3 # The author disclaims copyright to this source code. In place of
4 # a legal notice, here is a blessing:
6 # May you do good and not evil.
7 # May you find forgiveness for yourself and forgive others.
8 # May you share freely, never taking more than you give.
10 #***********************************************************************
11 # This file implements regression tests for SQLite library.
13 # This file implements tests to make sure SQLite does not crash or
14 # segfault if it sees a corrupt database file. It creates a base
15 # data base file, then tests that single byte corruptions in
16 # increasingly larger quantities are handled gracefully.
18 # $Id: corruptC.test,v 1.14 2009/07/11 06:55:34 danielk1977 Exp $
20 catch {forcedelete test.db test.db-journal test.bu}
22 set testdir [file dirname $argv0]
23 source $testdir/tester.tcl
25 # Do not use a codec for tests in this file, as the database file is
26 # manipulated directly using tcl scripts (using the [hexio_write] command).
30 # These tests deal with corrupt database files
32 database_may_be_corrupt
34 # Construct a compact, dense database for testing.
36 do_test corruptC-1.1 {
38 PRAGMA auto_vacuum = 0;
39 PRAGMA legacy_file_format=1;
42 INSERT INTO t1 VALUES(1,1);
43 INSERT OR IGNORE INTO t1 SELECT x*2,y FROM t1;
44 INSERT OR IGNORE INTO t1 SELECT x*3,y FROM t1;
45 INSERT OR IGNORE INTO t1 SELECT x*5,y FROM t1;
46 INSERT OR IGNORE INTO t1 SELECT x*7,y FROM t1;
47 INSERT OR IGNORE INTO t1 SELECT x*11,y FROM t1;
48 INSERT OR IGNORE INTO t1 SELECT x*13,y FROM t1;
49 CREATE INDEX t1i1 ON t1(x);
50 CREATE TABLE t2 AS SELECT x,2 as y FROM t1 WHERE rowid%5!=0;
55 ifcapable {integrityck} {
56 integrity_check corruptC-1.2
59 # Generate random integer
62 return [expr {round(rand()*$range)}]
65 # Setup for the tests. Make a backup copy of the good database in test.bu.
68 forcecopy test.db test.bu
70 set fsize [file size test.db]
72 # Set a quasi-random random seed.
73 if {[info exists ::G(issoak)]} {
74 # If we are doing SOAK tests, we want a different
75 # random seed for each run. Ideally we would like
76 # to use [clock clicks] or something like that here.
77 set qseed [file mtime test.db]
79 # If we are not doing soak tests,
86 # First test some specific corruption tests found from earlier runs
87 # with specific seeds.
90 # test that a corrupt content offset size is handled (seed 5577)
91 do_test corruptC-2.1 {
93 forcecopy test.bu test.db
95 # insert corrupt byte(s)
96 hexio_write test.db 2053 [format %02x 0x04]
99 catchsql {PRAGMA integrity_check}
100 } {1 {database disk image is malformed}}
102 # test that a corrupt content offset size is handled (seed 5649)
103 do_test corruptC-2.2 {
105 forcecopy test.bu test.db
107 # insert corrupt byte(s)
108 hexio_write test.db 27 [format %02x 0x08]
109 hexio_write test.db 233 [format %02x 0x6a]
110 hexio_write test.db 328 [format %02x 0x67]
111 hexio_write test.db 750 [format %02x 0x1f]
112 hexio_write test.db 1132 [format %02x 0x52]
113 hexio_write test.db 1133 [format %02x 0x84]
114 hexio_write test.db 1220 [format %02x 0x01]
115 hexio_write test.db 3688 [format %02x 0xc1]
116 hexio_write test.db 3714 [format %02x 0x58]
117 hexio_write test.db 3746 [format %02x 0x9a]
120 catchsql {UPDATE t1 SET y=1}
121 } {1 {database disk image is malformed}}
123 # test that a corrupt free cell size is handled (seed 13329)
124 do_test corruptC-2.3 {
126 forcecopy test.bu test.db
128 # insert corrupt byte(s)
129 hexio_write test.db 1094 [format %02x 0x76]
132 catchsql {UPDATE t1 SET y=1}
133 } {1 {database disk image is malformed}}
135 # test that a corrupt free cell size is handled (seed 169571)
136 do_test corruptC-2.4 {
138 forcecopy test.bu test.db
140 # insert corrupt byte(s)
141 hexio_write test.db 3119 [format %02x 0xdf]
144 catchsql {UPDATE t2 SET y='abcdef-uvwxyz'}
145 } {1 {database disk image is malformed}}
