Index: main.mk
==================================================================
--- main.mk
+++ main.mk
@@ -509,14 +509,14 @@
 fuzzershell$(EXE):	$(TOP)/tool/fuzzershell.c sqlite3.c sqlite3.h
 	$(TCCX) -o fuzzershell$(EXE) -DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION \
 	  $(FUZZERSHELL_OPT) $(TOP)/tool/fuzzershell.c sqlite3.c \
 	  $(TLIBS) $(THREADLIB)
 
-fuzzcheck$(EXE):	$(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h
+fuzzcheck$(EXE):	$(TOP)/test/fuzzcheck.c sqlite3.c sqlite3.h $(TOP)/test/ossfuzz.c
 	$(TCCX) -o fuzzcheck$(EXE) -DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION \
-		-DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) \
-		$(TOP)/test/fuzzcheck.c sqlite3.c $(TLIBS) $(THREADLIB)
+		-DSQLITE_ENABLE_MEMSYS5 $(FUZZCHECK_OPT) -DSQLITE_OSS_FUZZ \
+		$(TOP)/test/fuzzcheck.c $(TOP)/test/ossfuzz.c sqlite3.c $(TLIBS) $(THREADLIB)
 
 mptester$(EXE):	sqlite3.c $(TOP)/mptest/mptest.c
 	$(TCCX) -o $@ -I. $(TOP)/mptest/mptest.c sqlite3.c \
 		$(TLIBS) $(THREADLIB)
 

Index: test/fuzzcheck.c
==================================================================
--- test/fuzzcheck.c
+++ test/fuzzcheck.c
@@ -78,10 +78,15 @@
 #ifdef __unix__
 # include <signal.h>
 # include <unistd.h>
 #endif
 
+#ifdef SQLITE_OSS_FUZZ
+# include <stddef.h>
+# include <stdint.h>
+#endif
+
 /*
 ** Files in the virtual file system.
 */
 typedef struct VFile VFile;
 struct VFile {
@@ -792,10 +797,11 @@
 "  --limit-vdbe         Panic if any test runs for more than 100,000 cycles\n"
 "  --load-sql ARGS...   Load SQL scripts fro files into SOURCE-DB\n"
 "  --load-db ARGS...    Load template databases from files into SOURCE_DB\n"
 "  -m TEXT              Add a description to the database\n"
 "  --native-vfs         Use the native VFS for initially empty database files\n"
+"  --oss-fuzz           Enable OSS-FUZZ testing\n"
 "  --rebuild            Rebuild and vacuum the database file\n"
 "  --result-trace       Show the results of each SQL command\n"
 "  --sqlid N            Use only SQL where sqlid=N\n"
 "  --timeout N          Abort if any single test needs more than N seconds\n"
 "  -v|--verbose         Increased output.  Repeat for more output.\n"
@@ -833,10 +839,11 @@
   int iTimeout = 120;          /* Default 120-second timeout */
   int nMem = 0;                /* Memory limit */
   char *zExpDb = 0;            /* Write Databases to files in this directory */
   char *zExpSql = 0;           /* Write SQL to files in this directory */
   void *pHeap = 0;             /* Heap for use by SQLite */
+  int ossFuzz = 0;             /* enable OSS-FUZZ testing */
 
   iBegin = timeOfDay();
 #ifdef __unix__
   signal(SIGALRM, timeoutHandler);
 #endif
@@ -892,10 +899,13 @@
         if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]);
         zMsg = argv[++i];
       }else
       if( strcmp(z,"native-vfs")==0 ){
         nativeFlag = 1;
+      }else
+      if( strcmp(z,"oss-fuzz")==0 ){
+        ossFuzz = 1;
       }else
       if( strcmp(z,"quiet")==0 || strcmp(z,"q")==0 ){
         quietFlag = 1;
         verboseFlag = 0;
       }else
@@ -1121,29 +1131,38 @@
             fflush(stdout);
             prevAmt = amt;
           }
         }
         createVFile("main.db", pDb->sz, pDb->a);
-        openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
-        if( nativeFlag && pDb->sz==0 ){
-          openFlags |= SQLITE_OPEN_MEMORY;
-          zVfs = 0;
-        }
-        rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
-        if( rc ) fatalError("cannot open inmem database");
-        if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
-        setAlarm(iTimeout);
+        if( ossFuzz ){
+#ifndef SQLITE_OSS_FUZZ
+          fatalError("--oss-fuzz not supported: recompile with -DSQLITE_OSS_FUZZ");
+#else
+          extern int LLVMFuzzerTestOneInput(const uint8_t*, size_t);
+          LLVMFuzzerTestOneInput((const uint8_t*)pSql->a, (size_t)pSql->sz);
+#endif
+        }else{
+          openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE;
+          if( nativeFlag && pDb->sz==0 ){
+            openFlags |= SQLITE_OPEN_MEMORY;
+            zVfs = 0;
+          }
+          rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
+          if( rc ) fatalError("cannot open inmem database");
+          if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
+          setAlarm(iTimeout);
 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
-        if( sqlFuzz || vdbeLimitFlag ){
-          sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
-        }
+          if( sqlFuzz || vdbeLimitFlag ){
+            sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
+          }
 #endif
-        do{
-          runSql(db, (char*)pSql->a, runFlags);
-        }while( timeoutTest );
-        setAlarm(0);
-        sqlite3_close(db);
+          do{
+            runSql(db, (char*)pSql->a, runFlags);
+          }while( timeoutTest );
+          setAlarm(0);
+          sqlite3_close(db);
+        }
         if( sqlite3_memory_used()>0 ) fatalError("memory leak");
         reformatVfs();
         nTest++;
         g.zTestName[0] = 0;
 

