$(FUZZERSHELL_OPT) $(TOP)/tool/fuzzershell.c sqlite3.c \
$(TLIBS) $(THREADLIB)
-fuzzcheck$(EXE): $(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h
+fuzzcheck$(EXE): $(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h $(TOP)/test/ossfuzz.c
$(TCCX) -o fuzzcheck$(EXE) -DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION \
- -DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) \
- $(TOP)/test/fuzzcheck.c sqlite3.c $(TLIBS) $(THREADLIB)
+ -DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) -DSQLITE_OSS_FUZZ \
+ $(TOP)/test/fuzzcheck.c $(TOP)/test/ossfuzz.c sqlite3.c $(TLIBS) $(THREADLIB)
mptester$(EXE): sqlite3.c $(TOP)/mptest/mptest.c
$(TCCX) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.c \
-C Handle\ssome\sobscure\s"row\svalue\smisused"\scases\sthat\scould\scause\ssegfaults\sor\nassertion\sfailures.
-D 2016-11-11T15:49:01.962
+C Add\sthe\stest/ossfuzz.c\sinterface\sadaptor\sfor\sOSS-FUZZ.\s\sMake\sprevisions\sfor\ntesting\sthe\sadaptor\susing\sfuzzcheck.c.
+D 2016-11-11T16:33:47.638
F Makefile.in 6fd48ffcf7c2deea7499062d1f3747f986c19678
F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
F Makefile.msc e0217f2d35a0448abbe4b066132ae20136e8b408
F install-sh 9d4de14ab9fb0facae2f48780b874848cbf2f895 x
F ltmain.sh 3ff0879076df340d2e23ae905484d8c15d5fdea8
F magic.txt 8273bf49ba3b0c8559cb2774495390c31fd61c60
-F main.mk 06dc0b1a9c9e2d05c9275937dd5b894bfe7d17d8
+F main.mk 4b5c097e286a7b57023547b674c508f14e51dd9d
F mkso.sh fd21c06b063bb16a5d25deea1752c2da6ac3ed83
F mptest/config01.test 3c6adcbc50b991866855f1977ff172eb6d901271
F mptest/config02.test 4415dfe36c48785f751e16e32c20b077c28ae504
F test/fuzz3.test b47377143f0c80f91ed29d722861077ff34415d5
F test/fuzz_common.tcl a87dfbb88c2a6b08a38e9a070dabd129e617b45b
F test/fuzz_malloc.test 328f70aaca63adf29b4c6f06505ed0cf57ca7c26
-F test/fuzzcheck.c f2e8102f7829f7b946ebdb6f1a16c6f942d9de66
+F test/fuzzcheck.c 984470cee0a35b893ad0377a7de75f0c9a758392
F test/fuzzdata1.db 7ee3227bad0e7ccdeb08a9e6822916777073c664
F test/fuzzdata2.db f03a420d3b822cc82e4f894ca957618fbe9c4973
F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba
F test/orderby8.test 23ef1a5d72bd3adcc2f65561c654295d1b8047bd
F test/orderby9.test 87fb9548debcc2cd141c5299002dd94672fa76a3
F test/oserror.test b32dc34f2363ef18532e3a0a7358e3e7e321974f
+F test/ossfuzz.c 2d64a0e38ec35fb29c09f8474b64c43605e00ce4 w test/oss-fuzz-adaptor.c
F test/ovfl.test 199c482696defceacee8c8e0e0ef36da62726b2f
F test/pager1.test 841868017e9dd3cb459b8d78862091a7d9cff21d
F test/pager2.test 67b8f40ae98112bcdba1f2b2d03ea83266418c71
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P f98c8ac8c485098f163400d3a92d6afb4008adbe
