1 /* 2 ** 2015-05-25 3 ** 4 ** The author disclaims copyright to this source code. In place of 5 ** a legal notice, here is a blessing: 6 ** 7 ** May you do good and not evil. 8 ** May you find forgiveness for yourself and forgive others. 9 ** May you share freely, never taking more than you give. 10 ** 11 ************************************************************************* 12 ** 13 ** This is a utility program designed to aid running regressions tests on 14 ** the SQLite library using data from an external fuzzer, such as American 15 ** Fuzzy Lop (AFL) (http://lcamtuf.coredump.cx/afl/). 16 ** 17 ** This program reads content from an SQLite database file with the following 18 ** schema: 19 ** 20 ** CREATE TABLE db( 21 ** dbid INTEGER PRIMARY KEY, -- database id 22 ** dbcontent BLOB -- database disk file image 23 ** ); 24 ** CREATE TABLE xsql( 25 ** sqlid INTEGER PRIMARY KEY, -- SQL script id 26 ** sqltext TEXT -- Text of SQL statements to run 27 ** ); 28 ** CREATE TABLE IF NOT EXISTS readme( 29 ** msg TEXT -- Human-readable description of this test collection 30 ** ); 31 ** 32 ** For each database file in the DB table, the SQL text in the XSQL table 33 ** is run against that database. All README.MSG values are printed prior 34 ** to the start of the test (unless the --quiet option is used). If the 35 ** DB table is empty, then all entries in XSQL are run against an empty 36 ** in-memory database. 37 ** 38 ** This program is looking for crashes, assertion faults, and/or memory leaks. 39 ** No attempt is made to verify the output. The assumption is that either all 40 ** of the database files or all of the SQL statements are malformed inputs, 41 ** generated by a fuzzer, that need to be checked to make sure they do not 42 ** present a security risk. 43 ** 44 ** This program also includes some command-line options to help with 45 ** creation and maintenance of the source content database. The command 46 ** 47 ** ./fuzzcheck database.db --load-sql FILE... 48 ** 49 ** Loads all FILE... arguments into the XSQL table. The --load-db option 50 ** works the same but loads the files into the DB table. The -m option can 51 ** be used to initialize the README table. The "database.db" file is created 52 ** if it does not previously exist. Example: 53 ** 54 ** ./fuzzcheck new.db --load-sql *.sql 55 ** ./fuzzcheck new.db --load-db *.db 56 ** ./fuzzcheck new.db -m 'New test cases' 57 ** 58 ** The three commands above will create the "new.db" file and initialize all 59 ** tables. Then do "./fuzzcheck new.db" to run the tests. 60 ** 61 ** DEBUGGING HINTS: 62 ** 63 ** If fuzzcheck does crash, it can be run in the debugger and the content 64 ** of the global variable g.zTextName[] will identify the specific XSQL and 65 ** DB values that were running when the crash occurred. 66 */ 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #include <stdarg.h> 71 #include <ctype.h> 72 #include <assert.h> 73 #include "sqlite3.h" 74 #define ISSPACE(X) isspace((unsigned char)(X)) 75 #define ISDIGIT(X) isdigit((unsigned char)(X)) 76 77 78 #ifdef __unix__ 79 # include <signal.h> 80 # include <unistd.h> 81 #endif 82 83 #ifdef SQLITE_OSS_FUZZ 84 # include <stddef.h> 85 # if !defined(_MSC_VER) 86 # include <stdint.h> 87 # endif 88 #endif 89 90 #if defined(_MSC_VER) 91 typedef unsigned char uint8_t; 92 #endif 93 94 /* 95 ** Files in the virtual file system. 