]> git.ipfire.org Git - thirdparty/sqlite.git/commitdiff
Add the test/ossfuzz.c interface adaptor for OSS-FUZZ. Make previsions for
authordrh <drh@noemail.net>
Fri, 11 Nov 2016 16:33:47 +0000 (16:33 +0000)
committerdrh <drh@noemail.net>
Fri, 11 Nov 2016 16:33:47 +0000 (16:33 +0000)
testing the adaptor using fuzzcheck.c.

FossilOrigin-Name: 119d6ef8478ea6ab07dfd0e974d2f5a8dcfce87e

main.mk
manifest
manifest.uuid
test/fuzzcheck.c
test/ossfuzz.c [new file with mode: 0644]

diff --git a/main.mk b/main.mk
index a5a50d205d4933216cdae39e934144e5c9955f19..51f9b5a6d7f62bfadbdfea31b4d88a8e8a24ed3c 100644 (file)
--- a/main.mk
+++ b/main.mk
@@ -511,10 +511,10 @@ fuzzershell$(EXE):        $(TOP)/tool/fuzzershell.c sqlite3.c sqlite3.h
          $(FUZZERSHELL_OPT) $(TOP)/tool/fuzzershell.c sqlite3.c \
          $(TLIBS) $(THREADLIB)
 
-fuzzcheck$(EXE):       $(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h
+fuzzcheck$(EXE):       $(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h $(TOP)/test/ossfuzz.c
        $(TCCX) -o fuzzcheck$(EXE) -DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION \
-               -DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) \
-               $(TOP)/test/fuzzcheck.c sqlite3.c $(TLIBS) $(THREADLIB)
+               -DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) -DSQLITE_OSS_FUZZ \
+               $(TOP)/test/fuzzcheck.c $(TOP)/test/ossfuzz.c sqlite3.c $(TLIBS) $(THREADLIB)
 
 mptester$(EXE):        sqlite3.c $(TOP)/mptest/mptest.c
        $(TCCX) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.c \
index c3e4c15178d2bc75c6f380961cac01849ccf4296..1f77db4553d9b3ee557cf6260a8e94b525b29745 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Handle\ssome\sobscure\s"row\svalue\smisused"\scases\sthat\scould\scause\ssegfaults\sor\nassertion\sfailures.
-D 2016-11-11T15:49:01.962
+C Add\sthe\stest/ossfuzz.c\sinterface\sadaptor\sfor\sOSS-FUZZ.\s\sMake\sprevisions\sfor\ntesting\sthe\sadaptor\susing\sfuzzcheck.c.
+D 2016-11-11T16:33:47.638
 F Makefile.in 6fd48ffcf7c2deea7499062d1f3747f986c19678
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc e0217f2d35a0448abbe4b066132ae20136e8b408
@@ -311,7 +311,7 @@ F ext/userauth/userauth.c 5fa3bdb492f481bbc1709fc83c91ebd13460c69e
 F install-sh 9d4de14ab9fb0facae2f48780b874848cbf2f895 x
 F ltmain.sh 3ff0879076df340d2e23ae905484d8c15d5fdea8
 F magic.txt 8273bf49ba3b0c8559cb2774495390c31fd61c60
-F main.mk 06dc0b1a9c9e2d05c9275937dd5b894bfe7d17d8
+F main.mk 4b5c097e286a7b57023547b674c508f14e51dd9d
 F mkso.sh fd21c06b063bb16a5d25deea1752c2da6ac3ed83
 F mptest/config01.test 3c6adcbc50b991866855f1977ff172eb6d901271
 F mptest/config02.test 4415dfe36c48785f751e16e32c20b077c28ae504
@@ -814,7 +814,7 @@ F test/fuzz2.test 76dc35b32b6d6f965259508508abce75a6c4d7e1
 F test/fuzz3.test b47377143f0c80f91ed29d722861077ff34415d5
 F test/fuzz_common.tcl a87dfbb88c2a6b08a38e9a070dabd129e617b45b
 F test/fuzz_malloc.test 328f70aaca63adf29b4c6f06505ed0cf57ca7c26
-F test/fuzzcheck.c f2e8102f7829f7b946ebdb6f1a16c6f942d9de66
+F test/fuzzcheck.c 984470cee0a35b893ad0377a7de75f0c9a758392
 F test/fuzzdata1.db 7ee3227bad0e7ccdeb08a9e6822916777073c664
 F test/fuzzdata2.db f03a420d3b822cc82e4f894ca957618fbe9c4973
 F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba
@@ -985,6 +985,7 @@ F test/orderby7.test 3d1383d52ade5b9eb3a173b3147fdd296f0202da
 F test/orderby8.test 23ef1a5d72bd3adcc2f65561c654295d1b8047bd
 F test/orderby9.test 87fb9548debcc2cd141c5299002dd94672fa76a3
 F test/oserror.test b32dc34f2363ef18532e3a0a7358e3e7e321974f
+F test/ossfuzz.c 2d64a0e38ec35fb29c09f8474b64c43605e00ce4 w test/oss-fuzz-adaptor.c
 F test/ovfl.test 199c482696defceacee8c8e0e0ef36da62726b2f
 F test/pager1.test 841868017e9dd3cb459b8d78862091a7d9cff21d
 F test/pager2.test 67b8f40ae98112bcdba1f2b2d03ea83266418c71
@@ -1531,7 +1532,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P f98c8ac8c485098f163400d3a92d6afb4008adbe
-R a89e5be61b771e1fa50ceffc5542b881
-U dan
-Z 011fdd87018b196e46b8f2521e403dd0
+P fba5fddb1c40af75634b01c1f06d2610df697e01
+R 7bae7291b6277b17f47b074bc7079f96
+U drh
+Z 392e6662701d2d132b972967184d58cf
index 1bc728291a1abd4955d55ed5c2e78a2399a25e98..e26aed998f161a8a7f9baf85e00bf9c7702e9d13 100644 (file)
@@ -1 +1 @@
-fba5fddb1c40af75634b01c1f06d2610df697e01
\ No newline at end of file
+119d6ef8478ea6ab07dfd0e974d2f5a8dcfce87e
\ No newline at end of file
index fec65881cead7b3c6bef1feeac1b365c8723acc3..442bcc6e4dde89f911c53b170b0b50ec4726e088 100644 (file)
 # include <unistd.h>
 #endif
 
