SQLite

Check-in [d60eff493b]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improvements to the dbfuzz2.c test module.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: d60eff493b875366981c5a25000bb65cde9f6e628192914910790acc562c17b9
User & Date: drh 2018-10-27 21:06:44.652
Context
2018-10-29
16:07
Harden the dbstat extension against corrupt database files. (check-in: a0d47f25ae user: drh tags: trunk)
2018-10-27
21:06
Improvements to the dbfuzz2.c test module. (check-in: d60eff493b user: drh tags: trunk)
16:02
Add an entry in Makefile.in to build dbfuzz2 using clang-6.0 with -fsanitize=fuzzer,undefined. (check-in: a4a083ed8c user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to Makefile.in. 
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685

  -DSQLITE_DEBUG \
  -DSQLITE_ENABLE_DBSTAT_VTAB \
  -DSQLITE_ENABLE_RTREE \
  -DSQLITE_ENABLE_FTS4 \
  -DSQLITE_EANBLE_FTS5

dbfuzz2:	$(TOP)/test/dbfuzz2.c sqlite3.c sqlite3.h
	clang-6.0 -I. -g -Os -fsanitize=fuzzer,undefined -o dbfuzz2 \
		$(DBFUZZ2_OPTS) $(TOP)/test/dbfuzz2.c sqlite3.c
	mkdir -p dbfuzz2-dir
	cp $(TOP)/test/dbfuzz2-seed* dbfuzz2-dir

mptester$(TEXE):	sqlite3.lo $(TOP)/mptest/mptest.c
	$(LTLINK) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.lo \
		$(TLIBS) -rpath "$(libdir)"








|








671
672
673
674
675
676
677
678
679
680
681
682
683
684
685

  -DSQLITE_DEBUG \
  -DSQLITE_ENABLE_DBSTAT_VTAB \
  -DSQLITE_ENABLE_RTREE \
  -DSQLITE_ENABLE_FTS4 \
  -DSQLITE_EANBLE_FTS5

dbfuzz2:	$(TOP)/test/dbfuzz2.c sqlite3.c sqlite3.h
	clang-6.0 -I. -g -O0 -fsanitize=fuzzer,undefined -o dbfuzz2 \
		$(DBFUZZ2_OPTS) $(TOP)/test/dbfuzz2.c sqlite3.c
	mkdir -p dbfuzz2-dir
	cp $(TOP)/test/dbfuzz2-seed* dbfuzz2-dir

mptester$(TEXE):	sqlite3.lo $(TOP)/mptest/mptest.c
	$(LTLINK) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.lo \
		$(TLIBS) -rpath "$(libdir)"
Changes to test/dbfuzz2.c. 
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63







64
65
66
67
68
69




70
71
72
73
74
75
76
77
78




79
80
81

































82
83

** This is the is the SQL that is run against the database.
*/
static const char *azSql[] = {
  "PRAGMA integrity_check;",
  "SELECT * FROM sqlite_master;",
  "SELECT sum(length(name)) FROM dbstat;",
  "UPDATE t1 SET b=a, a=b WHERE a<b;",
  "ALTER TABLE t1 RENAME TO alkjalkjdfiiiwuer987lkjwer82mx97sf98788s9789s;"
  "INSERT INTO t3 SELECT * FROM t2;",
  "DELETE FROM t3 WHERE x IN (SELECT x FROM t4);",
  "REINDEX;"
  "DROP TABLE t3;",
  "VACUUM;",
};








int LLVMFuzzerTestOneInput(const uint8_t *aData, size_t nByte){
  unsigned char *a;
  sqlite3 *db;
  int rc;
  int i;





  rc = sqlite3_open(":memory:", &db);
  if( rc ) return 1;
  a = sqlite3_malloc64(nByte);
  if( a==0 ) return 1;
  memcpy(a, aData, nByte);
  sqlite3_deserialize(db, "main", a, nByte, nByte,
        SQLITE_DESERIALIZE_RESIZEABLE |
        SQLITE_DESERIALIZE_FREEONCLOSE);
  for(i=0; i<sizeof(azSql)/sizeof(azSql[0]); i++){




    sqlite3_exec(db, azSql[i], 0, 0, 0);
  }
  sqlite3_close(db);

































  return 0;
}








|


|




>
>
>
>
>
>
>






>
>
>
>









>
>
>
>



>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

** This is the is the SQL that is run against the database.
*/
static const char *azSql[] = {
  "PRAGMA integrity_check;",
  "SELECT * FROM sqlite_master;",
  "SELECT sum(length(name)) FROM dbstat;",
  "UPDATE t1 SET b=a, a=b WHERE a<b;",
  "ALTER TABLE t1 RENAME TO alkjalkjdfiiiwuer987lkjwer82mx97sf98788s9789s;",
  "INSERT INTO t3 SELECT * FROM t2;",
  "DELETE FROM t3 WHERE x IN (SELECT x FROM t4);",
  "REINDEX;",
  "DROP TABLE t3;",
  "VACUUM;",
};

/* Output verbosity level.  0 means complete silence */
int eVerbosity = 0;

/* libFuzzer invokes this routine with fuzzed database files (in aData).
** This routine run SQLite against the malformed database to see if it
** can provoke a failure or malfunction.
*/
int LLVMFuzzerTestOneInput(const uint8_t *aData, size_t nByte){
  unsigned char *a;
  sqlite3 *db;
  int rc;
  int i;

  if( eVerbosity>=1 ){
    printf("************** nByte=%d ***************\n", (int)nByte);
    fflush(stdout);
  }
  rc = sqlite3_open(":memory:", &db);
  if( rc ) return 1;
  a = sqlite3_malloc64(nByte);
  if( a==0 ) return 1;
  memcpy(a, aData, nByte);
  sqlite3_deserialize(db, "main", a, nByte, nByte,
        SQLITE_DESERIALIZE_RESIZEABLE |
        SQLITE_DESERIALIZE_FREEONCLOSE);
  for(i=0; i<sizeof(azSql)/sizeof(azSql[0]); i++){
    if( eVerbosity>=1 ){
      printf("%s\n", azSql[i]);
      fflush(stdout);
    }
    sqlite3_exec(db, azSql[i], 0, 0, 0);
  }
  sqlite3_close(db);
  if( sqlite3_memory_used()!=0 ){
    fprintf(stderr,"Memory leak: %lld bytes\n", sqlite3_memory_used());
    exit(1);
  }
  return 0;
}

/* libFuzzer invokes this routine once when the executable starts, to
** process the command-line arguments.
*/
int LLVMFuzzerInitialize(int *pArgc, char ***pArgv){
  int i, j;
  int argc = *pArgc;
  char **newArgv;
  char **argv = *pArgv;
  newArgv = malloc( sizeof(char*)*(argc+1) );
  if( newArgv==0 ) return 0;
  newArgv[0] = argv[0];
  for(i=j=1; i<argc; i++){
    char *z = argv[i];
    if( z[0]=='-' ){
      z++;
      if( z[0]=='-' ) z++;
      if( strcmp(z,"v")==0 ){
        eVerbosity++;
        continue;
      }
    }
    newArgv[j++] = argv[i];
  }
  newArgv[j] = 0;
  *pArgv = newArgv;
  *pArgc = j;
  return 0;
}