78 lines
2.1 KiB
Plaintext
Raw Normal View History

# 2013-08-01
#
# The author disclaims copyright to this source code. In place of
# a legal notice, here is a blessing:
#
# May you do good and not evil.
# May you find forgiveness for yourself and forgive others.
# May you share freely, never taking more than you give.
#
#***********************************************************************
#
set testdir [file dirname $argv0]
source $testdir/tester.tcl
set testprefix corruptG
# Do not use a codec for tests in this file, as the database file is
# manipulated directly using tcl scripts (using the [hexio_write] command).
#
do_not_use_codec
# Create a simple database with a single entry. Then corrupt the
# header-size varint on the index payload so that it maps into a
# negative number. Try to use the database.
#
do_execsql_test 1.1 {
PRAGMA page_size=512;
CREATE TABLE t1(a,b,c);
INSERT INTO t1(rowid,a,b,c) VALUES(52,'abc','xyz','123');
CREATE INDEX t1abc ON t1(a,b,c);
}
set idxroot [db one {SELECT rootpage FROM sqlite_master WHERE name = 't1abc'}]
# Corrupt the file
db close
hexio_write test.db [expr {$idxroot*512 - 15}] 888080807f
sqlite3 db test.db
# Try to use the file.
do_test 1.2 {
catchsql {
SELECT c FROM t1 WHERE a>'abc';
}
} {0 {}}
do_test 1.3 {
catchsql {
PRAGMA integrity_check
}
} {0 ok}
do_test 1.4 {
catchsql {
SELECT c FROM t1 ORDER BY a;
}
} {1 {database disk image is malformed}}
# Corrupt the same file in a slightly different way. Make the record header
# sane, but corrupt one of the serial_type value to indicate a huge payload
# such that the payload begins in allocated space but overflows the buffer.
#
db close
hexio_write test.db [expr {$idxroot*512-15}] 0513ff7f01
sqlite3 db test.db
do_test 2.1 {
catchsql {
SELECT rowid FROM t1 WHERE a='abc' and b='xyz123456789XYZ';
}
# The following test result is brittle. The point above is to try to
# force a buffer overread by a corrupt database file. If we get an
# incorrect answer from a corrupt database file, that is OK. If the
# result below changes, that just means that "undefined behavior" has
# changed.
} {0 52}
finish_test