+#ifdef SQLITE_OSS_FUZZ
+# include <stddef.h>
+# include <stdint.h>
+#endif
+
 /*
 ** Files in the virtual file system.
 */
@@ -794,6 +799,7 @@ static void showHelp(void){
 "  --load-db ARGS...    Load template databases from files into SOURCE_DB\n"
 "  -m TEXT              Add a description to the database\n"
 "  --native-vfs         Use the native VFS for initially empty database files\n"
+"  --oss-fuzz           Enable OSS-FUZZ testing\n"
 "  --rebuild            Rebuild and vacuum the database file\n"
 "  --result-trace       Show the results of each SQL command\n"
 "  --sqlid N            Use only SQL where sqlid=N\n"
@@ -835,6 +841,7 @@ int main(int argc, char **argv){
   char *zExpDb = 0;            /* Write Databases to files in this directory */
   char *zExpSql = 0;           /* Write SQL to files in this directory */
   void *pHeap = 0;             /* Heap for use by SQLite */
+  int ossFuzz = 0;             /* enable OSS-FUZZ testing */
 
   iBegin = timeOfDay();
 #ifdef __unix__
@@ -895,6 +902,9 @@ int main(int argc, char **argv){
       if( strcmp(z,"native-vfs")==0 ){
         nativeFlag = 1;
       }else
+      if( strcmp(z,"oss-fuzz")==0 ){
+        ossFuzz = 1;
+      }else
       if( strcmp(z,"quiet")==0 || strcmp(z,"q")==0 ){
         quietFlag = 1;
         verboseFlag = 0;
@@ -1123,25 +1133,34 @@ int main(int argc, char **argv){
           }
         }
         createVFile("main.db", pDb->sz, pDb->a);
-        openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
-        if( nativeFlag && pDb->sz==0 ){
-          openFlags |= SQLITE_OPEN_MEMORY;
-          zVfs = 0;
-        }
-        rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
-        if( rc ) fatalError("cannot open inmem database");
-        if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
-        setAlarm(iTimeout);
+        if( ossFuzz ){
+#ifndef SQLITE_OSS_FUZZ
+          fatalError("--oss-fuzz not supported: recompile with -DSQLITE_OSS_FUZZ");
+#else
+          extern int LLVMFuzzerTestOneInput(const uint8_t*, size_t);
+          LLVMFuzzerTestOneInput((const uint8_t*)pSql->a, (size_t)pSql->sz);
+#endif
+        }else{
+          openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
+          if( nativeFlag && pDb->sz==0 ){
+            openFlags |= SQLITE_OPEN_MEMORY;
+            zVfs = 0;
+          }
+          rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
+          if( rc ) fatalError("cannot open inmem database");
+          if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
+          setAlarm(iTimeout);
 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
-        if( sqlFuzz || vdbeLimitFlag ){
-          sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
-        }
+          if( sqlFuzz || vdbeLimitFlag ){
+            sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
+          }
 #endif
-        do{
-          runSql(db, (char*)pSql->a, runFlags);
-        }while( timeoutTest );
-        setAlarm(0);
-        sqlite3_close(db);
+          do{
