT INTO t1 VALUES(1,1); 39 INSERT OR IGNORE INTO t1 SELECT x*2,y FROM t1; 40 INSERT OR IGNORE INTO t1 SELECT x*3,y FROM t1; 41 INSERT OR IGNORE INTO t1 SELECT x*5,y FROM t1; 42 INSERT OR IGNORE INTO t1 SELECT x*7,y FROM t1; 43 INSERT OR IGNORE INTO t1 SELECT x*11,y FROM t1; 44 INSERT OR IGNORE INTO t1 SELECT x*13,y FROM t1; 45 CREATE INDEX t1i1 ON t1(x); 46 CREATE TABLE t2 AS SELECT x,2 as y FROM t1 WHERE rowid%5!=0; 47 COMMIT; 48 } 49} {} 50 51ifcapable {integrityck} { 52 integrity_check corruptC-1.2 53} 54 55# Generate random integer 56# 57proc random {range} { 58 return [expr {round(rand()*$range)}] 59} 60 61# Copy file $from into $to 62# 63proc copy_file {from to} { 64 file copy -force $from $to 65} 66 67# Setup for the tests. Make a backup copy of the good database in test.bu. 68# 69db close 70copy_file test.db test.bu 71sqlite3 db test.db 72set fsize [file size test.db] 73 74# Set a quasi-random random seed. 75if {[info exists ::G(issoak)]} { 76 # If we are doing SOAK tests, we want a different 77 # random seed for each run. Ideally we would like 78 # to use [clock clicks] or something like that here. 79 set qseed [file mtime test.db] 80} else { 81 # If we are not doing soak tests, 82 # make it repeatable. 83 set qseed 0 84} 85expr srand($qseed) 86 87# 88# First test some specific corruption tests found from earlier runs 89# with specific seeds. 90# 91 92# test that a corrupt content offset size is handled (seed 5577) 93do_test corruptC-2.1 { 94 db close 95 copy_file test.bu test.db 96 97 # insert corrupt byte(s) 98 hexio_write test.db 2053 [format %02x 0x04] 99 100 sqlite3 db test.db 101 catchsql {PRAGMA integrity_check} 102} {1 {database disk image is malformed}} 103 104# test that a corrupt content offset size is handled (seed 5649) 105do_test corruptC-2.2 { 106 db close 107 copy_file test.bu test.db 108 109 # insert corrupt byte(s) 110 hexio_write test.db 27 [format %02x 0x08] 111 hexio_write test.db 233 [format %02x 0x6a] 112 hexio_write test.db 328 [format %02x 0x67] 113 hexio_write test.db 750 [format %02x 0x1f] 114 hexio_write test.db 1132 [format %02x 0x52] 115 hexio_write test.db 1133 [format %02x 0x84] 116 hexio_write test.db 1220 [format %02x 0x01] 117 hexio_write test.db 3688 [format %02x 0xc1] 118 hexio_write test.db 3714 [format %02x 0x58] 119 hexio_write test.db 3746 [format %02x 0x9a] 120 121 sqlite3 db test.db 122 catchsql {UPDATE t1 SET y=1} 123} {1 {database disk image is malformed}} 124 125# test that a corrupt free cell size is handled (seed 13329) 126do_test corruptC-2.3 { 127 db close 128 copy_file test.bu test.db 129 130 # insert corrupt byte(s) 131 hexio_write test.db 1094 [format %02x 0x76] 132 133 sqlite3 db test.db 134 catchsql {UPDATE t1 SET y=1} 135} {1 {database disk image is malformed}} 136 137# test that a corrupt free cell size is handled (seed 169571) 138do_test corruptC-2.4 { 139 db close 140 copy_file test.bu test.db 141 142 # insert corrupt byte(s) 143 hexio_write test.db 3119 [format %02x 0xdf] 144 145 sqlite3 db test.db 146 catchsql {UPDATE t2 SET y='abcdef-uvwxyz'} 147} {1 {database disk image is malformed}} 148 149# test that a corrupt free cell size is handled (seed 169571) 150do_test corruptC-2.5 { 151 db close 152 copy_file test.bu test.db 153 154 # insert corrupt byte(s) 155 hexio_write test.db 3119 [format %02x 0xdf] 156 hexio_write test.db 4073 [format %02x 0xbf] 157 158 sqlite3 db test.db 159 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 160 catchsql {PRAGMA integrity_check} 161} {0 {{*** in database main *** 162Page 4: btreeInitPage() returns error