diff options
| author | dan <Dan Kennedy> | 2021-04-08 19:39:00 +0000 |
|---|---|---|
| committer | dan <Dan Kennedy> | 2021-04-08 19:39:00 +0000 |
| commit | f5ea93b432e33aa811b2b88638dc622d1638a0cd (patch) | |
| tree | 0b7e43baff87dfcb5f094726c92d505b2b56d461 /src | |
| parent | 1bae648b7329a725338a6beee45d93c7caf0db35 (diff) | |
| download | sqlite-f5ea93b432e33aa811b2b88638dc622d1638a0cd.tar.gz sqlite-f5ea93b432e33aa811b2b88638dc622d1638a0cd.zip | |
Handle the corruption fixed by the previous commit in a different way so as to also fix dbsqlfuzz crash 753de0a0ac5b25b18f1e4d41e650d3333cdc270c.
FossilOrigin-Name: cb27ce25095ab9b5acbe4bf010c7f6d8a71191c2f79b3bf3e63d8655b4fe0769
Diffstat (limited to 'src')
| -rw-r--r-- | src/btree.c | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/src/btree.c b/src/btree.c index 88b4d61b1..2ad013531 100644 --- a/src/btree.c +++ b/src/btree.c @@ -8698,20 +8698,9 @@ int sqlite3BtreeInsert( assert( (flags & (BTREE_SAVEPOSITION|BTREE_APPEND|BTREE_PREFORMAT))==flags ); assert( (flags & BTREE_PREFORMAT)==0 || seekResult || pCur->pKeyInfo==0 ); - if( pCur->eState>=CURSOR_REQUIRESEEK ){ - /* The cursor can be in REQUIRESEEK state when seekResult is non-zero - ** only if the schema is corrupt such that there is more than one table or - ** index with the same root page as used by the cursor. Which can only - ** happen if the SQLITE_NoSchemaError flag was set when the schema was - ** loaded. This cannot be asserted though, as a user might set the flag, - ** load the schema, and then unset the flag. */ - assert( pCur->eState==CURSOR_REQUIRESEEK || pCur->eState==CURSOR_FAULT ); - assert( pCur->eState==CURSOR_REQUIRESEEK || pCur->skipNext!=SQLITE_OK ); - if( pCur->eState==CURSOR_REQUIRESEEK ){ - if( seekResult ) return SQLITE_CORRUPT_BKPT; - }else{ - return pCur->skipNext; - } + if( pCur->eState==CURSOR_FAULT ){ + assert( pCur->skipNext!=SQLITE_OK ); + return pCur->skipNext; } assert( cursorOwnsBtShared(pCur) ); @@ -8741,6 +8730,14 @@ int sqlite3BtreeInsert( if( pCur->curFlags & BTCF_Multiple ){ rc = saveAllCursors(pBt, pCur->pgnoRoot, pCur); if( rc ) return rc; + if( loc && pCur->iPage<0 ){ + /* This can only happen if the schema is corrupt such that there is more + ** than one table or index with the same root page as used by the cursor. + ** Which can only happen if the SQLITE_NoSchemaError flag was set when + ** the schema was loaded. This cannot be asserted though, as a user might + ** set the flag, load the schema, and then unset the flag. */ + return SQLITE_CORRUPT_BKPT; + } } if( pCur->pKeyInfo==0 ){ @@ -8828,7 +8825,6 @@ int sqlite3BtreeInsert( return btreeOverwriteCell(pCur, &x2); } } - } assert( pCur->eState==CURSOR_VALID || (pCur->eState==CURSOR_INVALID && loc) |