Bug#864573: unblock: sqlite3/3.16.2-5
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi Release Team,
There's a database corruption bug in sqlite3 which affects 3.16.0+
releases (the one in Stretch) if auto vacuum is enabled. The fix is
very small:
- if( info.nSize==szNew && info.nLocal==info.nPayload ){
+ if( info.nSize==szNew && info.nLocal==info.nPayload
+ && (!ISAUTOVACUUM || szNew<pPage->minLocal)
But full debdiff is attached. Please unblock 3.16.2-5 and let it
migrate to Stretch.
Thanks for consideration,
Laszlo/GCS
diff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog
--- sqlite3-3.16.2/debian/changelog 2017-06-04 07:58:54.000000000 +0000
+++ sqlite3-3.16.2/debian/changelog 2017-06-08 22:07:42.000000000 +0000
@@ -1,3 +1,9 @@
+sqlite3 (3.16.2-5) unstable; urgency=medium
+
+ * Backport fix for corruption due to REPLACE in an auto-vacuumed database.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 08 Jun 2017 22:07:42 +0000
+
sqlite3 (3.16.2-4) unstable; urgency=high
* Backport fix for a possible NULL pointer dereference in the OP_Found
diff -Nru sqlite3-3.16.2/debian/patches/50-REPLACE_corruption_fix.patch sqlite3-3.16.2/debian/patches/50-REPLACE_corruption_fix.patch
--- sqlite3-3.16.2/debian/patches/50-REPLACE_corruption_fix.patch 1970-01-01 00:00:00.000000000 +0000
+++ sqlite3-3.16.2/debian/patches/50-REPLACE_corruption_fix.patch 2017-06-08 22:07:42.000000000 +0000
@@ -0,0 +1,50 @@
+Index: sqlite3/src/btree.c
+==================================================================
+--- sqlite3/src/btree.c
++++ sqlite3/src/btree.c
+@@ -8057,16 +8057,22 @@
+ oldCell = findCell(pPage, idx);
+ if( !pPage->leaf ){
+ memcpy(newCell, oldCell, 4);
+ }
+ rc = clearCell(pPage, oldCell, &info);
+- if( info.nSize==szNew && info.nLocal==info.nPayload ){
++ if( info.nSize==szNew && info.nLocal==info.nPayload
++ && (!ISAUTOVACUUM || szNew<pPage->minLocal)
++ ){
+ /* Overwrite the old cell with the new if they are the same size.
+ ** We could also try to do this if the old cell is smaller, then add
+ ** the leftover space to the free list. But experiments show that
+ ** doing that is no faster then skipping this optimization and just
+- ** calling dropCell() and insertCell(). */
++ ** calling dropCell() and insertCell().
++ **
++ ** This optimization cannot be used on an autovacuum database if the
++ ** new entry uses overflow pages, as the insertCell() call below is
++ ** necessary to add the PTRMAP_OVERFLOW1 pointer-map entry. */
+ assert( rc==SQLITE_OK ); /* clearCell never fails when nLocal==nPayload */
+ if( oldCell+szNew > pPage->aDataEnd ) return SQLITE_CORRUPT_BKPT;
+ memcpy(oldCell, newCell, szNew);
+ return SQLITE_OK;
+ }
+
+Index: sqlite3/test/autovacuum.test
+==================================================================
+--- sqlite3/test/autovacuum.test
++++ sqlite3/test/autovacuum.test
+@@ -703,7 +703,14 @@
+ do_test autovacuum-9.5 {
+ execsql { DELETE FROM t1 WHERE rowid > (SELECT max(a)/2 FROM t1) }
+ file size test.db
+ } $::sqlite_pending_byte
+
++do_execsql_test autovacuum-10.1 {
++ DROP TABLE t1;
++ CREATE TABLE t1(a INTEGER PRIMARY KEY, b);
++ INSERT INTO t1 VALUES(25, randomblob(104));
++ REPLACE INTO t1 VALUES(25, randomblob(1117));
++ PRAGMA integrity_check;
++} {ok}
+
+ finish_test
+
diff -Nru sqlite3-3.16.2/debian/patches/series sqlite3-3.16.2/debian/patches/series
--- sqlite3-3.16.2/debian/patches/series 2017-06-04 07:58:54.000000000 +0000
+++ sqlite3-3.16.2/debian/patches/series 2017-06-08 22:07:42.000000000 +0000
@@ -12,3 +12,4 @@
41-JSON-2_1.patch
42-JSON-2_2.patch
43-JSON-3.patch
+50-REPLACE_corruption_fix.patch
Reply to: