Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add the --show-errors and --show-max-delay command-line options to the ossshell test program. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
626bdca98e0cd78ae873d97e75bb7d54 |
| User & Date: | drh 2017-03-17 14:59:40.532 |
Context
|
2017-03-17
| ||
| 22:50 | Begin enforcing the SQLITE_LIMIT_VDBE_OP. The documentation warned that this day might come. (check-in: ef59146170 user: drh tags: trunk) | |
| 14:59 | Add the --show-errors and --show-max-delay command-line options to the ossshell test program. (check-in: 626bdca98e user: drh tags: trunk) | |
| 14:15 | Fix the Makefile.in so that it builds the ossshell test program correctly. (check-in: 36f5602ec9 user: drh tags: trunk) | |
Changes
Changes to test/ossfuzz.c.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
/*
** This module interfaces SQLite to the Google OSS-Fuzz, fuzzer as a service.
** (https://github.com/google/oss-fuzz)
*/
#include <stddef.h>
#include <stdint.h>
#include "sqlite3.h"
/* Return the current real-world time in milliseconds since the
** Julian epoch (-4714-11-24).
*/
static sqlite3_int64 timeOfDay(void){
static sqlite3_vfs *clockVfs = 0;
sqlite3_int64 t;
if( clockVfs==0 ) clockVfs = sqlite3_vfs_find(0);
if( clockVfs->iVersion>=2 && clockVfs->xCurrentTimeInt64!=0 ){
clockVfs->xCurrentTimeInt64(clockVfs, &t);
}else{
double r;
clockVfs->xCurrentTime(clockVfs, &r);
t = (sqlite3_int64)(r*86400000.0);
}
return t;
}
#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
/*
** Progress handler callback.
**
** The argument is the cutoff-time after which all processing should
** stop. So return non-zero if the cut-off time is exceeded.
*/
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > | > > > > | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
/*
** This module interfaces SQLite to the Google OSS-Fuzz, fuzzer as a service.
** (https://github.com/google/oss-fuzz)
*/
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include "sqlite3.h"
/* Global debugging settings. OSS-Fuzz will have all debugging turned
** off. But if LLVMFuzzerTestOneInput() is called interactively from
** the ossshell utility program, then these flags might be set.
*/
static unsigned mDebug = 0;
#define FUZZ_SQL_TRACE 0x0001 /* Set an sqlite3_trace() callback */
#define FUZZ_SHOW_MAX_DELAY 0x0002 /* Show maximum progress callback delay */
#define FUZZ_SHOW_ERRORS 0x0004 /* Print error messages from SQLite */
/* The ossshell utility program invokes this interface to see the
** debugging flags. Unused by OSS-Fuzz.
*/
void ossfuzz_set_debug_flags(unsigned x){
mDebug = x;
}
/* Return the current real-world time in milliseconds since the
** Julian epoch (-4714-11-24).
*/
static sqlite3_int64 timeOfDay(void){
static sqlite3_vfs *clockVfs = 0;
sqlite3_int64 t;
if( clockVfs==0 ) clockVfs = sqlite3_vfs_find(0);
if( clockVfs->iVersion>=2 && clockVfs->xCurrentTimeInt64!=0 ){
clockVfs->xCurrentTimeInt64(clockVfs, &t);
}else{
double r;
clockVfs->xCurrentTime(clockVfs, &r);
t = (sqlite3_int64)(r*86400000.0);
}
return t;
}
/* An instance of the following object is passed by pointer as the
** client data to various callbacks.
*/
typedef struct FuzzCtx {
sqlite3 *db; /* The database connection */
sqlite3_int64 iCutoffTime; /* Stop processing at this time. */
sqlite3_int64 iLastCb; /* Time recorded for previous progress callback */
sqlite3_int64 mxInterval; /* Longest interval between two progress calls */
unsigned nCb; /* Number of progress callbacks */
} FuzzCtx;
