diff options
Diffstat (limited to 'test/ossfuzz.c')
| -rw-r--r-- | test/ossfuzz.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/test/ossfuzz.c b/test/ossfuzz.c index a8a637f2a..c3d66eb29 100644 --- a/test/ossfuzz.c +++ b/test/ossfuzz.c @@ -36,7 +36,10 @@ void ossfuzz_set_debug_flags(unsigned x){ static sqlite3_int64 timeOfDay(void){ static sqlite3_vfs *clockVfs = 0; sqlite3_int64 t; - if( clockVfs==0 ) clockVfs = sqlite3_vfs_find(0); + if( clockVfs==0 ){ + clockVfs = sqlite3_vfs_find(0); + if( clockVfs==0 ) return 0; + } if( clockVfs->iVersion>=2 && clockVfs->xCurrentTimeInt64!=0 ){ clockVfs->xCurrentTimeInt64(clockVfs, &t); }else{ @@ -56,9 +59,9 @@ typedef struct FuzzCtx { sqlite3_int64 iLastCb; /* Time recorded for previous progress callback */ sqlite3_int64 mxInterval; /* Longest interval between two progress calls */ unsigned nCb; /* Number of progress callbacks */ + unsigned execCnt; /* Number of calls to the sqlite3_exec callback */ } FuzzCtx; -#ifndef SQLITE_OMIT_PROGRESS_CALLBACK /* ** Progress handler callback. ** @@ -74,7 +77,6 @@ static int progress_handler(void *pClientData) { p->nCb++; return rc; } -#endif /* ** Disallow debugging pragmas such as "PRAGMA vdbe_debug" and @@ -101,12 +103,13 @@ static int block_debug_pragmas( /* ** Callback for sqlite3_exec(). */ -static int exec_handler(void *pCnt, int argc, char **argv, char **namev){ +static int exec_handler(void *pClientData, int argc, char **argv, char **namev){ + FuzzCtx *p = (FuzzCtx*)pClientData; int i; if( argv ){ for(i=0; i<argc; i++) sqlite3_free(sqlite3_mprintf("%s", argv[i])); } - return ((*(int*)pCnt)--)<=0; + return (p->execCnt--)<=0 || progress_handler(pClientData); } /* @@ -114,7 +117,6 @@ static int exec_handler(void *pCnt, int argc, char **argv, char **namev){ ** fuzzed input. */ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - int execCnt = 0; /* Abort row callback when count reaches zero */ char *zErrMsg = 0; /* Error message returned by sqlite_exec() */ uint8_t uSelector; /* First byte of input data[] */ int rc; /* Return code from various interfaces */ @@ -134,11 +136,11 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { } /* Open the database connection. Only use an in-memory database. */ + if( sqlite3_initialize() ) return 0; rc = sqlite3_open_v2("fuzz.db", &cx.db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0); if( rc ) return 0; -#ifndef SQLITE_OMIT_PROGRESS_CALLBACK /* Invoke the progress handler frequently to check to see if we ** are taking too long. The progress handler will return true ** (which will block further processing) if more than 10 seconds have @@ -146,6 +148,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { */ cx.iLastCb = timeOfDay(); cx.iCutoffTime = cx.iLastCb + 10000; /* Now + 10 seconds */ +#ifndef SQLITE_OMIT_PROGRESS_CALLBACK sqlite3_progress_handler(cx.db, 10, progress_handler, (void*)&cx); #endif @@ -161,7 +164,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Remaining bits of the selector determine a limit on the number of ** output rows */ - execCnt = uSelector + 1; + cx.execCnt = uSelector + 1; /* Run the SQL. The sqlite_exec() interface expects a zero-terminated ** string, so make a copy. */ @@ -169,7 +172,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { #ifndef SQLITE_OMIT_COMPLETE sqlite3_complete(zSql); #endif - sqlite3_exec(cx.db, zSql, exec_handler, (void*)&execCnt, &zErrMsg); + sqlite3_exec(cx.db, zSql, exec_handler, (void*)&cx, &zErrMsg); /* Show any errors */ if( (mDebug & FUZZ_SHOW_ERRORS)!=0 && zErrMsg ){ |