-R a89e5be61b771e1fa50ceffc5542b881
-U dan
-Z 011fdd87018b196e46b8f2521e403dd0
+P fba5fddb1c40af75634b01c1f06d2610df697e01
+R 7bae7291b6277b17f47b074bc7079f96
+U drh
+Z 392e6662701d2d132b972967184d58cf
-fba5fddb1c40af75634b01c1f06d2610df697e01
\ No newline at end of file
+119d6ef8478ea6ab07dfd0e974d2f5a8dcfce87e
\ No newline at end of file
# include <unistd.h>
#endif
+#ifdef SQLITE_OSS_FUZZ
+# include <stddef.h>
+# include <stdint.h>
+#endif
+
/*
** Files in the virtual file system.
*/
" --load-db ARGS... Load template databases from files into SOURCE_DB\n"
" -m TEXT Add a description to the database\n"
" --native-vfs Use the native VFS for initially empty database files\n"
+" --oss-fuzz Enable OSS-FUZZ testing\n"
" --rebuild Rebuild and vacuum the database file\n"
" --result-trace Show the results of each SQL command\n"
" --sqlid N Use only SQL where sqlid=N\n"
char *zExpDb = 0; /* Write Databases to files in this directory */
char *zExpSql = 0; /* Write SQL to files in this directory */
void *pHeap = 0; /* Heap for use by SQLite */
+ int ossFuzz = 0; /* enable OSS-FUZZ testing */
iBegin = timeOfDay();
#ifdef __unix__
if( strcmp(z,"native-vfs")==0 ){
nativeFlag = 1;
}else
+ if( strcmp(z,"oss-fuzz")==0 ){
+ ossFuzz = 1;
+ }else
if( strcmp(z,"quiet")==0 || strcmp(z,"q")==0 ){
quietFlag = 1;
verboseFlag = 0;
}
}
createVFile("main.db", pDb->sz, pDb->a);
- openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
- if( nativeFlag && pDb->sz==0 ){
- openFlags |= SQLITE_OPEN_MEMORY;
- zVfs = 0;
- }
- rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
- if( rc ) fatalError("cannot open inmem database");
- if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
- setAlarm(iTimeout);
+ if( ossFuzz ){
+#ifndef SQLITE_OSS_FUZZ
+ fatalError("--oss-fuzz not supported: recompile with -DSQLITE_OSS_FUZZ");
+#else
+ extern int LLVMFuzzerTestOneInput(const uint8_t*, size_t);
+ LLVMFuzzerTestOneInput((const uint8_t*)pSql->a, (size_t)pSql->sz);
+#endif
+ }else{
+ openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
+ if( nativeFlag && pDb->sz==0 ){
+ openFlags |= SQLITE_OPEN_MEMORY;
+ zVfs = 0;
+ }
+ rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
+ if( rc ) fatalError("cannot open inmem database");
+ if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
+ setAlarm(iTimeout);
#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
- if( sqlFuzz || vdbeLimitFlag ){
- sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
- }
+ if( sqlFuzz || vdbeLimitFlag ){
+ sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
+ }
#endif
- do{
- runSql(db, (char*)pSql->a, runFlags);
- }while( timeoutTest );
- setAlarm(0);
- sqlite3_close(db);
+ do{
+ runSql(db, (char*)pSql->a, runFlags);
+ }while( timeoutTest );
+ setAlarm(0);
+ sqlite3_close(db);
+ }
if( sqlite3_memory_used()>0 ) fatalError("memory leak");
reformatVfs();
nTest++;
--- /dev/null
+/*
+** This module interfaces SQLite to the Google OSS-Fuzz, fuzzer as a service.
+** (https://github.com/google/oss-fuzz)
+*/
+#include <stddef.h>
+#include <stdint.h>
+#include "sqlite3.h"
+
+/*
+** Progress handler callback
+*/
+static int progress_handler(void *pReturn) {
+ return *(int*)pReturn;
+}
+
+/*
+** Callback for sqlite3_exec().
+*/
+static int exec_handler(void *pCnt, int argc, char **argv, char **namev){
+ int i;
+ for(i=0; i<argc; i++) sqlite3_free(sqlite3_mprintf("%s", argv[i]));
+ return ((*(int*)pCnt)--)<=0;
+}
+
+/*
+** Main entry point. The fuzzer invokes this function with each
+** fuzzed input.
+*/
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ int progressArg = 0; /* 1 causes progress handler abort */
+ int execCnt = 0; /* Abort row callback when count reaches zero */
+ char *zErrMsg = 0; /* Error message returned by sqlite_exec() */
+ sqlite3 *db; /* The database connection */
+ uint8_t uSelector; /* First byte of input data[] */
+ int rc; /* Return code from various interfaces */
+ char *zSql; /* Zero-terminated copy of data[] */
+
+ if( size<3 ) return 0; /* Early out if unsufficient data */
+
+ /* Extract the selector byte from the beginning of the input. But only
+ ** do this if the second byte is a \n. If the second byte is not \n,
+ ** then use a default selector */
+ if( data[1]=='\n' ){
+ uSelector = data[0]; data += 2; size -= 2;
+ }else{
+ uSelector = 0xfd;
+ }
+
+ /* Open the database connection. Only use an in-memory database. */
+ rc = sqlite3_open_v2("fuzz.db", &db,
+ SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0);
+ if( rc ) return 0;
+
+ /* Bit 0 of the selector enables progress callbacks. Bit 1 is the
+ ** return code from progress callbacks */
+ if( uSelector & 1 ){
+ sqlite3_progress_handler(db, 4, progress_handler, (void*)&progressArg);
+ }
+ uSelector >>= 1;
+ progressArg = uSelector & 1; uSelector >>= 1;
+
+ /* Bit 2 of the selector enables foreign key constraints */
+ sqlite3_db_config(db, SQLITE_DBCONFIG_ENABLE_FKEY, uSelector&1, &rc);
+ uSelector >>= 1;
+
+ /* Remaining bits of the selector determine a limit on the number of
+ ** output rows */
+ execCnt = uSelector + 1;
+
+ /* Run the SQL. The sqlite_exec() interface expects a zero-terminated
+ ** string, so make a copy. */
+ zSql = sqlite3_mprintf("%.*s", (int)size, data);
+ sqlite3_exec(db, zSql, exec_handler, (void*)&execCnt, &zErrMsg);
+
+ /* Cleanup and return */
+ sqlite3_free(zErrMsg);
+ sqlite3_free(zSql);
+ sqlite3_close(db);
+ return 0;
+}