ADDED   test/ossfuzz.c
Index: test/ossfuzz.c
==================================================================
--- /dev/null
+++ test/ossfuzz.c
@@ -0,0 +1,80 @@
+/*
+** This module interfaces SQLite to the Google OSS-Fuzz, fuzzer as a service.
+** (https://github.com/google/oss-fuzz)
+*/
+#include <stddef.h>
+#include <stdint.h>
+#include "sqlite3.h"
+
+/*
+** Progress handler callback
+*/
+static int progress_handler(void *pReturn) {
+  return *(int*)pReturn;
+}
+
+/*
+** Callback for sqlite3_exec().
+*/
+static int exec_handler(void *pCnt, int argc, char **argv, char **namev){
+  int i;
+  for(i=0; i<argc; i++) sqlite3_free(sqlite3_mprintf("%s", argv[i]));
+  return ((*(int*)pCnt)--)<=0;
+}
+
+/*
+** Main entry point.  The fuzzer invokes this function with each
+** fuzzed input.
+*/
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  int progressArg = 0;     /* 1 causes progress handler abort */
+  int execCnt = 0;         /* Abort row callback when count reaches zero */
+  char *zErrMsg = 0;       /* Error message returned by sqlite_exec() */
+  sqlite3 *db;             /* The database connection */
+  uint8_t uSelector;       /* First byte of input data[] */
+  int rc;                  /* Return code from various interfaces */
+  char *zSql;              /* Zero-terminated copy of data[] */
+
+  if( size<3 ) return 0;   /* Early out if unsufficient data */
+
+  /* Extract the selector byte from the beginning of the input.  But only
+  ** do this if the second byte is a \n.  If the second byte is not \n,
+  ** then use a default selector */
+  if( data[1]=='\n' ){
+    uSelector = data[0];  data += 2; size -= 2;
+  }else{
+    uSelector = 0xfd;
+  }
+
+  /* Open the database connection.  Only use an in-memory database. */
+  rc = sqlite3_open_v2("fuzz.db", &db,
+           SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0);
+  if( rc ) return 0;
+
+  /* Bit 0 of the selector enables progress callbacks.  Bit 1 is the
+  ** return code from progress callbacks */
+  if( uSelector & 1 ){
+    sqlite3_progress_handler(db, 4, progress_handler, (void*)&progressArg);
+  }
+  uSelector >>= 1;
+  progressArg = uSelector & 1;  uSelector >>= 1;
+
+  /* Bit 2 of the selector enables foreign key constraints */
+  sqlite3_db_config(db, SQLITE_DBCONFIG_ENABLE_FKEY, uSelector&1, &rc);
+  uSelector >>= 1;
+
+  /* Remaining bits of the selector determine a limit on the number of
+  ** output rows */
+  execCnt = uSelector + 1;
+
+  /* Run the SQL.  The sqlite_exec() interface expects a zero-terminated
+  ** string, so make a copy. */
+  zSql = sqlite3_mprintf("%.*s", (int)size, data);
+  sqlite3_exec(db, zSql, exec_handler, (void*)&execCnt, &zErrMsg);
+
+  /* Cleanup and return */
+  sqlite3_free(zErrMsg);
+  sqlite3_free(zSql);
+  sqlite3_close(db);
+  return 0;
+}