From 39b3bcf8ef3a069a9b98bf0ea52d5ad658ef05cd Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Mon, 2 Mar 2020 16:31:21 +0000
Subject: [PATCH] Enhance the fuzzcheck test program so that it is able to
 simulate OOM errors in the same way that dbsqlfuzz does.

FossilOrigin-Name: a65c8d4e26b2428ecb8232a4a6a44443aa1701319223397e61a823a5aa1827de
---
 manifest         | 12 +++++-----
 manifest.uuid    |  2 +-
 test/fuzzcheck.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 64 insertions(+), 7 deletions(-)

diff --git a/manifest b/manifest
index a41b960ca5..6dc750a9e2 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sfaulty\sassert()\sstatement\sin\sthe\sstale-register\sdetection\slogic.\nTicket\s[da5a09be6dabbf42].
-D 2020-03-02T01:50:48.069
+C Enhance\sthe\sfuzzcheck\stest\sprogram\sso\sthat\sit\sis\sable\sto\ssimulate\sOOM\serrors\nin\sthe\ssame\sway\sthat\sdbsqlfuzz\sdoes.
+D 2020-03-02T16:31:21.682
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -1016,7 +1016,7 @@ F test/fuzz3.test 9c813e6613b837cb7a277b0383cd66bfa07042b4cf0317157c35852f30043c
 F test/fuzz4.test c229bcdb45518a89e1d208a21343e061503460ac69fae1539320a89f572eb634
 F test/fuzz_common.tcl b7197de6ed1ee8250a4f82d67876f4561b42ee8cbbfc6160dcb66331bad3f830
 F test/fuzz_malloc.test f348276e732e814802e39f042b1f6da6362a610af73a528d8f76898fde6b22f2
-F test/fuzzcheck.c f5ed4e174953a4f33cd90891349b9c3e96439a2bfccbd016a3ef4ae97e9aa5d9
+F test/fuzzcheck.c cdd94f1710957b8b907019b25c6cf4f7b63815a08b19021e8b215bc2419bb7f9
 F test/fuzzdata1.db d36e88741b4f23bcbaaf55b006290669d03c6c891cf13c7b3a53bc1b097b693f
 F test/fuzzdata2.db 128b3feeb78918d075c9b14b48610145a0dd4c8d6f1ca7c2870c7e425f5bf31f
 F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba
@@ -1860,7 +1860,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 704bb9a39acbee420c1d6ac9eb1466a02dd77d3334b938bfddf235973129b5fe
-R 37d60611a24e10e0f7c6d9ef2a03c1d5
+P 219c296cc8cab13fa12b64c297bc4a98d8e21491309d97a031edf89ae77fce75
+R 17d29216190d0b7754fc3170b52eb5e5
 U drh
-Z 35d89853f7c8d0bfbe3e5e9e3a91aee4
+Z 401be2bfffbe1801f75607da61f73c58
diff --git a/manifest.uuid b/manifest.uuid
index 32cc3b31c0..9bce01f519 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-219c296cc8cab13fa12b64c297bc4a98d8e21491309d97a031edf89ae77fce75
\ No newline at end of file
+a65c8d4e26b2428ecb8232a4a6a44443aa1701319223397e61a823a5aa1827de
\ No newline at end of file
diff --git a/test/fuzzcheck.c b/test/fuzzcheck.c
index ce65cab805..3785024368 100644
--- a/test/fuzzcheck.c
+++ b/test/fuzzcheck.c
@@ -520,6 +520,57 @@ static int vdbeOpLimit = 25000;
 
 /* Maximum size of the in-memory database */
 static sqlite3_int64 maxDbSize = 104857600;
+/* OOM simulation parameters */
+static unsigned int oomCounter = 0;    /* Simulate OOM when equals 1 */
+static unsigned int oomRepeat = 0;     /* Number of OOMs in a row */
+static void*(*defaultMalloc)(int) = 0; /* The low-level malloc routine */
+
+/* This routine is called when a simulated OOM occurs.  It is broken
+** out as a separate routine to make it easy to set a breakpoint on
+** the OOM
+*/
+void oomFault(void){
+  if( eVerbosity ){
+    printf("Simulated OOM fault\n");
+  }
+  if( oomRepeat>0 ){
+    oomRepeat--;
+  }else{
+    oomCounter--;
+  }
+}
+
+/* This routine is a replacement malloc() that is used to simulate
+** Out-Of-Memory (OOM) errors for testing purposes.
+*/
+static void *oomMalloc(int nByte){
+  if( oomCounter ){
+    if( oomCounter==1 ){
+      oomFault();
+      return 0;
+    }else{
+      oomCounter--;
+    }
+  }
+  return defaultMalloc(nByte);
+}
+
+/* Register the OOM simulator.  This must occur before any memory
+** allocations */
+static void registerOomSimulator(void){
+  sqlite3_mem_methods mem;
+  sqlite3_shutdown();
+  sqlite3_config(SQLITE_CONFIG_GETMALLOC, &mem);
+  defaultMalloc = mem.xMalloc;
+  mem.xMalloc = oomMalloc;
+  sqlite3_config(SQLITE_CONFIG_MALLOC, &mem);
+}
+
+/* Turn off any pending OOM simulation */
+static void disableOom(void){
+  oomCounter = 0;
+  oomRepeat = 0;
+}
 
 /*
 ** Translate a single byte of Hex into an integer.
@@ -700,6 +751,9 @@ static int block_troublesome_sql(
     ){
       return SQLITE_DENY;
     }
+    if( sqlite3_stricmp("oom",zArg1)==0 && zArg2!=0 && zArg2[0]!=0 ){
+      oomCounter = atoi(zArg2);
+    }
   }else if( (eCode==SQLITE_ATTACH || eCode==SQLITE_DETACH)
             && zArg1 && zArg1[0] ){
     return SQLITE_DENY;
@@ -1421,6 +1475,7 @@ int main(int argc, char **argv){
   int openFlags4Data;          /* Flags for sqlite3_open_v2() */
   int nV;                      /* How much to increase verbosity with -vvvv */
 
+  registerOomSimulator();
   sqlite3_initialize();
   iBegin = timeOfDay();
 #ifdef __unix__
@@ -1792,6 +1847,7 @@ int main(int argc, char **argv){
 
     /* Limit available memory, if requested */
     sqlite3_shutdown();
+
     if( nMemThisDb>0 && nMem==0 ){
       if( !nativeMalloc ){
         pHeap = realloc(pHeap, nMemThisDb);
@@ -1836,6 +1892,7 @@ int main(int argc, char **argv){
         runCombinedDbSqlInput(pSql->a, pSql->sz);
         nTest++;
         g.zTestName[0] = 0;
+        disableOom();
         continue;
       }
       for(pDb=g.pFirstDb; pDb; pDb=pDb->pNext){