code 11}}} 163 164# {0 {{*** in database main *** 165# Corruption detected in cell 710 on page 4 166# Multiple uses for byte 661 of page 4 167# Fragmented space is 249 byte reported as 21 on page 4}}} 168 169# test that a corrupt free cell size is handled (seed 169595) 170do_test corruptC-2.6 { 171 db close 172 copy_file test.bu test.db 173 174 # insert corrupt byte(s) 175 hexio_write test.db 619 [format %02x 0xe2] 176 hexio_write test.db 3150 [format %02x 0xa8] 177 178 sqlite3 db test.db 179 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 180} {1 {database disk image is malformed}} 181 182# corruption (seed 178692) 183do_test corruptC-2.7 { 184 db close 185 copy_file test.bu test.db 186 187 # insert corrupt byte(s) 188 hexio_write test.db 3074 [format %02x 0xa0] 189 190 sqlite3 db test.db 191 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 192} {1 {database disk image is malformed}} 193 194# corruption (seed 179069) 195do_test corruptC-2.8 { 196 db close 197 copy_file test.bu test.db 198 199 # insert corrupt byte(s) 200 hexio_write test.db 1393 [format %02x 0x7d] 201 hexio_write test.db 84 [format %02x 0x19] 202 hexio_write test.db 3287 [format %02x 0x3b] 203 hexio_write test.db 2564 [format %02x 0xed] 204 hexio_write test.db 2139 [format %02x 0x55] 205 206 sqlite3 db test.db 207 catchsql {BEGIN; DELETE FROM t1 WHERE x>13; ROLLBACK;} 208} {1 {database disk image is malformed}} 209 210# corruption (seed 170434) 211do_test corruptC-2.9 { 212 db close 213 copy_file test.bu test.db 214 215 # insert corrupt byte(s) 216 hexio_write test.db 2095 [format %02x 0xd6] 217 218 sqlite3 db test.db 219 catchsql {BEGIN; DELETE FROM t1 WHERE x>13; ROLLBACK;} 220} {1 {database disk image is malformed}} 221 222# corruption (seed 186504) 223do_test corruptC-2.10 { 224 db close 225 copy_file test.bu test.db 226 227 # insert corrupt byte(s) 228 hexio_write test.db 3130 [format %02x 0x02] 229 230 sqlite3 db test.db 231 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 232} {1 {database disk image is malformed}} 233 234# corruption (seed 1589) 235do_test corruptC-2.11 { 236 db close 237 copy_file test.bu test.db 238 239 # insert corrupt byte(s) 240 hexio_write test.db 55 [format %02x 0xa7] 241 242 sqlite3 db test.db 243 catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;} 244} {1 {database disk image is malformed}} 245 246# corruption (seed 14166) 247do_test corruptC-2.12 { 248 db close 249 copy_file test.bu test.db 250 251 # insert corrupt byte(s) 252 hexio_write test.db 974 [format %02x 0x2e] 253 254 sqlite3 db test.db 255 catchsql {SELECT count(*) FROM sqlite_master;} 256} {1 {malformed database schema (t1i1) - corrupt database}} 257 258# corruption (seed 218803) 259do_test corruptC-2.13 { 260 db close 261 copy_file test.bu test.db 262 263 # insert corrupt byte(s) 264 hexio_write test.db 102 [format %02x 0x12] 265 266 sqlite3 db test.db 267 catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;} 268} {1 {database disk image is malformed}} 269 270do_test corruptC-2.14 { 271 db close 272 copy_file test.bu test.db 273 274 sqlite3 db test.db 275 set blob [string repeat abcdefghij 10000] 276 execsql { INSERT INTO t1 VALUES (1, $blob) } 277 278 sqlite3 db test.db 279 set filesize [file size test.db] 280 hexio_write test.db [expr $filesize-2048] 00000001 281 catchsql {DELETE FROM t1 WHERE rowid = (SELECT max(rowid) FROM t1)} 282} {1 {database disk image is malformed}} 283 284# At one point this particular corrupt database was causing a buffer 285# overread. Which caused a crash in a run of all.test once. 286# 287do_test corruptC-2.15 { 288 db close 289 copy_file test.bu test.db 290 hexio_write test.db 986 b9 291 sqlite3 db test.db 292 catchsql {SELECT count(*) FROM sqlite_master;} 293} {1 {malformed database schema (t1i1) - no such table: main.t1}} 294 295# 296# Now test for a series of quasi-random seeds. 