96 */ 97 typedef struct VFile VFile; 98 struct VFile { 99 char *zFilename; /* Filename. NULL for delete-on-close. From malloc() */ 100 int sz; /* Size of the file in bytes */ 101 int nRef; /* Number of references to this file */ 102 unsigned char *a; /* Content of the file. From malloc() */ 103 }; 104 typedef struct VHandle VHandle; 105 struct VHandle { 106 sqlite3_file base; /* Base class. Must be first */ 107 VFile *pVFile; /* The underlying file */ 108 }; 109 110 /* 111 ** The value of a database file template, or of an SQL script 112 */ 113 typedef struct Blob Blob; 114 struct Blob { 115 Blob *pNext; /* Next in a list */ 116 int id; /* Id of this Blob */ 117 int seq; /* Sequence number */ 118 int sz; /* Size of this Blob in bytes */ 119 unsigned char a[1]; /* Blob content. Extra space allocated as needed. */ 120 }; 121 122 /* 123 ** Maximum number of files in the in-memory virtual filesystem. 124 */ 125 #define MX_FILE 10 126 127 /* 128 ** Maximum allowed file size 129 */ 130 #define MX_FILE_SZ 10000000 131 132 /* 133 ** All global variables are gathered into the "g" singleton. 134 */ 135 static struct GlobalVars { 136 const char *zArgv0; /* Name of program */ 137 VFile aFile[MX_FILE]; /* The virtual filesystem */ 138 int nDb; /* Number of template databases */ 139 Blob *pFirstDb; /* Content of first template database */ 140 int nSql; /* Number of SQL scripts */ 141 Blob *pFirstSql; /* First SQL script */ 142 unsigned int uRandom; /* Seed for the SQLite PRNG */ 143 char zTestName[100]; /* Name of current test */ 144 } g; 145 146 /* 147 ** Print an error message and quit. 148 */ 149 static void fatalError(const char *zFormat, ...){ 150 va_list ap; 151 if( g.zTestName[0] ){ 152 fprintf(stderr, "%s (%s): ", g.zArgv0, g.zTestName); 153 }else{ 154 fprintf(stderr, "%s: ", g.zArgv0); 155 } 156 va_start(ap, zFormat); 157 vfprintf(stderr, zFormat, ap); 158 va_end(ap); 159 fprintf(stderr, "\n"); 160 exit(1); 161 } 162 163 /* 164 ** Timeout handler 165 */ 166 #ifdef __unix__ 167 static void timeoutHandler(int NotUsed){ 168 (void)NotUsed; 169 fatalError("timeout\n"); 170 } 171 #endif 172 173 /* 174 ** Set the an alarm to go off after N seconds. Disable the alarm 175 ** if N==0 176 */ 177 static void setAlarm(int N){ 178 #ifdef __unix__ 179 alarm(N); 180 #else 181 (void)N; 182 #endif 183 } 184 185 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK 186 /* 187 ** This an SQL progress handler. After an SQL statement has run for 188 ** many steps, we want to interrupt it. This guards against infinite 189 ** loops from recursive common table expressions. 190 ** 191 ** *pVdbeLimitFlag is true if the --limit-vdbe command-line option is used. 192 ** In that case, hitting the progress handler is a fatal error. 193 */ 194 static int progressHandler(void *pVdbeLimitFlag){ 195 if( *(int*)pVdbeLimitFlag ) fatalError("too many VDBE cycles"); 196 return 1; 197 } 198 #endif 199 200 /* 201 ** Reallocate memory. Show and error and quit if unable. 202 */ 203 static void *safe_realloc(void *pOld, int szNew){ 204 void *pNew = realloc(pOld, szNew<=0 ? 1 : szNew); 205 if( pNew==0 ) fatalError("unable to realloc for %d bytes", szNew); 206 return pNew; 207 } 208 209 /* 210 ** Initialize the virtual file system. 211 */ 212 static void formatVfs(void){ 213 int i; 214 for(i=0; i<MX_FILE; i++){ 215 g.aFile[i].sz = -1; 216 g.aFile[i].zFilename = 0; 217 g.aFile[i].a = 0; 218 g.aFile[i].nRef = 0; 219 } 220 } 221 222 223 /* 224 ** Erase all information in the virtual file system. 225 */ 226 static void reformatVfs(void){ 227 int i; 228 for(i=0; i<MX_FILE; i++){ 229 if( g.aFile[i].sz<0 ) continue; 230 if( g.aFile[i].zFilename ){ 231 free(g.aFile[i].zFilename); 232 g.aFile[i].zFilename = 0; 233 } 234 if( g.aFile[i].nRef>0 ){ 235 fatalError("file %d still open. nRef=%d", i, g.aFile[i].nRef); 236 } 237 g.aFile[i].sz = -1; 238 free(g.aFile[i].a); 239 g.aFile[i].a = 0; 240 g.aFile[i].nRef = 0; 241 } 242 } 243 244 /* 245 ** Find a VFile by name 246 */ 247 static VFile *findVFile(const char *zName){ 248 int i; 249 if( zName==0 ) return 0; 250 for(i=0; i<MX_FILE; i++){ 251 if( g.aFile[i].zFilename==0 ) continue; 252 if( strcmp(g.aFile[i].zFilename, zName)==0 ) return &g.aFile[i]; 253 } 254 return 0; 255 } 256 257 /* 258 ** Find a VFile by name. Create it if it does not already exist and 259 ** initialize it to the size and content given. 