Add the test/ossfuzz.c interface adaptor for OSS-FUZZ. Make previsions for

testing the adaptor using fuzzcheck.c.

FossilOrigin-Name: 119d6ef8478ea6ab07dfd0e974d2f5a8dcfce87e
This commit is contained in:
drh 2016-11-11 16:33:47 +00:00
parent 3bafdede8a
commit ea432ba2df
5 changed files with 130 additions and 30 deletions

View File

@ -511,10 +511,10 @@ fuzzershell$(EXE): $(TOP)/tool/fuzzershell.c sqlite3.c sqlite3.h
$(FUZZERSHELL_OPT) $(TOP)/tool/fuzzershell.c sqlite3.c \
$(TLIBS) $(THREADLIB)
fuzzcheck$(EXE): $(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h
fuzzcheck$(EXE): $(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h $(TOP)/test/ossfuzz.c
$(TCCX) -o fuzzcheck$(EXE) -DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION \
-DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) \
$(TOP)/test/fuzzcheck.c sqlite3.c $(TLIBS) $(THREADLIB)
-DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) -DSQLITE_OSS_FUZZ \
$(TOP)/test/fuzzcheck.c $(TOP)/test/ossfuzz.c sqlite3.c $(TLIBS) $(THREADLIB)
mptester$(EXE): sqlite3.c $(TOP)/mptest/mptest.c
$(TCCX) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.c \

View File

@ -1,5 +1,5 @@
C Handle\ssome\sobscure\s"row\svalue\smisused"\scases\sthat\scould\scause\ssegfaults\sor\nassertion\sfailures.
D 2016-11-11T15:49:01.962
C Add\sthe\stest/ossfuzz.c\sinterface\sadaptor\sfor\sOSS-FUZZ.\s\sMake\sprevisions\sfor\ntesting\sthe\sadaptor\susing\sfuzzcheck.c.
D 2016-11-11T16:33:47.638
F Makefile.in 6fd48ffcf7c2deea7499062d1f3747f986c19678
F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
F Makefile.msc e0217f2d35a0448abbe4b066132ae20136e8b408
@ -311,7 +311,7 @@ F ext/userauth/userauth.c 5fa3bdb492f481bbc1709fc83c91ebd13460c69e
F install-sh 9d4de14ab9fb0facae2f48780b874848cbf2f895 x
F ltmain.sh 3ff0879076df340d2e23ae905484d8c15d5fdea8
F magic.txt 8273bf49ba3b0c8559cb2774495390c31fd61c60
F main.mk 06dc0b1a9c9e2d05c9275937dd5b894bfe7d17d8
F main.mk 4b5c097e286a7b57023547b674c508f14e51dd9d
F mkso.sh fd21c06b063bb16a5d25deea1752c2da6ac3ed83
F mptest/config01.test 3c6adcbc50b991866855f1977ff172eb6d901271
F mptest/config02.test 4415dfe36c48785f751e16e32c20b077c28ae504
@ -814,7 +814,7 @@ F test/fuzz2.test 76dc35b32b6d6f965259508508abce75a6c4d7e1
F test/fuzz3.test b47377143f0c80f91ed29d722861077ff34415d5
F test/fuzz_common.tcl a87dfbb88c2a6b08a38e9a070dabd129e617b45b
F test/fuzz_malloc.test 328f70aaca63adf29b4c6f06505ed0cf57ca7c26
F test/fuzzcheck.c f2e8102f7829f7b946ebdb6f1a16c6f942d9de66
F test/fuzzcheck.c 984470cee0a35b893ad0377a7de75f0c9a758392
F test/fuzzdata1.db 7ee3227bad0e7ccdeb08a9e6822916777073c664
F test/fuzzdata2.db f03a420d3b822cc82e4f894ca957618fbe9c4973
F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba
@ -985,6 +985,7 @@ F test/orderby7.test 3d1383d52ade5b9eb3a173b3147fdd296f0202da
F test/orderby8.test 23ef1a5d72bd3adcc2f65561c654295d1b8047bd
F test/orderby9.test 87fb9548debcc2cd141c5299002dd94672fa76a3
F test/oserror.test b32dc34f2363ef18532e3a0a7358e3e7e321974f
F test/ossfuzz.c 2d64a0e38ec35fb29c09f8474b64c43605e00ce4 w test/oss-fuzz-adaptor.c
F test/ovfl.test 199c482696defceacee8c8e0e0ef36da62726b2f
F test/pager1.test 841868017e9dd3cb459b8d78862091a7d9cff21d
F test/pager2.test 67b8f40ae98112bcdba1f2b2d03ea83266418c71
@ -1531,7 +1532,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
P f98c8ac8c485098f163400d3a92d6afb4008adbe
R a89e5be61b771e1fa50ceffc5542b881
U dan
Z 011fdd87018b196e46b8f2521e403dd0
P fba5fddb1c40af75634b01c1f06d2610df697e01
R 7bae7291b6277b17f47b074bc7079f96
U drh
Z 392e6662701d2d132b972967184d58cf

View File

@ -1 +1 @@
fba5fddb1c40af75634b01c1f06d2610df697e01
119d6ef8478ea6ab07dfd0e974d2f5a8dcfce87e

