Add the test/ossfuzz.c interface adaptor for OSS-FUZZ. Make previsions for
testing the adaptor using fuzzcheck.c. FossilOrigin-Name: 119d6ef8478ea6ab07dfd0e974d2f5a8dcfce87e
This commit is contained in:
parent
3bafdede8a
commit
ea432ba2df
6
main.mk
6
main.mk
@ -511,10 +511,10 @@ fuzzershell$(EXE): $(TOP)/tool/fuzzershell.c sqlite3.c sqlite3.h
|
||||
$(FUZZERSHELL_OPT) $(TOP)/tool/fuzzershell.c sqlite3.c \
|
||||
$(TLIBS) $(THREADLIB)
|
||||
|
||||
fuzzcheck$(EXE): $(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h
|
||||
fuzzcheck$(EXE): $(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h $(TOP)/test/ossfuzz.c
|
||||
$(TCCX) -o fuzzcheck$(EXE) -DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION \
|
||||
-DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) \
|
||||
$(TOP)/test/fuzzcheck.c sqlite3.c $(TLIBS) $(THREADLIB)
|
||||
-DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) -DSQLITE_OSS_FUZZ \
|
||||
$(TOP)/test/fuzzcheck.c $(TOP)/test/ossfuzz.c sqlite3.c $(TLIBS) $(THREADLIB)
|
||||
|
||||
mptester$(EXE): sqlite3.c $(TOP)/mptest/mptest.c
|
||||
$(TCCX) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.c \
|
||||
|
17
manifest
17
manifest
@ -1,5 +1,5 @@
|
||||
C Handle\ssome\sobscure\s"row\svalue\smisused"\scases\sthat\scould\scause\ssegfaults\sor\nassertion\sfailures.
|
||||
D 2016-11-11T15:49:01.962
|
||||
C Add\sthe\stest/ossfuzz.c\sinterface\sadaptor\sfor\sOSS-FUZZ.\s\sMake\sprevisions\sfor\ntesting\sthe\sadaptor\susing\sfuzzcheck.c.
|
||||
D 2016-11-11T16:33:47.638
|
||||
F Makefile.in 6fd48ffcf7c2deea7499062d1f3747f986c19678
|
||||
F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
|
||||
F Makefile.msc e0217f2d35a0448abbe4b066132ae20136e8b408
|
||||
@ -311,7 +311,7 @@ F ext/userauth/userauth.c 5fa3bdb492f481bbc1709fc83c91ebd13460c69e
|
||||
F install-sh 9d4de14ab9fb0facae2f48780b874848cbf2f895 x
|
||||
F ltmain.sh 3ff0879076df340d2e23ae905484d8c15d5fdea8
|
||||
F magic.txt 8273bf49ba3b0c8559cb2774495390c31fd61c60
|
||||
F main.mk 06dc0b1a9c9e2d05c9275937dd5b894bfe7d17d8
|
||||
F main.mk 4b5c097e286a7b57023547b674c508f14e51dd9d
|
||||
F mkso.sh fd21c06b063bb16a5d25deea1752c2da6ac3ed83
|
||||
F mptest/config01.test 3c6adcbc50b991866855f1977ff172eb6d901271
|
||||
F mptest/config02.test 4415dfe36c48785f751e16e32c20b077c28ae504
|
||||
@ -814,7 +814,7 @@ F test/fuzz2.test 76dc35b32b6d6f965259508508abce75a6c4d7e1
|
||||
F test/fuzz3.test b47377143f0c80f91ed29d722861077ff34415d5
|
||||
F test/fuzz_common.tcl a87dfbb88c2a6b08a38e9a070dabd129e617b45b
|
||||
F test/fuzz_malloc.test 328f70aaca63adf29b4c6f06505ed0cf57ca7c26
|
||||
F test/fuzzcheck.c f2e8102f7829f7b946ebdb6f1a16c6f942d9de66
|
||||
F test/fuzzcheck.c 984470cee0a35b893ad0377a7de75f0c9a758392
|
||||
F test/fuzzdata1.db 7ee3227bad0e7ccdeb08a9e6822916777073c664
|
||||
F test/fuzzdata2.db f03a420d3b822cc82e4f894ca957618fbe9c4973
|
||||
F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba
|
||||
@ -985,6 +985,7 @@ F test/orderby7.test 3d1383d52ade5b9eb3a173b3147fdd296f0202da
|
||||
F test/orderby8.test 23ef1a5d72bd3adcc2f65561c654295d1b8047bd
|
||||
F test/orderby9.test 87fb9548debcc2cd141c5299002dd94672fa76a3
|
||||
F test/oserror.test b32dc34f2363ef18532e3a0a7358e3e7e321974f
|
||||
F test/ossfuzz.c 2d64a0e38ec35fb29c09f8474b64c43605e00ce4 w test/oss-fuzz-adaptor.c
|
||||
F test/ovfl.test 199c482696defceacee8c8e0e0ef36da62726b2f
|
||||
F test/pager1.test 841868017e9dd3cb459b8d78862091a7d9cff21d
|
||||
F test/pager2.test 67b8f40ae98112bcdba1f2b2d03ea83266418c71
|
||||
@ -1531,7 +1532,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||
P f98c8ac8c485098f163400d3a92d6afb4008adbe
|
||||
R a89e5be61b771e1fa50ceffc5542b881
