/ Check-in [d343f7d6]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improvements to the ossfuzz.c fuzz-testing module so that it works with -DSQLITE_OMIT_PROGRESS_CALLBACK and with -DSQLITE_OMIT_INIT.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: d343f7d6b05865c282eb73a0e39dc396f2927982af45b3d045de03ef73715693
User & Date: drh 2018-11-21 14:27:34
Context
2018-11-22
19:10
Fix a problem reading from temp databases in SQLITE_DIRECT_OVERFLOW_READ builds. check-in: 81629ba9 user: dan tags: trunk
2018-11-21
14:27
Improvements to the ossfuzz.c fuzz-testing module so that it works with -DSQLITE_OMIT_PROGRESS_CALLBACK and with -DSQLITE_OMIT_INIT. check-in: d343f7d6 user: drh tags: trunk
2018-11-20
18:09
Fix problems in pragma.c causing some PRAGMA statements to test the wrong schema-cookie before proceeding, or to try to open cursors on the wrong database ("PRAGMA foreign_key_check" only). check-in: 6982f52f user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to test/fuzzcheck.c.

   401    401   }
   402    402   
   403    403   
   404    404   /* Return the current wall-clock time */
   405    405   static sqlite3_int64 timeOfDay(void){
   406    406     static sqlite3_vfs *clockVfs = 0;
   407    407     sqlite3_int64 t;
   408         -  if( clockVfs==0 ) clockVfs = sqlite3_vfs_find(0);
          408  +  if( clockVfs==0 ){
          409  +    clockVfs = sqlite3_vfs_find(0);
          410  +    if( clockVfs==0 ) return 0;
          411  +  }
   409    412     if( clockVfs->iVersion>=1 && clockVfs->xCurrentTimeInt64!=0 ){
   410    413       clockVfs->xCurrentTimeInt64(clockVfs, &t);
   411    414     }else{
   412    415       double r;
   413    416       clockVfs->xCurrentTime(clockVfs, &r);
   414    417       t = (sqlite3_int64)(r*86400000.0);
   415    418     }
................................................................................
   862    865     void *pHeap = 0;             /* Heap for use by SQLite */
   863    866     int ossFuzz = 0;             /* enable OSS-FUZZ testing */
   864    867     int ossFuzzThisDb = 0;       /* ossFuzz value for this particular database */
   865    868     int nativeMalloc = 0;        /* Turn off MEMSYS3/5 and lookaside if true */
   866    869     sqlite3_vfs *pDfltVfs;       /* The default VFS */
   867    870     int openFlags4Data;          /* Flags for sqlite3_open_v2() */
   868    871   
          872  +  sqlite3_initialize();
   869    873     iBegin = timeOfDay();
   870    874   #ifdef __unix__
   871    875     signal(SIGALRM, timeoutHandler);
   872    876   #endif
   873    877     g.zArgv0 = argv[0];
   874    878     openFlags4Data = SQLITE_OPEN_READONLY;
   875    879     zFailCode = getenv("TEST_FAILURE");

Changes to test/ossfuzz.c.

