1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
diff --git a/third_party/sqlite/src/src/btree.c b/third_party/sqlite/src/src/btree.c
index f57f132..b5c3ba8 100644
--- a/third_party/sqlite/src/src/btree.c
+++ b/third_party/sqlite/src/src/btree.c
@@ -22,6 +22,12 @@
static const char zMagicHeader[] = SQLITE_FILE_HEADER;
/*
+** The header string that appears at the beginning of a SQLite
+** database which has been poisoned.
+*/
+static const char zPoisonHeader[] = "SQLite poison 3";
+
+/*
** Set this global variable to 1 to enable tracing using the TRACE
** macro.
*/
@@ -2335,6 +2341,7 @@ static int lockBtree(BtShared *pBt){
** in WAL mode. If the log is not already open, open it now. Then
** return SQLITE_OK and return without populating BtShared.pPage1.
** The caller detects this and calls this function again. This is
+ assert( sizeof(zMagicHeader)==sizeof(zPoisonHeader) );
** required as the version of page 1 currently in the page1 buffer
** may not be the latest version - there may be a newer one in the log
** file.
@@ -7949,6 +7956,74 @@ int sqlite3BtreeCheckpoint(Btree *p){
}
return rc;
}
+
+/* Poison the db so that other clients error out as quickly as
+** possible.
+*/
+int sqlite3Poison(sqlite3 *db){
+ int rc;
+ Btree *p;
+ BtShared *pBt;
+ unsigned char *pP1;
+
+ if( db == NULL) return SQLITE_OK;
+
+ /* Database 0 corrosponds to the main database. */
+ if( db->nDb<1 ) return SQLITE_OK;
+ p = db->aDb[0].pBt;
+ pBt = p->pBt;
+
+ /* If in a transaction, roll it back. Committing any changes to a
+ ** corrupt database may mess up evidence, we definitely don't want
+ ** to allow poisoning to be rolled back, and the database is anyhow
+ ** going bye-bye RSN.
+ */
+ /* TODO(shess): Figure out if this might release the lock and let
+ ** someone else get in there, which might deny us the lock a couple
+ ** lines down.
+ */
+ if( sqlite3BtreeIsInTrans(p) ) sqlite3BtreeRollback(p);
+
+ /* Start an exclusive transaction. This will check the headers, so
+ ** if someone else poisoned the database we should get an error.
+ */
+ rc = sqlite3BtreeBeginTrans(p, 2);
+ /* TODO(shess): Handle SQLITE_BUSY? */
+ if( rc!=SQLITE_OK ) return rc;
+
+ /* Copied from sqlite3BtreeUpdateMeta(). Writing the old version of
+ ** the page to the journal may be overkill, but it probably won't
+ ** hurt.
+ */
+ assert( pBt->inTrans==TRANS_WRITE );
+ assert( pBt->pPage1!=0 );
+ rc = sqlite3PagerWrite(pBt->pPage1->pDbPage);
+ if( rc ) goto err;
+
+ /* "SQLite format 3" changes to
+ ** "SQLite poison 3". Be extra paranoid about making this change.
+ */
+ if( sizeof(zMagicHeader)!=16 ||
+ sizeof(zPoisonHeader)!=sizeof(zMagicHeader) ){
+ rc = SQLITE_ERROR;
+ goto err;
+ }
+ pP1 = pBt->pPage1->aData;
+ if( memcmp(pP1, zMagicHeader, 16)!=0 ){
+ rc = SQLITE_CORRUPT;
+ goto err;
+ }
+ memcpy(pP1, zPoisonHeader, 16);
+
+ /* Push it to the database file. */
+ return sqlite3BtreeCommit(p);
+
+ err:
+ /* TODO(shess): What about errors, here? */
+ sqlite3BtreeRollback(p);
+ return rc;
+}
+
#endif
/*
|
