3 # May you do good and not evil.
4 # May you find forgiveness for yourself and forgive others.
5 # May you share freely, never taking more than you give.
7 #***********************************************************************
8 # Test that the FTS3 extension does not crash when it encounters a
9 # corrupt data structure on disk.
13 set testdir [file dirname $argv0]
14 source $testdir/tester.tcl
16 # If SQLITE_ENABLE_FTS3 is not defined, omit this file.
17 ifcapable !fts3 { finish_test ; return }
19 set ::testprefix fts3corrupt
22 # Test that a doclist with a length field that indicates that the doclist
23 # extends past the end of the node on which it resides is correctly identified
24 # as database corruption.
26 sqlite3_db_config db DEFENSIVE 0
28 CREATE VIRTUAL TABLE t1 USING fts3;
29 INSERT INTO t1 VALUES('hello');
31 do_test fts3corrupt-1.1 {
32 set blob [db one {SELECT root from t1_segdir}]
33 set blob [binary format a7ca* $blob 24 [string range $blob 8 end]]
34 execsql { UPDATE t1_segdir SET root = $blob }
36 do_test fts3corrupt-1.2 {
37 foreach w {a b c d e f g h i j k l m n o} {
38 execsql { INSERT INTO t1 VALUES($w) }
41 do_catchsql_test 1.3 {
42 INSERT INTO t1 VALUES('world');
43 } {1 {database disk image is malformed}}
44 do_test 1.3.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
49 # This block of tests checks that corruption is correctly detected if the
50 # length field of a term on a leaf node indicates that the term extends past
51 # the end of the node on which it resides. There are two cases:
53 # 1. The first term on the node.
54 # 2. The second or subsequent term on the node (prefix compressed term).
57 CREATE VIRTUAL TABLE t1 USING fts3;
59 INSERT INTO t1 VALUES('hello');
60 INSERT INTO t1 VALUES('hello');
61 INSERT INTO t1 VALUES('hello');
62 INSERT INTO t1 VALUES('hello');
63 INSERT INTO t1 VALUES('hello');
66 do_test fts3corrupt-2.1 {
67 set blob [db one {SELECT root from t1_segdir}]
68 set blob [binary format a*a* "\x00\x7F" [string range $blob 2 end]]
69 execsql { UPDATE t1_segdir SET root = $blob }
71 do_catchsql_test 2.2 {
72 SELECT rowid FROM t1 WHERE t1 MATCH 'hello'
73 } {1 {database disk image is malformed}}
74 do_test 2.2.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
78 CREATE VIRTUAL TABLE t1 USING fts3;
80 INSERT INTO t1 VALUES('hello');
81 INSERT INTO t1 VALUES('world');
84 do_test fts3corrupt-3.1 {
85 set blob [db one {SELECT quote(root) from t1_segdir}]
86 set blob [binary format a11a*a* $blob "\x7F" [string range $blob 12 end]]
87 execsql { UPDATE t1_segdir SET root = $blob }
89 do_catchsql_test 3.2 {
90 SELECT rowid FROM t1 WHERE t1 MATCH 'world'
91 } {1 {database disk image is malformed}}
92 do_test 3.2.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
97 CREATE VIRTUAL TABLE t1 USING fts3;
98 INSERT INTO t1(t1) VALUES('nodesize=24');
100 do_test fts3corrupt-4.1 {
103 "amxtvoo adqwroyhz auq aithtir avniqnuynvf axp ahibayfynig agbicpm"
104 "ajdtebs anteaxr aieynenwmd awpl alo akxcrwow aoxftge aoqvgul"
105 "amcfvdr auz apu aebelm ahuxyz aqc asyafdb agulvhvqu"
106 "apepwfyz azkhdvkw aenyelxzbk aslnitbyet aycdsdcpgr aqzzdbc agfi axnypydou"
107 "aaqrzzcm apcxdxo atumltzj aevvivo aodknoft aqoyytoz alobx apldt"
109 execsql { INSERT INTO t1 VALUES($s) }
114 do_catchsql_test 4.2 {
115 UPDATE t1_segdir SET root = X'FFFFFFFFFFFFFFFF';
116 SELECT rowid FROM t1 WHERE t1 MATCH 'world';
117 } {1 {database disk image is malformed}}
118 do_test 4.2.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
120 set blob [binary format cca*cca*cca*cca*cca*cca*cca*cca*cca*cca*a* \
121 22 120 [string repeat a 120] \
122 22 120 [string repeat b 120] \
123 22 120 [string repeat c 120] \
124 22 120 [string repeat d 120] \
125 22 120 [string repeat e 120] \
126 22 120 [string repeat f 120] \
127 22 120 [string repeat g 120] \
128 22 120 [string repeat h 120] \
129 22 120 [string repeat i 120] \
130 22 120 [string repeat j 120] \
131 "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
134 do_catchsql_test 4.3 {
135 UPDATE t1_segdir SET root = $blob;
136 SELECT rowid FROM t1 WHERE t1 MATCH 'world';
137 } {1 {database disk image is malformed}}
138 do_test 4.3.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
140 # Test a special kind of corruption, where the %_stat table contains
141 # an invalid entry. At one point this could lead to a division-by-zero
144 do_execsql_test 5.0 {
146 CREATE VIRTUAL TABLE t1 USING fts4;
151 execsql { INSERT INTO t1 VALUES('one') }
152 execsql { INSERT INTO t1 VALUES('two') }
153 execsql { INSERT INTO t1 VALUES('three') }
154 execsql { INSERT INTO t1 VALUES('four') }
157 do_catchsql_test 5.2 {
158 UPDATE t1_stat SET value = X'0000';
159 SELECT matchinfo(t1, 'nxa') FROM t1 WHERE t1 MATCH 't*';
160 } {1 {database disk image is malformed}}
161 do_test 5.2.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
162 do_catchsql_test 5.3 {
163 UPDATE t1_stat SET value = NULL;
164 SELECT matchinfo(t1, 'nxa') FROM t1 WHERE t1 MATCH 't*';
165 } {1 {database disk image is malformed}}
166 do_test 5.3.1 { sqlite3_extended_errcode db } SQLITE_CORRUPT_VTAB
168 # 2019-11-18 https://bugs.chromium.org/p/chromium/issues/detail?id=1025467
172 do_catchsql_test 6.10 {
173 CREATE VIRTUAL TABLE f using fts3(a,b);
174 CREATE TABLE f_stat(id INTEGER PRIMARY KEY, value BLOB);
175 INSERT INTO f_segdir VALUES (2000, 0,0,0, '16', '');
176 INSERT INTO f_segdir VALUES (1999, 0,0,0, '0 18',
177 x'000131030102000103323334050101010200');
178 INSERT INTO f_segments (blockid) values (16);
179 INSERT INTO f_segments values (0, x'');
180 INSERT INTO f_stat VALUES (1,x'cf0f01');
181 INSERT INTO f(f) VALUES ("merge=1");
182 } {1 {database disk image is malformed}}
184 # 2020-03-02 https://bugs.chromium.org/p/chromium/issues/detail?id=1057441
185 # The ticket complains of use of an uninitialized value. That part is harmless.
186 # The only reason to fix this is the failure to detect a subtly corrupt
190 do_catchsql_test 7.10 {
191 CREATE VIRTUAL TABLE f USING fts3(a,b);
192 INSERT INTO f_segdir VALUES (0,0,1,0,'0 0',x'01010101020101');
193 SELECT matchinfo( f , 'pcx') FROM f WHERE b MATCH x'c533';
194 } {1 {database disk image is malformed}}