#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
/*
** Progress handler callback.
**
** The argument is the cutoff-time after which all processing should
** stop. So return non-zero if the cut-off time is exceeded.
*/
static int progress_handler(void *pClientData) {
FuzzCtx *p = (FuzzCtx*)pClientData;
sqlite3_int64 iNow = timeOfDay();
int rc = iNow>=p->iCutoffTime;
sqlite3_int64 iDiff = iNow - p->iLastCb;
if( iDiff > p->mxInterval ) p->mxInterval = iDiff;
p->nCb++;
return rc;
}
#endif
/*
** Callback for sqlite3_exec().
*/
static int exec_handler(void *pCnt, int argc, char **argv, char **namev){
|
| ︙ | ︙ | |||
50 51 52 53 54 55 56 |
/*
** Main entry point. The fuzzer invokes this function with each
** fuzzed input.
*/
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
int execCnt = 0; /* Abort row callback when count reaches zero */
char *zErrMsg = 0; /* Error message returned by sqlite_exec() */
| < | > | > | | | | > > > > > | > > > > > | 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
/*
** Main entry point. The fuzzer invokes this function with each
** fuzzed input.
*/
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
int execCnt = 0; /* Abort row callback when count reaches zero */
char *zErrMsg = 0; /* Error message returned by sqlite_exec() */
uint8_t uSelector; /* First byte of input data[] */
int rc; /* Return code from various interfaces */
char *zSql; /* Zero-terminated copy of data[] */
FuzzCtx cx; /* Fuzzing context */
memset(&cx, 0, sizeof(cx));
if( size<3 ) return 0; /* Early out if unsufficient data */
/* Extract the selector byte from the beginning of the input. But only
** do this if the second byte is a \n. If the second byte is not \n,
** then use a default selector */
if( data[1]=='\n' ){
uSelector = data[0]; data += 2; size -= 2;
}else{
uSelector = 0xfd;
}
/* Open the database connection. Only use an in-memory database. */
rc = sqlite3_open_v2("fuzz.db", &cx.db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0);
if( rc ) return 0;
#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
/* Invoke the progress handler frequently to check to see if we
** are taking too long. The progress handler will return true
** (which will block further processing) if more than 10 seconds have
** elapsed since the start of the test.
*/
cx.iLastCb = timeOfDay();
cx.iCutoffTime = cx.iLastCb + 10000; /* Now + 10 seconds */
sqlite3_progress_handler(cx.db, 10, progress_handler, (void*)&cx);
#endif
/* Bit 1 of the selector enables foreign key constraints */
sqlite3_db_config(cx.db, SQLITE_DBCONFIG_ENABLE_FKEY, uSelector&1, &rc);
uSelector >>= 1;
/* Remaining bits of the selector determine a limit on the number of
** output rows */
execCnt = uSelector + 1;
/* Run the SQL. The sqlite_exec() interface expects a zero-terminated
** string, so make a copy. */
zSql = sqlite3_mprintf("%.*s", (int)size, data);
sqlite3_exec(cx.db, zSql, exec_handler, (void*)&execCnt, &zErrMsg);
/* Show any errors */
if( (mDebug & FUZZ_SHOW_ERRORS)!=0 && zErrMsg ){
printf("Error: %s\n", zErrMsg);
}
/* Cleanup and return */
sqlite3_free(zErrMsg);
sqlite3_free(zSql);
sqlite3_close(cx.db);
if( mDebug & FUZZ_SHOW_MAX_DELAY ){
printf("Progress callback count....... %d\n", cx.nCb);
printf("Max time between callbacks.... %d ms\n", (int)cx.mxInterval);
}
return 0;
}
|
Changes to test/ossshell.c.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
/*
** This is a test interface for the ossfuzz.c module. The ossfuzz.c module
** is an adaptor for OSS-FUZZ. (https://github.com/google/oss-fuzz)
**
** This program links against ossfuzz.c. It reads files named on the
** command line and passes them one by one into ossfuzz.c.
*/
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include "sqlite3.h"
