test: cover the real error path in cloudsync_dbversion_rebuild

Install an sqlite3 authorizer that denies reads of sqlite_master, so
sqlite3_prepare_v2 of SQL_DBVERSION_BUILD_QUERY fails with SQLITE_AUTH.
On a context with a non-empty cloudsync_table_settings, this must now
return a non-OK rc and set cloudsync_errcode/errmsg — before the review
fix it was silently collapsed into DBRES_OK, leaving db_version_stmt
unset.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: andinux

test/unit.c

@@ -46,6 +46,7 @@ sqlite3 *do_create_database (void);
 
 int cloudsync_table_sanity_check (cloudsync_context *data, const char *name, CLOUDSYNC_INIT_FLAG init_flags);
 bool database_system_exists (cloudsync_context *data, const char *name, const char *type);
+int cloudsync_dbversion_rebuild (cloudsync_context *data);
 
 static int stdout_backup = -1; // Backup file descriptor for stdout
 static int dev_null_fd = -1;   // File descriptor for /dev/null
@@ -2479,6 +2480,82 @@ bool do_test_stale_table_settings_dropped_meta(bool cleanup_databases) {
     return result;
 }
 
+// Authorizer that denies SELECT reads of sqlite_master. Used to force
+// sqlite3_prepare_v2 of SQL_DBVERSION_BUILD_QUERY (which scans sqlite_master)
+// to fail with SQLITE_AUTH, exercising the real error path in
+// cloudsync_dbversion_rebuild introduced after 1.0.14.
+static int deny_sqlite_master_authorizer(void *pUserData, int action, const char *zArg1,
+                                          const char *zArg2, const char *zDbName, const char *zTrigger) {
+    (void)pUserData; (void)zArg2; (void)zDbName; (void)zTrigger;
+    if (action == SQLITE_READ && zArg1 && strcmp(zArg1, "sqlite_master") == 0) {
+        return SQLITE_DENY;
+    }
+    return SQLITE_OK;
+}
+
+// Verify that cloudsync_dbversion_rebuild surfaces a real failure from
+// database_select_text(SQL_DBVERSION_BUILD_QUERY, ...) instead of silently
+// treating it as "no *_cloudsync meta-tables present" — which would leave
+// db_version_stmt unset and cause writes to fall back to CLOUDSYNC_MIN_DB_VERSION.
+bool do_test_dbversion_rebuild_error(void) {
+    sqlite3 *db = NULL;
+    cloudsync_context *ctx = NULL;
+    bool result = false;
+
+    int rc = sqlite3_open(":memory:", &db);
+    if (rc != SQLITE_OK) return false;
+    rc = sqlite3_cloudsync_init(db, NULL, NULL);
+    if (rc != SQLITE_OK) goto cleanup;
+
+    // Create a real cloudsync table so cloudsync_table_settings has a row
+    // (count_tables > 0 — the early-return-OK path is not taken).
+    rc = sqlite3_exec(db, "CREATE TABLE t (id TEXT PRIMARY KEY NOT NULL, v TEXT);", NULL, NULL, NULL);
+    if (rc != SQLITE_OK) goto cleanup;
+    rc = sqlite3_exec(db, "SELECT cloudsync_init('t');", NULL, NULL, NULL);
+    if (rc != SQLITE_OK) goto cleanup;
+
+    // Create a secondary context on the same db and initialize it. This
+    // context is independent from the one registered by sqlite3_cloudsync_init,
+    // so we can call cloudsync_dbversion_rebuild on it directly without
+    // disturbing the registered functions.
+    ctx = cloudsync_context_create(db);
+    if (!ctx) goto cleanup;
+    if (cloudsync_context_init(ctx) == NULL) goto cleanup;
+
+    // Install an authorizer that denies reads of sqlite_master. New prepares
+    // (including the one SQL_DBVERSION_BUILD_QUERY triggers inside
+    // database_select_text) will fail with SQLITE_AUTH. Already-prepared
+    // statements are unaffected, so the registered cloudsync_* functions
+    // still work for cleanup.
+    sqlite3_set_authorizer(db, deny_sqlite_master_authorizer, NULL);
+
+    // Expect a non-OK result now that the build query cannot be prepared.
+    // Before the review fix this would incorrectly return DBRES_OK and leave
+    // db_version_stmt == NULL, silently masking the failure.
+    int rebuild_rc = cloudsync_dbversion_rebuild(ctx);
+
+    // Remove authorizer before any further work so cleanup can run normally.
+    sqlite3_set_authorizer(db, NULL, NULL);
+
+    if (rebuild_rc == DBRES_OK) goto cleanup;
+
+    // The error must have been recorded on the context via cloudsync_set_dberror.
+    if (cloudsync_errcode(ctx) == DBRES_OK) goto cleanup;
+    const char *msg = cloudsync_errmsg(ctx);
+    if (!msg || msg[0] == 0) goto cleanup;
+
+    result = true;
+
+cleanup:
+    sqlite3_set_authorizer(db, NULL, NULL);
+    if (ctx) cloudsync_context_free(ctx);
+    if (db) {
+        sqlite3_exec(db, "SELECT cloudsync_terminate();", NULL, NULL, NULL);
+        sqlite3_close(db);
+    }
+    return result;
+}
+
 // Authorizer state for do_test_context_cb_error_cleanup.
 // Denies INSERT on a specific table after allowing a set number of INSERTs.
 static const char *g_deny_insert_table = NULL;
@@ -12347,6 +12424,7 @@ int main (int argc, const char * argv[]) {
     result += test_report("Schema Hash Mismatch:", do_test_schema_hash_mismatch(2, print_result, cleanup_databases));
     result += test_report("Stale Table Settings:", do_test_stale_table_settings(cleanup_databases));
     result += test_report("Stale Table Settings Dropped Meta:", do_test_stale_table_settings_dropped_meta(cleanup_databases));
+    result += test_report("DBVersion Rebuild Error:", do_test_dbversion_rebuild_error());
     result += test_report("Block LWW Existing Data:", do_test_block_lww_existing_data(cleanup_databases));
     result += test_report("Block Column Reload:", do_test_block_column_reload(cleanup_databases));
     result += test_report("CB Error Cleanup:", do_test_context_cb_error_cleanup());