    32     32   
    33     33   /* Return the current real-world time in milliseconds since the
    34     34   ** Julian epoch (-4714-11-24).
    35     35   */
    36     36   static sqlite3_int64 timeOfDay(void){
    37     37     static sqlite3_vfs *clockVfs = 0;
    38     38     sqlite3_int64 t;
    39         -  if( clockVfs==0 ) clockVfs = sqlite3_vfs_find(0);
           39  +  if( clockVfs==0 ){
           40  +    clockVfs = sqlite3_vfs_find(0);
           41  +    if( clockVfs==0 ) return 0;
           42  +  }
    40     43     if( clockVfs->iVersion>=2 && clockVfs->xCurrentTimeInt64!=0 ){
    41     44       clockVfs->xCurrentTimeInt64(clockVfs, &t);
    42     45     }else{
    43     46       double r;
    44     47       clockVfs->xCurrentTime(clockVfs, &r);
    45     48       t = (sqlite3_int64)(r*86400000.0);
    46     49     }
................................................................................
    52     55   */
    53     56   typedef struct FuzzCtx {
    54     57     sqlite3 *db;               /* The database connection */
    55     58     sqlite3_int64 iCutoffTime; /* Stop processing at this time. */
    56     59     sqlite3_int64 iLastCb;     /* Time recorded for previous progress callback */
    57     60     sqlite3_int64 mxInterval;  /* Longest interval between two progress calls */
    58     61     unsigned nCb;              /* Number of progress callbacks */
           62  +  unsigned execCnt;          /* Number of calls to the sqlite3_exec callback */
    59     63   } FuzzCtx;
    60     64   
    61         -#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
    62     65   /*
    63     66   ** Progress handler callback.
    64     67   **
    65     68   ** The argument is the cutoff-time after which all processing should
    66     69   ** stop.  So return non-zero if the cut-off time is exceeded.
    67     70   */
    68     71   static int progress_handler(void *pClientData) {
................................................................................
    70     73     sqlite3_int64 iNow = timeOfDay();
    71     74     int rc = iNow>=p->iCutoffTime;
    72     75     sqlite3_int64 iDiff = iNow - p->iLastCb;
    73     76     if( iDiff > p->mxInterval ) p->mxInterval = iDiff;
    74     77     p->nCb++;
    75     78     return rc;
    76     79   }
    77         -#endif
    78     80   
    79     81   /*
    80     82   ** Disallow debugging pragmas such as "PRAGMA vdbe_debug" and
    81     83   ** "PRAGMA parser_trace" since they can dramatically increase the
    82     84   ** amount of output without actually testing anything useful.
    83     85   */
    84     86   static int block_debug_pragmas(
................................................................................
    97     99     }
    98    100     return SQLITE_OK;
    99    101   }
   100    102   
   101    103   /*
   102    104   ** Callback for sqlite3_exec().
   103    105   */
   104         -static int exec_handler(void *pCnt, int argc, char **argv, char **namev){
          106  +static int exec_handler(void *pClientData, int argc, char **argv, char **namev){
          107  +  FuzzCtx *p = (FuzzCtx*)pClientData;
   105    108     int i;
   106    109     if( argv ){
   107    110       for(i=0; i<argc; i++) sqlite3_free(sqlite3_mprintf("%s", argv[i]));
   108    111     }
   109         -  return ((*(int*)pCnt)--)<=0;
          112  +  return (p->execCnt--)<=0 || progress_handler(pClientData);
   110    113   }
   111    114   
   112    115   /*
   113    116   ** Main entry point.  The fuzzer invokes this function with each
   114    117   ** fuzzed input.
   115    118   */
   116    119   int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   117         -  int execCnt = 0;         /* Abort row callback when count reaches zero */
   118    120     char *zErrMsg = 0;       /* Error message returned by sqlite_exec() */
   119    121     uint8_t uSelector;       /* First byte of input data[] */
   120    122     int rc;                  /* Return code from various interfaces */
   121    123     char *zSql;              /* Zero-terminated copy of data[] */
   122    124     FuzzCtx cx;              /* Fuzzing context */
   123    125   
   124    126     memset(&cx, 0, sizeof(cx));
................................................................................
   130    132     if( data[1]=='\n' ){
   131    133       uSelector = data[0];  data += 2; size -= 2;
   132    134     }else{
   133    135       uSelector = 0xfd;
   134    136     }
   135    137   
   136    138     /* Open the database connection.  Only use an in-memory database. */
          139  +  if( sqlite3_initialize() ) return 0;
   137    140     rc = sqlite3_open_v2("fuzz.db", &cx.db,
   138    141              SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0);
   139    142     if( rc ) return 0;
   140    143   
   141         -#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
   142    144     /* Invoke the progress handler frequently to check to see if we
   143    145     ** are taking too long.  The progress handler will return true
   144    146     ** (which will block further processing) if more than 10 seconds have
   145    147     ** elapsed since the start of the test.
   146    148     */
   147    149     cx.iLastCb = timeOfDay();
   148    150     cx.iCutoffTime = cx.iLastCb + 10000;  /* Now + 10 seconds */
          151  +#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
   149    152     sqlite3_progress_handler(cx.db, 10, progress_handler, (void*)&cx);
   150    153   #endif
   151    154   
   152    155     /* Set a limit on the maximum size of a prepared statement */
   153    156     sqlite3_limit(cx.db, SQLITE_LIMIT_VDBE_OP, 25000);
   154    157   
   155    158     /* Bit 1 of the selector enables foreign key constraints */
................................................................................
   157    160     uSelector >>= 1;
   158    161   
   159    162     /* Do not allow debugging pragma statements that might cause excess output */
   160    163     sqlite3_set_authorizer(cx.db, block_debug_pragmas, 0);
   161    164   
   162    165     /* Remaining bits of the selector determine a limit on the number of
   163    166     ** output rows */
   164         -  execCnt = uSelector + 1;
          167  +  cx.execCnt = uSelector + 1;
   165    168   
   166    169     /* Run the SQL.  The sqlite_exec() interface expects a zero-terminated
   167    170     ** string, so make a copy. */
   168    171     zSql = sqlite3_mprintf("%.*s", (int)size, data);
   169    172   #ifndef SQLITE_OMIT_COMPLETE
   170    173     sqlite3_complete(zSql);
   171    174   #endif
   172         -  sqlite3_exec(cx.db, zSql, exec_handler, (void*)&execCnt, &zErrMsg);
          175  +  sqlite3_exec(cx.db, zSql, exec_handler, (void*)&cx, &zErrMsg);
   173    176   
   174    177     /* Show any errors */
   175    178     if( (mDebug & FUZZ_SHOW_ERRORS)!=0 && zErrMsg ){
   176    179       printf("Error: %s\n", zErrMsg);
   177    180     }
   178    181   
   179    182     /* Cleanup and return */