Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Initial code for a fuzzing tool on database file that works with the -fsanitize=fuzzer option of clang. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: | 90d12094d36957fbded71545add8a5dc |
| User & Date: | drh 2018-10-27 00:47:33 |
Context
|
2018-10-27
| ||
| 16:02 | Add an entry in Makefile.in to build dbfuzz2 using clang-6.0 with -fsanitize=fuzzer,undefined. check-in: a4a083ed user: drh tags: trunk | |
| 00:47 | Initial code for a fuzzing tool on database file that works with the -fsanitize=fuzzer option of clang. check-in: 90d12094 user: drh tags: trunk | |
|
2018-10-26
| ||
| 17:05 | Add the sqlite3session_config() interface. For configuring global parameters belonging to the sessions module. check-in: 1e69f3ff user: dan tags: trunk | |
Changes
Added test/dbfuzz2-seed1.db.
cannot compute difference between binary files
Added test/dbfuzz2.c.
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
/* ** 2018-10-26 ** ** The author disclaims copyright to this source code. In place of ** a legal notice, here is a blessing: ** ** May you do good and not evil. ** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** ** This program is designed for fuzz-testing SQLite database files using ** the -fsanitize=fuzzer option of clang. ** ** The -fsanitize=fuzzer option causes a main() to be inserted automatically. ** That main() invokes LLVMFuzzerTestOneInput(D,S) to be invoked repeatedly. ** Each D is a fuzzed database file. The code in this file runs various ** SQL statements against that database, trying to provoke a failure. ** ** For best results the seed database files should have these tables: ** ** Table "t1" with columns "a" and "b" ** Tables "t2" and "t3 with the same number of compatible columns ** "t3" should have a column names "x" ** Table "t4" with a column "x" that is compatible with t3.x. ** ** Any of these tables can be virtual tables, for example FTS or RTree tables. ** ** To run this test: ** ** mkdir dir ** cp dbfuzz2-seed*.db dir ** clang-6.0 -I. -g -O1 -fsanitize=fuzzer \ ** -DTHREADSAFE=0 -DSQLITE_ENABLE_DESERIALIZE \ ** -DSQLITE_ENABLE_DBSTAT_VTAB dbfuzz2.c sqlite3.c -ldl ** ./a.out dir */ #include <assert.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <stdarg.h> #include <ctype.h> #include <stdint.h> #include "sqlite3.h" /* ** This is the is the SQL that is run against the database. */ static const char *azSql[] = { "PRAGMA integrity_check;", "SELECT * FROM sqlite_master;", "SELECT sum(length(name)) FROM dbstat;", "UPDATE t1 SET b=a, a=b WHERE a<b;", "ALTER TABLE t1 RENAME TO alkjalkjdfiiiwuer987lkjwer82mx97sf98788s9789s;" "INSERT INTO t3 SELECT * FROM t2;", "DELETE FROM t3 WHERE x IN (SELECT x FROM t4);", "REINDEX;" "DROP TABLE t3;", "VACUUM;", }; int LLVMFuzzerTestOneInput(const uint8_t *aData, size_t nByte){ unsigned char *a; sqlite3 *db; int rc; int i; rc = sqlite3_open(":memory:", &db); if( rc ) return 1; a = sqlite3_malloc64(nByte); if( a==0 ) return 1; memcpy(a, aData, nByte); sqlite3_deserialize(db, "main", a, nByte, nByte, SQLITE_DESERIALIZE_RESIZEABLE | SQLITE_DESERIALIZE_FREEONCLOSE); for(i=0; i<sizeof(azSql)/sizeof(azSql[0]); i++){ sqlite3_exec(db, azSql[i], 0, 0, 0); } sqlite3_close(db); return 0; } |