/ Check-in [7bdb1e05fa]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Avoid a buffer overwrite that can occur with a corrupt database if secure-delete is enabled.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 7bdb1e05faceddbb0b8e3efee7d070ad8c4611a3
User & Date: dan 2010-02-26 15:09:20
Context
2010-02-26
15:39
Remove the compile_option pragma (retaining compile_options - with an "s"). Updates to documentation. check-in: 733778df99 user: drh tags: trunk
15:09
Avoid a buffer overwrite that can occur with a corrupt database if secure-delete is enabled. check-in: 7bdb1e05fa user: dan tags: trunk
13:07
Avoid incorrect compiler warnings by doing a couple of needless variable initializations. check-in: 8f29490da6 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/btree.c.

5811
5812
5813
5814
5815
5816
5817






5818
5819

5820
5821
5822
5823
5824
5825
5826
      **
      ** Unless SQLite is compiled in secure-delete mode. In this case,
      ** the dropCell() routine will overwrite the entire cell with zeroes.
      ** In this case, temporarily copy the cell into the aOvflSpace[]
      ** buffer. It will be copied out again as soon as the aSpace[] buffer
      ** is allocated.  */
      if( pBt->secureDelete ){






        memcpy(&aOvflSpace[apDiv[i]-pParent->aData], apDiv[i], szNew[i]);
        apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData];

      }
      dropCell(pParent, i+nxDiv-pParent->nOverflow, szNew[i], &rc);
    }
  }

  /* Make nMaxCells a multiple of 4 in order to preserve 8-byte
  ** alignment */







>
>
>
>
>
>
|
|
>







5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
      **
      ** Unless SQLite is compiled in secure-delete mode. In this case,
      ** the dropCell() routine will overwrite the entire cell with zeroes.
      ** In this case, temporarily copy the cell into the aOvflSpace[]
      ** buffer. It will be copied out again as soon as the aSpace[] buffer
      ** is allocated.  */
      if( pBt->secureDelete ){
        int iOff = apDiv[i] - pParent->aData;
        if( (iOff+szNew[i])>pBt->usableSize ){
          rc = SQLITE_CORRUPT_BKPT;
          memset(apOld, 0, (i+1)*sizeof(MemPage*));
          goto balance_cleanup;
        }else{
          memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]);
          apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData];
        }
      }
      dropCell(pParent, i+nxDiv-pParent->nOverflow, szNew[i], &rc);
    }
  }

  /* Make nMaxCells a multiple of 4 in order to preserve 8-byte
  ** alignment */

Changes to test/corrupt.test.

67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
...
325
326
327
328
329
330
331



















332
while {[string length $junk]<256} {append junk $junk}
set junk [string range $junk 0 255]

# Go through the database and write garbage data into each 256 segment
# of the file.  Then do various operations on the file to make sure that
# the database engine can recover gracefully from the corruption.
#
for {set i [expr {1*256}]} {0 && $i<$fsize-256} {incr i 256} {
  set tn [expr {$i/256}]
  db close
  copy_file test.bu test.db
  set fd [open test.db r+]
  fconfigure $fd -translation binary
  seek $fd $i
  puts -nonewline $fd $junk
................................................................................

  hexio_write test.db 2044 [hexio_render_int32 2]
  hexio_write test.db 24   [hexio_render_int32 45]

  catchsql { INSERT OR REPLACE INTO t1 VALUES(5, randomblob(1900)) }
} {1 {database disk image is malformed}}




















finish_test







|







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
...
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
while {[string length $junk]<256} {append junk $junk}
set junk [string range $junk 0 255]

# Go through the database and write garbage data into each 256 segment
# of the file.  Then do various operations on the file to make sure that
# the database engine can recover gracefully from the corruption.
#
for {set i [expr {1*256}]} {$i<$fsize-256} {incr i 256} {
  set tn [expr {$i/256}]
  db close
  copy_file test.bu test.db
  set fd [open test.db r+]
  fconfigure $fd -translation binary
  seek $fd $i
  puts -nonewline $fd $junk
................................................................................

  hexio_write test.db 2044 [hexio_render_int32 2]
  hexio_write test.db 24   [hexio_render_int32 45]

  catchsql { INSERT OR REPLACE INTO t1 VALUES(5, randomblob(1900)) }
} {1 {database disk image is malformed}}

db close
file delete -force test.db test.db-journal
do_test corrupt-8.2 {
  sqlite3 db test.db
  execsql {
    PRAGMA page_size = 1024;
    PRAGMA secure_delete = on;
    PRAGMA auto_vacuum = 0;
    CREATE TABLE t1(x INTEGER PRIMARY KEY, y);
    INSERT INTO t1 VALUES(5, randomblob(900));
    INSERT INTO t1 VALUES(6, randomblob(900));
  }

  hexio_write test.db 2047 FF
  hexio_write test.db 24   [hexio_render_int32 45]

  catchsql { INSERT INTO t1 VALUES(4, randomblob(1900)) }
} {1 {database disk image is malformed}}

finish_test