+            runSql(db, (char*)pSql->a, runFlags);
+          }while( timeoutTest );
+          setAlarm(0);
+          sqlite3_close(db);
+        }
         if( sqlite3_memory_used()>0 ) fatalError("memory leak");
         reformatVfs();
         nTest++;
diff --git a/test/ossfuzz.c b/test/ossfuzz.c
new file mode 100644 (file)
index 0000000..ae07beb
--- /dev/null
@@ -0,0 +1,80 @@
+/*
+** This module interfaces SQLite to the Google OSS-Fuzz, fuzzer as a service.
+** (https://github.com/google/oss-fuzz)
+*/
+#include <stddef.h>
+#include <stdint.h>
+#include "sqlite3.h"
+
+/*
+** Progress handler callback
+*/
+static int progress_handler(void *pReturn) {
+  return *(int*)pReturn;
+}
+
+/*
+** Callback for sqlite3_exec().
+*/
+static int exec_handler(void *pCnt, int argc, char **argv, char **namev){
+  int i;
+  for(i=0; i<argc; i++) sqlite3_free(sqlite3_mprintf("%s", argv[i]));
+  return ((*(int*)pCnt)--)<=0;
+}
+
+/*
+** Main entry point.  The fuzzer invokes this function with each
+** fuzzed input.
+*/
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  int progressArg = 0;     /* 1 causes progress handler abort */
+  int execCnt = 0;         /* Abort row callback when count reaches zero */
+  char *zErrMsg = 0;       /* Error message returned by sqlite_exec() */
+  sqlite3 *db;             /* The database connection */
+  uint8_t uSelector;       /* First byte of input data[] */
+  int rc;                  /* Return code from various interfaces */
+  char *zSql;              /* Zero-terminated copy of data[] */
+
+  if( size<3 ) return 0;   /* Early out if unsufficient data */
+
+  /* Extract the selector byte from the beginning of the input.  But only
+  ** do this if the second byte is a \n.  If the second byte is not \n,
+  ** then use a default selector */
+  if( data[1]=='\n' ){
+    uSelector = data[0];  data += 2; size -= 2;
+  }else{
+    uSelector = 0xfd;
+  }
+
+  /* Open the database connection.  Only use an in-memory database. */
+  rc = sqlite3_open_v2("fuzz.db", &db,
+           SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0);
+  if( rc ) return 0;
+
+  /* Bit 0 of the selector enables progress callbacks.  Bit 1 is the
+  ** return code from progress callbacks */
+  if( uSelector & 1 ){
+    sqlite3_progress_handler(db, 4, progress_handler, (void*)&progressArg);
+  }
+  uSelector >>= 1;
+  progressArg = uSelector & 1;  uSelector >>= 1;
+
+  /* Bit 2 of the selector enables foreign key constraints */
+  sqlite3_db_config(db, SQLITE_DBCONFIG_ENABLE_FKEY, uSelector&1, &rc);
+  uSelector >>= 1;
+
+  /* Remaining bits of the selector determine a limit on the number of
+  ** output rows */
+  execCnt = uSelector + 1;
+
+  /* Run the SQL.  The sqlite_exec() interface expects a zero-terminated
+  ** string, so make a copy. */
+  zSql = sqlite3_mprintf("%.*s", (int)size, data);
+  sqlite3_exec(db, zSql, exec_handler, (void*)&execCnt, &zErrMsg);
+
+  /* Cleanup and return */
+  sqlite3_free(zErrMsg);
+  sqlite3_free(zSql);
+  sqlite3_close(db);
+  return 0;
+}