Index: tool/fuzzershell.c ================================================================== --- tool/fuzzershell.c +++ tool/fuzzershell.c @@ -29,10 +29,33 @@ ** disk database so that the fuzzer starts with a database containing ** content. ** ** (4) The eval() SQL function is added, allowing the fuzzer to do ** interesting recursive operations. +** +** 2015-04-20: The input text can be divided into separate SQL chunks using +** lines of the form: +** +** |****<...>****| +** +** where the "..." is arbitrary text, except the "|" should really be "/". +** ("|" is used here to avoid compiler warnings about nested comments.) +** Each such SQL comment is printed as it is encountered. A separate +** in-memory SQLite database is created to run each chunk of SQL. This +** feature allows the "queue" of AFL to be captured into a single big +** file using a command like this: +** +** (for i in id:*; do echo '|****<'$i'>****|'; cat $i; done) >~/all-queue.txt +** +** (Once again, change the "|" to "/") Then all elements of the AFL queue +** can be run in a single go (for regression testing, for example, by typing: +** +** fuzzershell -f ~/all-queue.txt >out.txt +** +** After running each chunk of SQL, the database connection is closed. The +** program aborts if the close fails or if there is any unfreed memory after +** the close. */ #include #include #include #include @@ -216,12 +239,13 @@ int nIn = 0; /* Number of bytes of zIn[] used */ size_t got; /* Bytes read from input */ FILE *in = stdin; /* Where to read SQL text from */ int rc = SQLITE_OK; /* Result codes from API functions */ int i; /* Loop counter */ + int iNext; /* Next block of SQL */ sqlite3 *db; /* Open database */ - sqlite3 *dbInit; /* On-disk database used to initialize the in-memory db */ + sqlite3 *dbInit = 0; /* On-disk database used to initialize the in-memory db */ const char *zInitDb = 0;/* Name of the initialization database file */ char *zErrMsg = 0; /* Error message returned from sqlite3_exec() */ g.zArgv0 = argv[0]; for(i=1; i****/"); + if( z ){ + z += 6; + printf("%.*s\n", (int)(z-&zIn[i]), &zIn[i]); + i += (int)(z-&zIn[i]); + } + } + for(iNext=i; iNext0 ){ + abendError("memory in use after close: %lld bytes", sqlite3_memory_used()); + } + } + free(zIn); + return 0; }