260 ** 261 ** Return NULL only if the filesystem is full. 262 */ 263 static VFile *createVFile(const char *zName, int sz, unsigned char *pData){ 264 VFile *pNew = findVFile(zName); 265 int i; 266 if( pNew ) return pNew; 267 for(i=0; i<MX_FILE && g.aFile[i].sz>=0; i++){} 268 if( i>=MX_FILE ) return 0; 269 pNew = &g.aFile[i]; 270 if( zName ){ 271 int nName = (int)strlen(zName)+1; 272 pNew->zFilename = safe_realloc(0, nName); 273 memcpy(pNew->zFilename, zName, nName); 274 }else{ 275 pNew->zFilename = 0; 276 } 277 pNew->nRef = 0; 278 pNew->sz = sz; 279 pNew->a = safe_realloc(0, sz); 280 if( sz>0 ) memcpy(pNew->a, pData, sz); 281 return pNew; 282 } 283 284 285 /* 286 ** Implementation of the "readfile(X)" SQL function. The entire content 287 ** of the file named X is read and returned as a BLOB. NULL is returned 288 ** if the file does not exist or is unreadable. 289 */ 290 static void readfileFunc( 291 sqlite3_context *context, 292 int argc, 293 sqlite3_value **argv 294 ){ 295 const char *zName; 296 FILE *in; 297 long nIn; 298 void *pBuf; 299 300 zName = (const char*)sqlite3_value_text(argv[0]); 301 if( zName==0 ) return; 302 in = fopen(zName, "rb"); 303 if( in==0 ) return; 304 fseek(in, 0, SEEK_END); 305 nIn = ftell(in); 306 rewind(in); 307 pBuf = sqlite3_malloc64( nIn ); 308 if( pBuf && 1==fread(pBuf, nIn, 1, in) ){ 309 sqlite3_result_blob(context, pBuf, nIn, sqlite3_free); 310 }else{ 311 sqlite3_free(pBuf); 312 } 313 fclose(in); 314 } 315 316 /* 317 ** Implementation of the "writefile(X,Y)" SQL function. The argument Y 318 ** is written into file X. The number of bytes written is returned. Or 319 ** NULL is returned if something goes wrong, such as being unable to open 320 ** file X for writing. 321 */ 322 static void writefileFunc( 323 sqlite3_context *context, 324 int argc, 325 sqlite3_value **argv 326 ){ 327 FILE *out; 328 const char *z; 329 sqlite3_int64 rc; 330 const char *zFile; 331 332 (void)argc; 333 zFile = (const char*)sqlite3_value_text(argv[0]); 334 if( zFile==0 ) return; 335 out = fopen(zFile, "wb"); 336 if( out==0 ) return; 337 z = (const char*)sqlite3_value_blob(argv[1]); 338 if( z==0 ){ 339 rc = 0; 340 }else{ 341 rc = fwrite(z, 1, sqlite3_value_bytes(argv[1]), out); 342 } 343 fclose(out); 344 sqlite3_result_int64(context, rc); 345 } 346 347 348 /* 349 ** Load a list of Blob objects from the database 350 */ 351 static void blobListLoadFromDb( 352 sqlite3 *db, /* Read from this database */ 353 const char *zSql, /* Query used to extract the blobs */ 354 int onlyId, /* Only load where id is this value */ 355 int *pN, /* OUT: Write number of blobs loaded here */ 356 Blob **ppList /* OUT: Write the head of the blob list here */ 357 ){ 358 Blob head; 359 Blob *p; 360 sqlite3_stmt *pStmt; 361 int n = 0; 362 int rc; 363 char *z2; 364 365 if( onlyId>0 ){ 366 z2 = sqlite3_mprintf("%s WHERE rowid=%d", zSql, onlyId); 367 }else{ 368 z2 = sqlite3_mprintf("%s", zSql); 369 } 370 rc = sqlite3_prepare_v2(db, z2, -1, &pStmt, 0); 371 sqlite3_free(z2); 372 if( rc ) fatalError("%s", sqlite3_errmsg(db)); 373 head.pNext = 0; 374 p = &head; 375 while( SQLITE_ROW==sqlite3_step(pStmt) ){ 376 int sz = sqlite3_column_bytes(pStmt, 1); 377 Blob *pNew = safe_realloc(0, sizeof(*pNew)+sz ); 378 pNew->id = sqlite3_column_int(pStmt, 0); 379 pNew->sz = sz; 380 pNew->seq = n++; 381 pNew->pNext = 0; 382 memcpy(pNew->a, sqlite3_column_blob(pStmt,1), sz); 383 pNew->a[sz] = 0; 384 p->pNext = pNew; 385 p = pNew; 386 } 387 sqlite3_finalize(pStmt); 388 *pN = n; 389 *ppList = head.pNext; 390 } 391 392 /* 393 ** Free a list of Blob objects 394 */ 395 static void blobListFree(Blob *p){ 396 Blob *pNext; 397 while( p ){ 398 pNext = p->pNext; 399 free(p); 400 p = pNext; 401 } 402 } 403 404 /* Return the current wall-clock time */ 405 static sqlite3_int64 timeOfDay(void){ 406 static sqlite3_vfs *clockVfs = 0; 407 sqlite3_int64 t; 408 if( clockVfs==0 ){ 409 clockVfs = sqlite3_vfs_find(0); 410 if( clockVfs==0 ) return 0; 411 } 412 if( clockVfs->iVersion>=1 && clockVfs->xCurrentTimeInt64!