|
||||
U dan
|
||||
Z 011fdd87018b196e46b8f2521e403dd0
|
||||
P fba5fddb1c40af75634b01c1f06d2610df697e01
|
||||
R 7bae7291b6277b17f47b074bc7079f96
|
||||
U drh
|
||||
Z 392e6662701d2d132b972967184d58cf
|
||||
|
@ -1 +1 @@
|
||||
fba5fddb1c40af75634b01c1f06d2610df697e01
|
||||
119d6ef8478ea6ab07dfd0e974d2f5a8dcfce87e
|
@ -80,6 +80,11 @@
|
||||
# include <unistd.h>
|
||||
#endif
|
||||
|
||||
#ifdef SQLITE_OSS_FUZZ
|
||||
# include <stddef.h>
|
||||
# include <stdint.h>
|
||||
#endif
|
||||
|
||||
/*
|
||||
** Files in the virtual file system.
|
||||
*/
|
||||
@ -794,6 +799,7 @@ static void showHelp(void){
|
||||
" --load-db ARGS... Load template databases from files into SOURCE_DB\n"
|
||||
" -m TEXT Add a description to the database\n"
|
||||
" --native-vfs Use the native VFS for initially empty database files\n"
|
||||
" --oss-fuzz Enable OSS-FUZZ testing\n"
|
||||
" --rebuild Rebuild and vacuum the database file\n"
|
||||
" --result-trace Show the results of each SQL command\n"
|
||||
" --sqlid N Use only SQL where sqlid=N\n"
|
||||
@ -835,6 +841,7 @@ int main(int argc, char **argv){
|
||||
char *zExpDb = 0; /* Write Databases to files in this directory */
|
||||
char *zExpSql = 0; /* Write SQL to files in this directory */
|
||||
void *pHeap = 0; /* Heap for use by SQLite */
|
||||
int ossFuzz = 0; /* enable OSS-FUZZ testing */
|
||||
|
||||
iBegin = timeOfDay();
|
||||
#ifdef __unix__
|
||||
@ -895,6 +902,9 @@ int main(int argc, char **argv){
|
||||
if( strcmp(z,"native-vfs")==0 ){
|
||||
nativeFlag = 1;
|
||||
}else
|
||||
if( strcmp(z,"oss-fuzz")==0 ){
|
||||
ossFuzz = 1;
|
||||
}else
|
||||
if( strcmp(z,"quiet")==0 || strcmp(z,"q")==0 ){
|
||||
quietFlag = 1;
|
||||
verboseFlag = 0;
|
||||
@ -1123,25 +1133,34 @@ int main(int argc, char **argv){
|
||||
}
|
||||
}
|
||||
createVFile("main.db", pDb->sz, pDb->a);
|
||||
openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
|
||||
if( nativeFlag && pDb->sz==0 ){
|
||||
openFlags |= SQLITE_OPEN_MEMORY;
|
||||
zVfs = 0;
|
||||
}
|
||||
rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
|
||||
if( rc ) fatalError("cannot open inmem database");
|
||||
if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
|
||||
setAlarm(iTimeout);
|
||||
#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
|
||||
if( sqlFuzz || vdbeLimitFlag ){
|
||||
sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
|
||||
}
|
||||
if( ossFuzz ){
|
||||
#ifndef SQLITE_OSS_FUZZ
|
||||
fatalError("--oss-fuzz not supported: recompile with -DSQLITE_OSS_FUZZ");
|
||||
#else
|
||||
extern int LLVMFuzzerTestOneInput(const uint8_t*, size_t);
|
||||
LLVMFuzzerTestOneInput((const uint8_t*)pSql->a, (size_t)pSql->sz);
|
||||
#endif
|
||||
do{
|
||||
runSql(db, (char*)pSql->a, runFlags);
|
||||
}while( timeoutTest );
|
||||
setAlarm(0);
|
||||
sqlite3_close(db);
|
||||
}else{
|
||||
openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
|
||||
if( nativeFlag && pDb->sz==0 ){
|
||||
openFlags |= SQLITE_OPEN_MEMORY;
|
||||
zVfs = 0;
|
||||
}
|
||||
rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
|
||||
if( rc ) fatalError("cannot open inmem database");
|
||||
if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
|
||||
setAlarm(iTimeout);
|
||||
#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
|
||||
if( sqlFuzz || vdbeLimitFlag ){
|
||||
sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
|
||||
}
|
||||
#endif
|
||||
do{
|
||||
runSql(db, (char*)pSql->a, runFlags);
|
||||
}while( timeoutTest );
|
||||
setAlarm(0);
|
||||
sqlite3_close(db);
|
||||
}
|
||||
if( sqlite3_memory_used()>0 ) fatalError("memory leak");
|
||||
reformatVfs();
|
||||
nTest++;
