Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Improvements to the dbfuzz2.c test module. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
d60eff493b875366981c5a25000bb65c |
| User & Date: | drh 2018-10-27 21:06:44 |
Context
|
2018-10-29
| ||
| 16:07 | Harden the dbstat extension against corrupt database files. check-in: a0d47f25 user: drh tags: trunk | |
|
2018-10-27
| ||
| 21:06 | Improvements to the dbfuzz2.c test module. check-in: d60eff49 user: drh tags: trunk | |
| 16:02 | Add an entry in Makefile.in to build dbfuzz2 using clang-6.0 with -fsanitize=fuzzer,undefined. check-in: a4a083ed user: drh tags: trunk | |
Changes
Changes to Makefile.in.
671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 |
-DSQLITE_DEBUG \
-DSQLITE_ENABLE_DBSTAT_VTAB \
-DSQLITE_ENABLE_RTREE \
-DSQLITE_ENABLE_FTS4 \
-DSQLITE_EANBLE_FTS5
dbfuzz2: $(TOP)/test/dbfuzz2.c sqlite3.c sqlite3.h
clang-6.0 -I. -g -Os -fsanitize=fuzzer,undefined -o dbfuzz2 \
$(DBFUZZ2_OPTS) $(TOP)/test/dbfuzz2.c sqlite3.c
mkdir -p dbfuzz2-dir
cp $(TOP)/test/dbfuzz2-seed* dbfuzz2-dir
mptester$(TEXE): sqlite3.lo $(TOP)/mptest/mptest.c
$(LTLINK) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.lo \
$(TLIBS) -rpath "$(libdir)"
|
| |
671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 |
-DSQLITE_DEBUG \
-DSQLITE_ENABLE_DBSTAT_VTAB \
-DSQLITE_ENABLE_RTREE \
-DSQLITE_ENABLE_FTS4 \
-DSQLITE_EANBLE_FTS5
dbfuzz2: $(TOP)/test/dbfuzz2.c sqlite3.c sqlite3.h
clang-6.0 -I. -g -O0 -fsanitize=fuzzer,undefined -o dbfuzz2 \
$(DBFUZZ2_OPTS) $(TOP)/test/dbfuzz2.c sqlite3.c
mkdir -p dbfuzz2-dir
cp $(TOP)/test/dbfuzz2-seed* dbfuzz2-dir
mptester$(TEXE): sqlite3.lo $(TOP)/mptest/mptest.c
$(LTLINK) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.lo \
$(TLIBS) -rpath "$(libdir)"
|
Changes to test/dbfuzz2.c.
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
** This is the is the SQL that is run against the database.
*/
static const char *azSql[] = {
"PRAGMA integrity_check;",
"SELECT * FROM sqlite_master;",
"SELECT sum(length(name)) FROM dbstat;",
"UPDATE t1 SET b=a, a=b WHERE a<b;",
"ALTER TABLE t1 RENAME TO alkjalkjdfiiiwuer987lkjwer82mx97sf98788s9789s;"
"INSERT INTO t3 SELECT * FROM t2;",
"DELETE FROM t3 WHERE x IN (SELECT x FROM t4);",
"REINDEX;"
"DROP TABLE t3;",
"VACUUM;",
};
int LLVMFuzzerTestOneInput(const uint8_t *aData, size_t nByte){
unsigned char *a;
sqlite3 *db;
int rc;
int i;
rc = sqlite3_open(":memory:", &db);
if( rc ) return 1;
a = sqlite3_malloc64(nByte);
if( a==0 ) return 1;
memcpy(a, aData, nByte);
sqlite3_deserialize(db, "main", a, nByte, nByte,
SQLITE_DESERIALIZE_RESIZEABLE |
SQLITE_DESERIALIZE_FREEONCLOSE);
for(i=0; i<sizeof(azSql)/sizeof(azSql[0]); i++){
sqlite3_exec(db, azSql[i], 0, 0, 0);
}
sqlite3_close(db);
return 0;
}
|
| | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
** This is the is the SQL that is run against the database.
*/
static const char *azSql[] = {
"PRAGMA integrity_check;",
"SELECT * FROM sqlite_master;",
"SELECT sum(length(name)) FROM dbstat;",
"UPDATE t1 SET b=a, a=b WHERE a<b;",
"ALTER TABLE t1 RENAME TO alkjalkjdfiiiwuer987lkjwer82mx97sf98788s9789s;",
"INSERT INTO t3 SELECT * FROM t2;",
"DELETE FROM t3 WHERE x IN (SELECT x FROM t4);",
"REINDEX;",
"DROP TABLE t3;",
"VACUUM;",
};
/* Output verbosity level. 0 means complete silence */
int eVerbosity = 0;
/* libFuzzer invokes this routine with fuzzed database files (in aData).
** This routine run SQLite against the malformed database to see if it
** can provoke a failure or malfunction.
*/
int LLVMFuzzerTestOneInput(const uint8_t *aData, size_t nByte){
unsigned char *a;
sqlite3 *db;
int rc;
int i;
if( eVerbosity>=1 ){
printf("************** nByte=%d ***************\n", (int)nByte);
fflush(stdout);
}
rc = sqlite3_open(":memory:", &db);
if( rc ) return 1;
a = sqlite3_malloc64(nByte);
if( a==0 ) return 1;
memcpy(a, aData, nByte);
sqlite3_deserialize(db, "main", a, nByte, nByte,
SQLITE_DESERIALIZE_RESIZEABLE |
SQLITE_DESERIALIZE_FREEONCLOSE);
for(i=0; i<sizeof(azSql)/sizeof(azSql[0]); i++){
if( eVerbosity>=1 ){
printf("%s\n", azSql[i]);
fflush(stdout);
}
sqlite3_exec(db, azSql[i], 0, 0, 0);
}
sqlite3_close(db);
if( sqlite3_memory_used()!=0 ){
fprintf(stderr,"Memory leak: %lld bytes\n", sqlite3_memory_used());
exit(1);
}
return 0;
}
/* libFuzzer invokes this routine once when the executable starts, to
** process the command-line arguments.
*/
int LLVMFuzzerInitialize(int *pArgc, char ***pArgv){
int i, j;
int argc = *pArgc;
char **newArgv;
char **argv = *pArgv;
newArgv = malloc( sizeof(char*)*(argc+1) );
if( newArgv==0 ) return 0;
newArgv[0] = argv[0];
for(i=j=1; i<argc; i++){
char *z = argv[i];
if( z[0]=='-' ){
z++;
if( z[0]=='-' ) z++;
if( strcmp(z,"v")==0 ){
eVerbosity++;
continue;
}
}
newArgv[j++] = argv[i];
}
newArgv[j] = 0;
*pArgv = newArgv;
*pArgc = j;
return 0;
}
|