297# We loop over the entire file size and touch 298# each byte at least once. 299for {set tn 0} {$tn<$fsize} {incr tn 1} { 300 301 # setup for test 302 db close 303 copy_file test.bu test.db 304 sqlite3 db test.db 305 306 # Seek to a random location in the file, and write a random single byte 307 # value. Then do various operations on the file to make sure that 308 # the database engine can handle the corruption gracefully. 309 # 310 set last 0 311 for {set i 1} {$i<=512 && !$last} {incr i 1} { 312 313 db close 314 if {$i==1} { 315 # on the first corrupt value, use location $tn 316 # this ensures that we touch each location in the 317 # file at least once. 318 set roffset $tn 319 } else { 320 # insert random byte at random location 321 set roffset [random $fsize] 322 } 323 set rbyte [format %02x [random 255]] 324 325 # You can uncomment the following to have it trace 326 # exactly how it's corrupting the file. This is 327 # useful for generating the "seed specific" tests 328 # above. 329 # set rline "$roffset $rbyte" 330 # puts stdout $rline 331 332 hexio_write test.db $roffset $rbyte 333 sqlite3 db test.db 334 335 # do a few random operations to make sure that if 336 # they error, they error gracefully instead of crashing. 337 do_test corruptC-3.$tn.($qseed).$i.1 { 338 catchsql {SELECT count(*) FROM sqlite_master} 339 set x {} 340 } {} 341 do_test corruptC-3.$tn.($qseed).$i.2 { 342 catchsql {SELECT count(*) FROM t1} 343 set x {} 344 } {} 345 do_test corruptC-3.$tn.($qseed).$i.3 { 346 catchsql {SELECT count(*) FROM t1 WHERE x>13} 347 set x {} 348 } {} 349 do_test corruptC-3.$tn.($qseed).$i.4 { 350 catchsql {SELECT count(*) FROM t2} 351 set x {} 352 } {} 353 do_test corruptC-3.$tn.($qseed).$i.5 { 354 catchsql {SELECT count(*) FROM t2 WHERE x<13} 355 set x {} 356 } {} 357 do_test corruptC-3.$tn.($qseed).$i.6 { 358 catchsql {BEGIN; UPDATE t1 SET y=1; ROLLBACK;} 359 set x {} 360 } {} 361 do_test corruptC-3.$tn.($qseed).$i.7 { 362 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;} 363 set x {} 364 } {} 365 do_test corruptC-3.$tn.($qseed).$i.8 { 366 catchsql {BEGIN; DELETE FROM t1 WHERE x>13; ROLLBACK;} 367 set x {} 368 } {} 369 do_test corruptC-3.$tn.($qseed).$i.9 { 370 catchsql {BEGIN; DELETE FROM t2 WHERE x<13; ROLLBACK;} 371 set x {} 372 } {} 373 do_test corruptC-3.$tn.($qseed).$i.10 { 374 catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;} 375 set x {} 376 } {} 377 378 # check the integrity of the database. 379 # once the corruption is detected, we can stop. 380 ifcapable {integrityck} { 381 set res [ catchsql {PRAGMA integrity_check} ] 382 set ans [lindex $res 1] 383 if { [ string compare $ans "ok" ] != 0 } { 384 set last -1 385 } 386 } 387 # if we are not capable of doing an integrity check, 388 # stop after corrupting 5 bytes. 389 ifcapable {!integrityck} { 390 if { $i > 5 } { 391 set last -1 392 } 393 } 394 395 # Check that no page references were leaked. 396 # TBD: need to figure out why this doesn't work 397 # work with ROLLBACKs... 398 if {0} { 399 do_test corruptC-3.$tn.($qseed).$i.11 { 400 set bt [btree_from_db db] 401 db_enter db 402 array set stats [btree_pager_stats $bt] 403 db_leave db 404 set stats(ref) 405 } {0} 406 } 407 } 408 # end for i 409 410} 411# end for tn 412 413finish_test 414