147 # test that a corrupt free cell size is handled (seed 169571)
148 do_test corruptC-2.5 {
150 forcecopy test.bu test.db
152 # insert corrupt byte(s)
153 hexio_write test.db 3119 [format %02x 0xdf]
154 hexio_write test.db 4073 [format %02x 0xbf]
157 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;}
158 catchsql {PRAGMA integrity_check}
159 } {0 {{*** in database main ***
160 Page 4: btreeInitPage() returns error code 11}}}
162 # {0 {{*** in database main ***
163 # Corruption detected in cell 710 on page 4
164 # Multiple uses for byte 661 of page 4
165 # Fragmented space is 249 byte reported as 21 on page 4}}}
167 # test that a corrupt free cell size is handled (seed 169595)
168 do_test corruptC-2.6 {
170 forcecopy test.bu test.db
172 # insert corrupt byte(s)
173 hexio_write test.db 619 [format %02x 0xe2]
174 hexio_write test.db 3150 [format %02x 0xa8]
177 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;}
178 } {1 {database disk image is malformed}}
180 # corruption (seed 178692)
181 do_test corruptC-2.7 {
183 forcecopy test.bu test.db
185 # insert corrupt byte(s)
186 hexio_write test.db 3074 [format %02x 0xa0]
189 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;}
190 } {1 {database disk image is malformed}}
193 # corruption (seed 179069)
194 # Obsolete. With single-pass DELETE the corruption in the
195 # main database is not detected.
197 do_test corruptC-2.8 {
199 forcecopy test.bu test.db
201 # insert corrupt byte(s)
202 hexio_write test.db 1393 [format %02x 0x7d]
203 hexio_write test.db 84 [format %02x 0x19]
204 hexio_write test.db 3287 [format %02x 0x3b]
205 hexio_write test.db 2564 [format %02x 0xed]
206 hexio_write test.db 2139 [format %02x 0x55]
209 catchsql {BEGIN; DELETE FROM t1 WHERE x>13; ROLLBACK;}
210 } {1 {database disk image is malformed}}
213 # corruption (seed 170434)
215 # UPDATE: Prior to 3.8.2, this used to return SQLITE_CORRUPT. It no longer
216 # does. That is Ok, the point of these tests is to verify that no buffer
217 # overruns or overreads can be caused by corrupt databases.
218 do_test corruptC-2.9 {
220 forcecopy test.bu test.db
222 # insert corrupt byte(s)
223 hexio_write test.db 2095 [format %02x 0xd6]
226 catchsql {BEGIN; DELETE FROM t1 WHERE x>13; ROLLBACK;}
229 # corruption (seed 186504)
230 do_test corruptC-2.10 {
232 forcecopy test.bu test.db
234 # insert corrupt byte(s)
235 hexio_write test.db 3130 [format %02x 0x02]
238 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;}
239 } {1 {database disk image is malformed}}
241 # corruption (seed 1589)
242 do_test corruptC-2.11 {
244 forcecopy test.bu test.db
246 # insert corrupt byte(s)
247 hexio_write test.db 55 [format %02x 0xa7]
250 catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;}
251 } {1 {database disk image is malformed}}
253 # corruption (seed 14166)
254 do_test corruptC-2.12 {
256 forcecopy test.bu test.db
258 # insert corrupt byte(s)
259 hexio_write test.db 974 [format %02x 0x2e]
262 catchsql {SELECT count(*) FROM sqlite_master;}
263 } {1 {malformed database schema (t1i1) - corrupt database}}
265 # corruption (seed 218803)
266 do_test corruptC-2.13 {
268 forcecopy test.bu test.db
270 # insert corrupt byte(s)
271 hexio_write test.db 102 [format %02x 0x12]
274 catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;}
275 } {1 {database disk image is malformed}}
277 do_test corruptC-2.14 {
279 forcecopy test.bu test.db
282 set blob [string repeat abcdefghij 10000]
283 execsql { INSERT INTO t1 VALUES (1, $blob) }
286 set filesize [file size test.db]
287 hexio_write test.db [expr $filesize-2048] 00000001
288 catchsql {DELETE FROM t1 WHERE rowid = (SELECT max(rowid) FROM t1)}
289 } {1 {database disk image is malformed}}
291 # At one point this particular corrupt database was causing a buffer
292 # overread. Which caused a crash in a run of all.test once.