|
||||
|
80
test/ossfuzz.c
Normal file
80
test/ossfuzz.c
Normal file
@ -0,0 +1,80 @@
|
||||
/*
|
||||
** This module interfaces SQLite to the Google OSS-Fuzz, fuzzer as a service.
|
||||
** (https://github.com/google/oss-fuzz)
|
||||
*/
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
#include "sqlite3.h"
|
||||
|
||||
/*
|
||||
** Progress handler callback
|
||||
*/
|
||||
static int progress_handler(void *pReturn) {
|
||||
return *(int*)pReturn;
|
||||
}
|
||||
|
||||
/*
|
||||
** Callback for sqlite3_exec().
|
||||
*/
|
||||
static int exec_handler(void *pCnt, int argc, char **argv, char **namev){
|
||||
int i;
|
||||
for(i=0; i<argc; i++) sqlite3_free(sqlite3_mprintf("%s", argv[i]));
|
||||
return ((*(int*)pCnt)--)<=0;
|
||||
}
|
||||
|
||||
/*
|
||||
** Main entry point. The fuzzer invokes this function with each
|
||||
** fuzzed input.
|
||||
*/
|
||||
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
int progressArg = 0; /* 1 causes progress handler abort */
|
||||
int execCnt = 0; /* Abort row callback when count reaches zero */
|
||||
char *zErrMsg = 0; /* Error message returned by sqlite_exec() */
|
||||
sqlite3 *db; /* The database connection */
|
||||
uint8_t uSelector; /* First byte of input data[] */
|
||||
int rc; /* Return code from various interfaces */
|
||||
char *zSql; /* Zero-terminated copy of data[] */
|
||||
|
||||
if( size<3 ) return 0; /* Early out if unsufficient data */
|
||||
|
||||
/* Extract the selector byte from the beginning of the input. But only
|
||||
** do this if the second byte is a \n. If the second byte is not \n,
|
||||
** then use a default selector */
|
||||
if( data[1]=='\n' ){
|
||||
uSelector = data[0]; data += 2; size -= 2;
|
||||
}else{
|
||||
uSelector = 0xfd;
|
||||
}
|
||||
|
||||
/* Open the database connection. Only use an in-memory database. */
|
||||
rc = sqlite3_open_v2("fuzz.db", &db,
|
||||
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0);
|
||||
if( rc ) return 0;
|
||||
|
||||
/* Bit 0 of the selector enables progress callbacks. Bit 1 is the
|
||||
** return code from progress callbacks */
|
||||
if( uSelector & 1 ){
|
||||
sqlite3_progress_handler(db, 4, progress_handler, (void*)&progressArg);
|
||||
}
|
||||
uSelector >>= 1;
|
||||
progressArg = uSelector & 1; uSelector >>= 1;
|
||||
|
||||
/* Bit 2 of the selector enables foreign key constraints */
|
||||
sqlite3_db_config(db, SQLITE_DBCONFIG_ENABLE_FKEY, uSelector&1, &rc);
|
||||
uSelector >>= 1;
|
||||
|
||||
/* Remaining bits of the selector determine a limit on the number of
|
||||
** output rows */
|
||||
execCnt = uSelector + 1;
|
||||
|
||||
/* Run the SQL. The sqlite_exec() interface expects a zero-terminated
|
||||
** string, so make a copy. */
|
||||
zSql = sqlite3_mprintf("%.*s", (int)size, data);
|
||||
sqlite3_exec(db, zSql, exec_handler, (void*)&execCnt, &zErrMsg);
|
||||
|
||||
/* Cleanup and return */
|
||||
sqlite3_free(zErrMsg);
|
||||
sqlite3_free(zSql);
|
||||
sqlite3_close(db);
|
||||
return 0;
|
||||
}
|
Loading…
Reference in New Issue
Block a user