/ Check-in [d60eff49]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improvements to the dbfuzz2.c test module.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: d60eff493b875366981c5a25000bb65cde9f6e628192914910790acc562c17b9
User & Date: drh 2018-10-27 21:06:44
Context
2018-10-29
16:07
Harden the dbstat extension against corrupt database files. check-in: a0d47f25 user: drh tags: trunk
2018-10-27
21:06
Improvements to the dbfuzz2.c test module. check-in: d60eff49 user: drh tags: trunk
16:02
Add an entry in Makefile.in to build dbfuzz2 using clang-6.0 with -fsanitize=fuzzer,undefined. check-in: a4a083ed user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to Makefile.in.

   671    671     -DSQLITE_DEBUG \
   672    672     -DSQLITE_ENABLE_DBSTAT_VTAB \
   673    673     -DSQLITE_ENABLE_RTREE \
   674    674     -DSQLITE_ENABLE_FTS4 \
   675    675     -DSQLITE_EANBLE_FTS5
   676    676   
   677    677   dbfuzz2:	$(TOP)/test/dbfuzz2.c sqlite3.c sqlite3.h
   678         -	clang-6.0 -I. -g -Os -fsanitize=fuzzer,undefined -o dbfuzz2 \
          678  +	clang-6.0 -I. -g -O0 -fsanitize=fuzzer,undefined -o dbfuzz2 \
   679    679   		$(DBFUZZ2_OPTS) $(TOP)/test/dbfuzz2.c sqlite3.c
   680    680   	mkdir -p dbfuzz2-dir
   681    681   	cp $(TOP)/test/dbfuzz2-seed* dbfuzz2-dir
   682    682   
   683    683   mptester$(TEXE):	sqlite3.lo $(TOP)/mptest/mptest.c
   684    684   	$(LTLINK) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.lo \
   685    685   		$(TLIBS) -rpath "$(libdir)"

Changes to test/dbfuzz2.c.

    49     49   ** This is the is the SQL that is run against the database.
    50     50   */
    51     51   static const char *azSql[] = {
    52     52     "PRAGMA integrity_check;",
    53     53     "SELECT * FROM sqlite_master;",
    54     54     "SELECT sum(length(name)) FROM dbstat;",
    55     55     "UPDATE t1 SET b=a, a=b WHERE a<b;",
    56         -  "ALTER TABLE t1 RENAME TO alkjalkjdfiiiwuer987lkjwer82mx97sf98788s9789s;"
           56  +  "ALTER TABLE t1 RENAME TO alkjalkjdfiiiwuer987lkjwer82mx97sf98788s9789s;",
    57     57     "INSERT INTO t3 SELECT * FROM t2;",
    58     58     "DELETE FROM t3 WHERE x IN (SELECT x FROM t4);",
    59         -  "REINDEX;"
           59  +  "REINDEX;",
    60     60     "DROP TABLE t3;",
    61     61     "VACUUM;",
    62     62   };
    63     63   
           64  +/* Output verbosity level.  0 means complete silence */
           65  +int eVerbosity = 0;
           66  +
           67  +/* libFuzzer invokes this routine with fuzzed database files (in aData).
           68  +** This routine run SQLite against the malformed database to see if it
           69  +** can provoke a failure or malfunction.
           70  +*/
    64     71   int LLVMFuzzerTestOneInput(const uint8_t *aData, size_t nByte){
    65     72     unsigned char *a;
    66     73     sqlite3 *db;
    67     74     int rc;
    68     75     int i;
    69     76   
           77  +  if( eVerbosity>=1 ){
           78  +    printf("************** nByte=%d ***************\n", (int)nByte);
           79  +    fflush(stdout);
           80  +  }
    70     81     rc = sqlite3_open(":memory:", &db);
    71     82     if( rc ) return 1;
    72     83     a = sqlite3_malloc64(nByte);
    73     84     if( a==0 ) return 1;
    74     85     memcpy(a, aData, nByte);
    75     86     sqlite3_deserialize(db, "main", a, nByte, nByte,
    76     87           SQLITE_DESERIALIZE_RESIZEABLE |
    77     88           SQLITE_DESERIALIZE_FREEONCLOSE);
    78     89     for(i=0; i<sizeof(azSql)/sizeof(azSql[0]); i++){
           90  +    if( eVerbosity>=1 ){
           91  +      printf("%s\n", azSql[i]);
           92  +      fflush(stdout);
           93  +    }
    79     94       sqlite3_exec(db, azSql[i], 0, 0, 0);
    80     95     }
    81     96     sqlite3_close(db);
           97  +  if( sqlite3_memory_used()!=0 ){
           98  +    fprintf(stderr,"Memory leak: %lld bytes\n", sqlite3_memory_used());
           99  +    exit(1);
          100  +  }
          101  +  return 0;
          102  +}
          103  +
          104  +/* libFuzzer invokes this routine once when the executable starts, to
          105  +** process the command-line arguments.
          106  +*/
          107  +int LLVMFuzzerInitialize(int *pArgc, char ***pArgv){
          108  +  int i, j;
          109  +  int argc = *pArgc;
          110  +  char **newArgv;
          111  +  char **argv = *pArgv;
          112  +  newArgv = malloc( sizeof(char*)*(argc+1) );
          113  +  if( newArgv==0 ) return 0;
          114  +  newArgv[0] = argv[0];
          115  +  for(i=j=1; i<argc; i++){
          116  +    char *z = argv[i];
          117  +    if( z[0]=='-' ){
          118  +      z++;
          119  +      if( z[0]=='-' ) z++;
          120  +      if( strcmp(z,"v")==0 ){
          121  +        eVerbosity++;
          122  +        continue;
          123  +      }
          124  +    }
          125  +    newArgv[j++] = argv[i];
          126  +  }
          127  +  newArgv[j] = 0;
          128  +  *pArgv = newArgv;
          129  +  *pArgc = j;
    82    130     return 0;
    83    131   }