Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock
Hi Release Team, There's a database corruption bug in sqlite3 which affects 3.16.0+ releases (the one in Stretch) if auto vacuum is enabled. The fix is very small: - if( info.nSize==szNew && info.nLocal==info.nPayload ){ + if( info.nSize==szNew && info.nLocal==info.nPayload + && (!ISAUTOVACUUM || szNew<pPage->minLocal) But full debdiff is attached. Please unblock 3.16.2-5 and let it migrate to Stretch. Thanks for consideration, Laszlo/GCS
diff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog --- sqlite3-3.16.2/debian/changelog 2017-06-04 07:58:54.000000000 +0000 +++ sqlite3-3.16.2/debian/changelog 2017-06-08 22:07:42.000000000 +0000 @@ -1,3 +1,9 @@ +sqlite3 (3.16.2-5) unstable; urgency=medium + + * Backport fix for corruption due to REPLACE in an auto-vacuumed database. + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Thu, 08 Jun 2017 22:07:42 +0000 + sqlite3 (3.16.2-4) unstable; urgency=high * Backport fix for a possible NULL pointer dereference in the OP_Found diff -Nru sqlite3-3.16.2/debian/patches/50-REPLACE_corruption_fix.patch sqlite3-3.16.2/debian/patches/50-REPLACE_corruption_fix.patch --- sqlite3-3.16.2/debian/patches/50-REPLACE_corruption_fix.patch 1970-01-01 00:00:00.000000000 +0000 +++ sqlite3-3.16.2/debian/patches/50-REPLACE_corruption_fix.patch 2017-06-08 22:07:42.000000000 +0000 @@ -0,0 +1,50 @@ +Index: sqlite3/src/btree.c +================================================================== +--- sqlite3/src/btree.c ++++ sqlite3/src/btree.c +@@ -8057,16 +8057,22 @@ + oldCell = findCell(pPage, idx); + if( !pPage->leaf ){ + memcpy(newCell, oldCell, 4); + } + rc = clearCell(pPage, oldCell, &info); +- if( info.nSize==szNew && info.nLocal==info.nPayload ){ ++ if( info.nSize==szNew && info.nLocal==info.nPayload ++ && (!ISAUTOVACUUM || szNew<pPage->minLocal) ++ ){ + /* Overwrite the old cell with the new if they are the same size. + ** We could also try to do this if the old cell is smaller, then add + ** the leftover space to the free list. But experiments show that + ** doing that is no faster then skipping this optimization and just +- ** calling dropCell() and insertCell(). */ ++ ** calling dropCell() and insertCell(). ++ ** ++ ** This optimization cannot be used on an autovacuum database if the ++ ** new entry uses overflow pages, as the insertCell() call below is ++ ** necessary to add the PTRMAP_OVERFLOW1 pointer-map entry. */ + assert( rc==SQLITE_OK ); /* clearCell never fails when nLocal==nPayload */ + if( oldCell+szNew > pPage->aDataEnd ) return SQLITE_CORRUPT_BKPT; + memcpy(oldCell, newCell, szNew); + return SQLITE_OK; + } + +Index: sqlite3/test/autovacuum.test +================================================================== +--- sqlite3/test/autovacuum.test ++++ sqlite3/test/autovacuum.test +@@ -703,7 +703,14 @@ + do_test autovacuum-9.5 { + execsql { DELETE FROM t1 WHERE rowid > (SELECT max(a)/2 FROM t1) } + file size test.db + } $::sqlite_pending_byte + ++do_execsql_test autovacuum-10.1 { ++ DROP TABLE t1; ++ CREATE TABLE t1(a INTEGER PRIMARY KEY, b); ++ INSERT INTO t1 VALUES(25, randomblob(104)); ++ REPLACE INTO t1 VALUES(25, randomblob(1117)); ++ PRAGMA integrity_check; ++} {ok} + + finish_test + diff -Nru sqlite3-3.16.2/debian/patches/series sqlite3-3.16.2/debian/patches/series --- sqlite3-3.16.2/debian/patches/series 2017-06-04 07:58:54.000000000 +0000 +++ sqlite3-3.16.2/debian/patches/series 2017-06-08 22:07:42.000000000 +0000 @@ -12,3 +12,4 @@ 41-JSON-2_1.patch 42-JSON-2_2.patch 43-JSON-3.patch +50-REPLACE_corruption_fix.patch