Index: sql/recovery.cc |
diff --git a/sql/recovery.cc b/sql/recovery.cc |
index 5d5700262c2b71354908c9c4a0861c3e85be4e11..0bda2b5f7c65b2f171f9e805aa02c1f4f2ab77ac 100644 |
--- a/sql/recovery.cc |
+++ b/sql/recovery.cc |
@@ -108,6 +108,21 @@ enum RecoveryEventType { |
// Failed to recover triggers or views or virtual tables. |
RECOVERY_FAILED_AUTORECOVERDB_AUX, |
+ // After SQLITE_NOTADB failure setting up for recovery, Delete() failed. |
+ RECOVERY_FAILED_AUTORECOVERDB_NOTADB_DELETE, |
+ |
+ // After SQLITE_NOTADB failure setting up for recovery, Delete() succeeded |
+ // then Open() failed. |
+ RECOVERY_FAILED_AUTORECOVERDB_NOTADB_REOPEN, |
+ |
+ // After SQLITE_NOTADB failure setting up for recovery, Delete() and Open() |
+ // succeeded, then querying the database failed. |
pwnall
2017/02/27 22:28:33
Based on some of the comments below, do you need a
Scott Hess - ex-Googler
2017/02/27 23:39:39
I don't know. Substantially all of the FAILED eve
|
+ RECOVERY_FAILED_AUTORECOVERDB_NOTADB_QUERY, |
+ |
+ // After SQLITE_NOTADB failure setting up for recovery, the database was |
+ // successfully deleted. |
+ RECOVERY_SUCCESS_AUTORECOVERDB_NOTADB_DELETE, |
+ |
// Always keep this at the end. |
RECOVERY_EVENT_MAX, |
}; |
@@ -588,9 +603,43 @@ void Recovery::RecoverDatabase(Connection* db, |
const base::FilePath& db_path) { |
std::unique_ptr<sql::Recovery> recovery = sql::Recovery::Begin(db, db_path); |
if (!recovery) { |
- // TODO(shess): If recovery can't even get started, Raze() or Delete(). |
- RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVERDB_BEGIN); |
- db->Poison(); |
+ // |db| was poisoned by Begin(). Probe for SQLITE_NOTADB when attaching to |
pwnall
2017/02/27 22:28:33
Is it possible to DCHECK that db was poisoned?
Scott Hess - ex-Googler
2017/02/27 23:39:39
The comment was only there because it's a non-obvi
pwnall
2017/02/27 23:54:51
I'd have been fine with a DCHECK... it's like a co
|
+ // db_path. |
+ { |
+ Connection probe_db; |
+ if (!probe_db.OpenInMemory() || |
+ probe_db.AttachDatabase(db_path, "corrupt") || |
+ probe_db.GetErrorCode() != SQLITE_NOTADB) { |
+ RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVERDB_BEGIN); |
+ return; |
+ } |
+ } |
+ |
+ // The database has invalid data in the SQLite header, so it is almost |
+ // certainly not recoverable without manual intervention (and likely not |
+ // recoverable _with_ manual intervention). Clear away the broken database. |
+ if (!sql::Connection::Delete(db_path)) { |
+ RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVERDB_NOTADB_DELETE); |
+ return; |
+ } |
+ |
+ // Probe to see if that worked. These reports should not be possible in a |
pwnall
2017/02/27 22:28:33
"that worked" -> "the database got deleted"?
(min
Scott Hess - ex-Googler
2017/02/27 23:39:39
Are you familiar with the problem where deleting a
pwnall
2017/02/27 23:54:51
Sorry for being unclear! I understood the problem
Scott Hess - ex-Googler
2017/02/28 01:14:51
Done.
|
+ // properly-working system. |
+ { |
+ Connection probe_db; |
+ if (!probe_db.Open(db_path)) { |
+ RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVERDB_NOTADB_REOPEN); |
+ return; |
+ } |
+ if (!probe_db.Execute("PRAGMA auto_vacuum")) { |
+ RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVERDB_NOTADB_QUERY); |
+ return; |
+ } |
+ } |
+ |
+ // Recovery could be run on the re-opened database, but there is no point to |
+ // that, as there is no schema or data to recover. |
+ RecordRecoveryEvent(RECOVERY_SUCCESS_AUTORECOVERDB_NOTADB_DELETE); |
return; |
} |