Improvements to the ossfuzz.c fuzz-testing module so that it works with

-DSQLITE_OMIT_PROGRESS_CALLBACK and with -DSQLITE_OMIT_INIT. FossilOrigin-Name: d343f7d6b05865c282eb73a0e39dc396f2927982af45b3d045de03ef73715693
2018-11-21 14:27:34 +00:00 · 2018-11-21 14:27:34 +00:00 · 8055a3ead4
parent 3c425484a7
commit 8055a3ead4
4 changed files with 26 additions and 19 deletions
--- a/16
+++ b/16
@ -1,5 +1,5 @@
-C Fix\sproblems\sin\spragma.c\scausing\ssome\sPRAGMA\sstatements\sto\stest\sthe\swrong\nschema-cookie\sbefore\sproceeding,\sor\sto\stry\sto\sopen\scursors\son\sthe\swrong\ndatabase\s("PRAGMA\sforeign_key_check"\sonly).
-D 2018-11-20T18:09:59.541
+C Improvements\sto\sthe\sossfuzz.c\sfuzz-testing\smodule\sso\sthat\sit\sworks\swith\n-DSQLITE_OMIT_PROGRESS_CALLBACK\sand\swith\s-DSQLITE_OMIT_INIT.
+D 2018-11-21T14:27:34.439
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in b730006b54c990461d864c5387f2e6f13aadb0236804555fb010ed6865a5f058
@ -970,7 +970,7 @@ F test/fuzz2.test 76dc35b32b6d6f965259508508abce75a6c4d7e1
 F test/fuzz3.test 9c813e6613b837cb7a277b0383cd66bfa07042b4cf0317157c35852f30043c31
 F test/fuzz_common.tcl a87dfbb88c2a6b08a38e9a070dabd129e617b45b
 F test/fuzz_malloc.test f348276e732e814802e39f042b1f6da6362a610af73a528d8f76898fde6b22f2
-F test/fuzzcheck.c 8074a35ed4ec3735a5e144b7e0e9123d9821a92281756c1a40d43e302dd79243
+F test/fuzzcheck.c fda41c0e4e667fae96b002410bb19cece7a33314264ed6bbc6d012909ee9fd58
 F test/fuzzdata1.db 7ee3227bad0e7ccdeb08a9e6822916777073c664
 F test/fuzzdata2.db 128b3feeb78918d075c9b14b48610145a0dd4c8d6f1ca7c2870c7e425f5bf31f
 F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba
@ -1162,7 +1162,7 @@ F test/orderby7.test 3d1383d52ade5b9eb3a173b3147fdd296f0202da
 F test/orderby8.test 23ef1a5d72bd3adcc2f65561c654295d1b8047bd
 F test/orderby9.test 87fb9548debcc2cd141c5299002dd94672fa76a3
 F test/oserror.test e7b3416be4b9d5dd2fe0b42dd394daaddbb6c83eeec1f0e47b120b53e0ad3ace
-F test/ossfuzz.c c4c4547e2c92ac52f10038b073a03248251a23c1c559728f63a18aeca0e79f03
+F test/ossfuzz.c 273eaea2d65b70d77ea4f01404114b9e0244488943f768dc39458c72bd722e0e
 F test/ossshell.c f125c5bd16e537a2549aa579b328dd1c59905e7ab1338dfc210e755bb7b69f17
 F test/ovfl.test 199c482696defceacee8c8e0e0ef36da62726b2f
 F test/pager1.test 1e9ee778bdeaf4f7f09997d029cdaca6a42dfc2092edafe4f5e590acbf1eab13
@ -1778,7 +1778,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 1740025307531a52e4f0641e2e74dc14715130858f2e9236be13b66924f00220
-R 35a6cb673896deb85e5c526c77cba232
-U dan
-Z a1b91470ee9a425f325e6bef367d324c
+P 6982f52f579d20b8a2965373731d41622bda7f09fbf82cc005bb378321829f4c
+R d459f84253c279be6188e702b14ed458
+U drh
+Z 45091bf780cc926790d09ac151175f43
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-6982f52f579d20b8a2965373731d41622bda7f09fbf82cc005bb378321829f4c
+d343f7d6b05865c282eb73a0e39dc396f2927982af45b3d045de03ef73715693
--- a/test/fuzzcheck.c
+++ b/test/fuzzcheck.c
@ -405,7 +405,10 @@ static void blobListFree(Blob *p){
 static sqlite3_int64 timeOfDay(void){
  static sqlite3_vfs *clockVfs = 0;
  sqlite3_int64 t;
-  if( clockVfs==0 ) clockVfs = sqlite3_vfs_find(0);
+  if( clockVfs==0 ){
+    clockVfs = sqlite3_vfs_find(0);
+    if( clockVfs==0 ) return 0;
+  }
  if( clockVfs->iVersion>=1 && clockVfs->xCurrentTimeInt64!=0 ){
    clockVfs->xCurrentTimeInt64(clockVfs, &t);
  }else{
@ -866,6 +869,7 @@ int main(int argc, char **argv){
  sqlite3_vfs *pDfltVfs;       /* The default VFS */
  int openFlags4Data;          /* Flags for sqlite3_open_v2() */