View File

@ -80,6 +80,11 @@
# include <unistd.h>
#endif
#ifdef SQLITE_OSS_FUZZ
# include <stddef.h>
# include <stdint.h>
#endif
/*
** Files in the virtual file system.
*/
@ -794,6 +799,7 @@ static void showHelp(void){
" --load-db ARGS... Load template databases from files into SOURCE_DB\n"
" -m TEXT Add a description to the database\n"
" --native-vfs Use the native VFS for initially empty database files\n"
" --oss-fuzz Enable OSS-FUZZ testing\n"
" --rebuild Rebuild and vacuum the database file\n"
" --result-trace Show the results of each SQL command\n"
" --sqlid N Use only SQL where sqlid=N\n"
@ -835,6 +841,7 @@ int main(int argc, char **argv){
char *zExpDb = 0; /* Write Databases to files in this directory */
char *zExpSql = 0; /* Write SQL to files in this directory */
void *pHeap = 0; /* Heap for use by SQLite */
int ossFuzz = 0; /* enable OSS-FUZZ testing */
iBegin = timeOfDay();
#ifdef __unix__
@ -895,6 +902,9 @@ int main(int argc, char **argv){
if( strcmp(z,"native-vfs")==0 ){
nativeFlag = 1;
}else
if( strcmp(z,"oss-fuzz")==0 ){
ossFuzz = 1;
}else
if( strcmp(z,"quiet")==0 || strcmp(z,"q")==0 ){
quietFlag = 1;
verboseFlag = 0;
@ -1123,25 +1133,34 @@ int main(int argc, char **argv){
}
}
createVFile("main.db", pDb->sz, pDb->a);
openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
if( nativeFlag && pDb->sz==0 ){
openFlags |= SQLITE_OPEN_MEMORY;
zVfs = 0;
}
rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
if( rc ) fatalError("cannot open inmem database");
if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
setAlarm(iTimeout);
#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
if( sqlFuzz || vdbeLimitFlag ){
sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
}
if( ossFuzz ){
#ifndef SQLITE_OSS_FUZZ
fatalError("--oss-fuzz not supported: recompile with -DSQLITE_OSS_FUZZ");
#else
extern int LLVMFuzzerTestOneInput(const uint8_t*, size_t);
LLVMFuzzerTestOneInput((const uint8_t*)pSql->a, (size_t)pSql->sz);
#endif
do{
runSql(db, (char*)pSql->a, runFlags);
}while( timeoutTest );
setAlarm(0);
sqlite3_close(db);
}else{
openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
if( nativeFlag && pDb->sz==0 ){
openFlags |= SQLITE_OPEN_MEMORY;
zVfs = 0;
}
rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
if( rc ) fatalError("cannot open inmem database");
if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
setAlarm(iTimeout);
#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
if( sqlFuzz || vdbeLimitFlag ){
sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
}
#endif
do{
runSql(db, (char*)pSql->a, runFlags);
}while( timeoutTest );
setAlarm(0);
sqlite3_close(db);
}
if( sqlite3_memory_used()>0 ) fatalError("memory leak");
reformatVfs();
nTest++;

80
test/ossfuzz.c Normal file
View File

@ -0,0 +1,80 @@
/*
** This module interfaces SQLite to the Google OSS-Fuzz, fuzzer as a service.
** (https://github.com/google/oss-fuzz)
*/
#include <stddef.h>
#include <stdint.h>
#include "sqlite3.h"
/*
** Progress handler callback
*/
static int progress_handler(void *pReturn) {
return *(int*)pReturn;
}
/*
** Callback for sqlite3_exec().
*/
static int exec_handler(void *pCnt, int argc, char **argv, char **namev){
int i;
for(i=0; i<argc; i++) sqlite3_free(sqlite3_mprintf("%s", argv[i]));
return ((*(int*)pCnt)--)<=0;
}
/*
** Main entry point. The fuzzer invokes this function with each
** fuzzed input.
*/
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
int progressArg = 0; /* 1 causes progress handler abort */
int execCnt = 0; /* Abort row callback when count reaches zero */
char *zErrMsg = 0; /* Error message returned by sqlite_exec() */
sqlite3 *db; /* The database connection */
uint8_t uSelector; /* First byte of input data[] */
int rc; /* Return code from various interfaces */
char *zSql; /* Zero-terminated copy of data[] */
if( size<3 ) return 0; /* Early out if unsufficient data */
/* Extract the selector byte from the beginning of the input. But only
** do this if the second byte is a \n. If the second byte is not \n,
** then use a default selector */
if( data[1]=='\n' ){
uSelector = data[0]; data += 2; size -= 2;
}else{
uSelector = 0xfd;
}
/* Open the database connection. Only use an in-memory database. */
rc = sqlite3_open_v2("fuzz.db", &db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0);
if( rc ) return 0;
/* Bit 0 of the selector enables progress callbacks. Bit 1 is the
** return code from progress callbacks */
if( uSelector & 1 ){
sqlite3_progress_handler(db, 4, progress_handler, (void*)&progressArg);
}
uSelector >>= 1;
progressArg = uSelector & 1; uSelector >>= 1;
/* Bit 2 of the selector enables foreign key constraints */
sqlite3_db_config(db, SQLITE_DBCONFIG_ENABLE_FKEY, uSelector&1, &rc);
uSelector >>= 1;
/* Remaining bits of the selector determine a limit on the number of
** output rows */
execCnt = uSelector + 1;
/* Run the SQL. The sqlite_exec() interface expects a zero-terminated
** string, so make a copy. */
zSql = sqlite3_mprintf("%.*s", (int)size, data);
sqlite3_exec(db, zSql, exec_handler, (void*)&execCnt, &zErrMsg);
/* Cleanup and return */
sqlite3_free(zErrMsg);
sqlite3_free(zSql);
sqlite3_close(db);
return 0;
}