294 do_test corruptC-2.15 {
296 forcecopy test.bu test.db
297 hexio_write test.db 986 b9
299 catchsql {SELECT count(*) FROM sqlite_master;}
300 } {1 {database disk image is malformed}}
303 # Now test for a series of quasi-random seeds.
304 # We loop over the entire file size and touch
305 # each byte at least once.
306 for {set tn 0} {$tn<$fsize} {incr tn 1} {
310 forcecopy test.bu test.db
313 # Seek to a random location in the file, and write a random single byte
314 # value. Then do various operations on the file to make sure that
315 # the database engine can handle the corruption gracefully.
318 for {set i 1} {$i<=512 && !$last} {incr i 1} {
322 # on the first corrupt value, use location $tn
323 # this ensures that we touch each location in the
324 # file at least once.
327 # insert random byte at random location
328 set roffset [random $fsize]
330 set rbyte [format %02x [random 255]]
332 # You can uncomment the following to have it trace
333 # exactly how it's corrupting the file. This is
334 # useful for generating the "seed specific" tests
336 # set rline "$roffset $rbyte"
339 hexio_write test.db $roffset $rbyte
342 # do a few random operations to make sure that if
343 # they error, they error gracefully instead of crashing.
344 do_test corruptC-3.$tn.($qseed).$i.1 {
345 catchsql {SELECT count(*) FROM sqlite_master}
348 do_test corruptC-3.$tn.($qseed).$i.2 {
349 catchsql {SELECT count(*) FROM t1}
352 do_test corruptC-3.$tn.($qseed).$i.3 {
353 catchsql {SELECT count(*) FROM t1 WHERE x>13}
356 do_test corruptC-3.$tn.($qseed).$i.4 {
357 catchsql {SELECT count(*) FROM t2}
360 do_test corruptC-3.$tn.($qseed).$i.5 {
361 catchsql {SELECT count(*) FROM t2 WHERE x<13}
364 do_test corruptC-3.$tn.($qseed).$i.6 {
365 catchsql {BEGIN; UPDATE t1 SET y=1; ROLLBACK;}
368 do_test corruptC-3.$tn.($qseed).$i.7 {
369 catchsql {BEGIN; UPDATE t2 SET y='abcdef-uvwxyz'; ROLLBACK;}
372 do_test corruptC-3.$tn.($qseed).$i.8 {
373 catchsql {BEGIN; DELETE FROM t1 WHERE x>13; ROLLBACK;}
376 do_test corruptC-3.$tn.($qseed).$i.9 {
377 catchsql {BEGIN; DELETE FROM t2 WHERE x<13; ROLLBACK;}
380 do_test corruptC-3.$tn.($qseed).$i.10 {
381 catchsql {BEGIN; CREATE TABLE t3 AS SELECT x,3 as y FROM t2 WHERE rowid%5!=0; ROLLBACK;}
385 # check the integrity of the database.
386 # once the corruption is detected, we can stop.
387 ifcapable {integrityck} {
388 set res [ catchsql {PRAGMA integrity_check} ]
389 set ans [lindex $res 1]
390 if { [ string compare $ans "ok" ] != 0 } {
394 # if we are not capable of doing an integrity check,
395 # stop after corrupting 5 bytes.
396 ifcapable {!integrityck} {
402 # Check that no page references were leaked.
403 # TBD: need to figure out why this doesn't work
404 # work with ROLLBACKs...
406 do_test corruptC-3.$tn.($qseed).$i.11 {
407 set bt [btree_from_db db]
409 array set stats [btree_pager_stats $bt]