/*
** The entry point in ossfuzz.c that this routine will be calling
*/
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
/*
** Read files named on the command-line and invoke the fuzzer for
** each one.
*/
int main(int argc, char **argv){
FILE *in;
int i;
int nErr = 0;
uint8_t *zBuf = 0;
size_t sz;
for(i=1; i<argc; i++){
const char *zFilename = argv[i];
in = fopen(zFilename, "rb");
if( in==0 ){
fprintf(stderr, "cannot open \"%s\"\n", zFilename);
nErr++;
continue;
}
fseek(in, 0, SEEK_END);
sz = ftell(in);
rewind(in);
zBuf = realloc(zBuf, sz);
if( zBuf==0 ){
fprintf(stderr, "cannot malloc() for %d bytes\n", (int)sz);
exit(1);
}
if( fread(zBuf, sz, 1, in)!=1 ){
fprintf(stderr, "cannot read %d bytes from \"%s\"\n",
(int)sz, zFilename);
nErr++;
}else{
printf("%s... ", zFilename);
fflush(stdout);
(void)LLVMFuzzerTestOneInput(zBuf, sz);
printf("ok\n");
}
fclose(in);
}
free(zBuf);
return nErr;
}
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
/*
** This is a test interface for the ossfuzz.c module. The ossfuzz.c module
** is an adaptor for OSS-FUZZ. (https://github.com/google/oss-fuzz)
**
** This program links against ossfuzz.c. It reads files named on the
** command line and passes them one by one into ossfuzz.c.
*/
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "sqlite3.h"
/*
** The entry point in ossfuzz.c that this routine will be calling
*/
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
/* Must match equivalent #defines in ossfuzz.c */
#define FUZZ_SQL_TRACE 0x0001 /* Set an sqlite3_trace() callback */
#define FUZZ_SHOW_MAX_DELAY 0x0002 /* Show maximum progress callback delay */
#define FUZZ_SHOW_ERRORS 0x0004 /* Show SQL errors */
extern void ossfuzz_set_debug_flags(unsigned);
/*
** Read files named on the command-line and invoke the fuzzer for
** each one.
*/
int main(int argc, char **argv){
FILE *in;
int i;
int nErr = 0;
uint8_t *zBuf = 0;
size_t sz;
unsigned mDebug = 0;
for(i=1; i<argc; i++){
const char *zFilename = argv[i];
if( zFilename[0]=='-' ){
if( zFilename[1]=='-' ) zFilename++;
if( strcmp(zFilename, "-show-errors")==0 ){
mDebug |= FUZZ_SHOW_ERRORS;
ossfuzz_set_debug_flags(mDebug);
}else
if( strcmp(zFilename, "-show-max-delay")==0 ){
mDebug |= FUZZ_SHOW_MAX_DELAY;
ossfuzz_set_debug_flags(mDebug);
}else
if( strcmp(zFilename, "-sql-trace")==0 ){
mDebug |= FUZZ_SQL_TRACE;
ossfuzz_set_debug_flags(mDebug);
}else
{
printf("unknown option \"%s\"\n", argv[i]);
printf("should be one of: --show-errors --show-max-delay"
" --sql-trace\n");
exit(1);
}
continue;
}
in = fopen(zFilename, "rb");
if( in==0 ){
fprintf(stderr, "cannot open \"%s\"\n", zFilename);
nErr++;
continue;
}
fseek(in, 0, SEEK_END);
sz = ftell(in);
rewind(in);
zBuf = realloc(zBuf, sz);
if( zBuf==0 ){
fprintf(stderr, "cannot malloc() for %d bytes\n", (int)sz);
exit(1);
}
if( fread(zBuf, sz, 1, in)!=1 ){
fprintf(stderr, "cannot read %d bytes from \"%s\"\n",
(int)sz, zFilename);
nErr++;
}else{
printf("%s... ", zFilename);
if( mDebug ) printf("\n");
fflush(stdout);
(void)LLVMFuzzerTestOneInput(zBuf, sz);
if( mDebug ) printf("%s: ", zFilename);
printf("ok\n");
}
fclose(in);
}
free(zBuf);
return nErr;
}
|