+  sqlite3_initialize();
  iBegin = timeOfDay();
 #ifdef __unix__
  signal(SIGALRM, timeoutHandler);
--- a/test/ossfuzz.c
+++ b/test/ossfuzz.c
@ -36,7 +36,10 @@ void ossfuzz_set_debug_flags(unsigned x){
 static sqlite3_int64 timeOfDay(void){
  static sqlite3_vfs *clockVfs = 0;
  sqlite3_int64 t;
-  if( clockVfs==0 ) clockVfs = sqlite3_vfs_find(0);
+  if( clockVfs==0 ){
+    clockVfs = sqlite3_vfs_find(0);
+    if( clockVfs==0 ) return 0;
+  }
  if( clockVfs->iVersion>=2 && clockVfs->xCurrentTimeInt64!=0 ){
    clockVfs->xCurrentTimeInt64(clockVfs, &t);
  }else{
@ -56,9 +59,9 @@ typedef struct FuzzCtx {
  sqlite3_int64 iLastCb;     /* Time recorded for previous progress callback */
  sqlite3_int64 mxInterval;  /* Longest interval between two progress calls */
  unsigned nCb;              /* Number of progress callbacks */
+  unsigned execCnt;          /* Number of calls to the sqlite3_exec callback */
 } FuzzCtx;

-#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
 /*
 ** Progress handler callback.
 **
@ -74,7 +77,6 @@ static int progress_handler(void *pClientData) {
  p->nCb++;
  return rc;
 }
-#endif

 /*
 ** Disallow debugging pragmas such as "PRAGMA vdbe_debug" and
@ -101,12 +103,13 @@ static int block_debug_pragmas(
 /*
 ** Callback for sqlite3_exec().
 */
-static int exec_handler(void *pCnt, int argc, char **argv, char **namev){
+static int exec_handler(void *pClientData, int argc, char **argv, char **namev){
+  FuzzCtx *p = (FuzzCtx*)pClientData;
  int i;
  if( argv ){
    for(i=0; i<argc; i++) sqlite3_free(sqlite3_mprintf("%s", argv[i]));
  }
-  return ((*(int*)pCnt)--)<=0;
+  return (p->execCnt--)<=0 || progress_handler(pClientData);
 }

 /*
@ -114,7 +117,6 @@ static int exec_handler(void *pCnt, int argc, char **argv, char **namev){
 ** fuzzed input.
 */
 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  int execCnt = 0;         /* Abort row callback when count reaches zero */
  char *zErrMsg = 0;       /* Error message returned by sqlite_exec() */
  uint8_t uSelector;       /* First byte of input data[] */
  int rc;                  /* Return code from various interfaces */
@ -134,11 +136,11 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  }

  /* Open the database connection.  Only use an in-memory database. */
+  if( sqlite3_initialize() ) return 0;
  rc = sqlite3_open_v2("fuzz.db", &cx.db,
           SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0);
  if( rc ) return 0;

-#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
  /* Invoke the progress handler frequently to check to see if we
  ** are taking too long.  The progress handler will return true
  ** (which will block further processing) if more than 10 seconds have
@ -146,6 +148,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  */
  cx.iLastCb = timeOfDay();
  cx.iCutoffTime = cx.iLastCb + 10000;  /* Now + 10 seconds */
+#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
  sqlite3_progress_handler(cx.db, 10, progress_handler, (void*)&cx);
 #endif

@ -161,7 +164,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  /* Remaining bits of the selector determine a limit on the number of
  ** output rows */
-  execCnt = uSelector + 1;
+  cx.execCnt = uSelector + 1;

  /* Run the SQL.  The sqlite_exec() interface expects a zero-terminated
  ** string, so make a copy. */
@ -169,7 +172,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 #ifndef SQLITE_OMIT_COMPLETE
  sqlite3_complete(zSql);
 #endif
-  sqlite3_exec(cx.db, zSql, exec_handler, (void*)&execCnt, &zErrMsg);
+  sqlite3_exec(cx.db, zSql, exec_handler, (void*)&cx, &zErrMsg);

  /* Show any errors */
  if( (mDebug & FUZZ_SHOW_ERRORS)!=0 && zErrMsg ){