=0 ){ 413 clockVfs->xCurrentTimeInt64(clockVfs, &t); 414 }else{ 415 double r; 416 clockVfs->xCurrentTime(clockVfs, &r); 417 t = (sqlite3_int64)(r*86400000.0); 418 } 419 return t; 420 } 421 422 /*************************************************************************** 423 ** Code to process combined database+SQL scripts generated by the 424 ** dbsqlfuzz fuzzer. 425 */ 426 427 /* An instance of the following object is passed by pointer as the 428 ** client data to various callbacks. 429 */ 430 typedef struct FuzzCtx { 431 sqlite3 *db; /* The database connection */ 432 sqlite3_int64 iCutoffTime; /* Stop processing at this time. */ 433 sqlite3_int64 iLastCb; /* Time recorded for previous progress callback */ 434 sqlite3_int64 mxInterval; /* Longest interval between two progress calls */ 435 unsigned nCb; /* Number of progress callbacks */ 436 unsigned mxCb; /* Maximum number of progress callbacks allowed */ 437 unsigned execCnt; /* Number of calls to the sqlite3_exec callback */ 438 int timeoutHit; /* True when reaching a timeout */ 439 } FuzzCtx; 440 441 /* Verbosity level for the dbsqlfuzz test runner */ 442 static int eVerbosity = 0; 443 444 /* True to activate PRAGMA vdbe_debug=on */ 445 static int bVdbeDebug = 0; 446 447 /* Timeout for each fuzzing attempt, in milliseconds */ 448 static int giTimeout = 10000; /* Defaults to 10 seconds */ 449 450 /* Maximum number of progress handler callbacks */ 451 static unsigned int mxProgressCb = 2000; 452 453 /* Maximum string length in SQLite */ 454 static int lengthLimit = 1000000; 455 456 /* Maximum byte-code program length in SQLite */ 457 static int vdbeOpLimit = 25000; 458 459 /* Maximum size of the in-memory database */ 460 static sqlite3_int64 maxDbSize = 104857600; 461 462 /* 463 ** Translate a single byte of Hex into an integer. 464 ** This routine only works if h really is a valid hexadecimal 465 ** character: 0..9a..fA..F 466 */ 467 static unsigned char hexToInt(unsigned int h){ 468 #ifdef SQLITE_EBCDIC 469 h += 9*(1&~(h>>4)); /* EBCDIC */ 470 #else 471 h += 9*(1&(h>>6)); /* ASCII */ 472 #endif 473 return h & 0xf; 474 } 475 476 /* 477 ** The first character of buffer zIn[0..nIn-1] is a '['. This routine 478 ** checked to see if the buffer holds "[NNNN]" or "[+NNNN]" and if it 479 ** does it makes corresponding changes to the *pK value and *pI value 480 ** and returns true. If the input buffer does not match the patterns, 481 ** no changes are made to either *pK or *pI and this routine returns false. 482 */ 483 static int isOffset( 484 const unsigned char *zIn, /* Text input */ 485 int nIn, /* Bytes of input */ 486 unsigned int *pK, /* half-byte cursor to adjust */ 487 unsigned int *pI /* Input index to adjust */ 488 ){ 489 int i; 490 unsigned int k = 0; 491 unsigned char c; 492 for(i=1; i<nIn && (c = zIn[i])!=']'; i++){ 493 if( !isxdigit(c) ) return 0; 494 k = k*16 + hexToInt(c); 495 } 496 if( i==nIn ) return 0; 497 *pK = 2*k; 498 *pI += i; 499 return 1; 500 } 501 502 /* 503 ** Decode the text starting at zIn into a binary database file. 504 ** The maximum length of zIn is nIn bytes. Compute the binary database 505 ** file contain in space obtained from sqlite3_malloc(). 506 ** 507 ** Return the number of bytes of zIn consumed. Or return -1 if there 508 ** is an error. One potential error is that the recipe specifies a 509 ** database file larger than MX_FILE_SZ bytes. 510 ** 511 ** Abort on an OOM. 512 */ 513 static int decodeDatabase( 514 const unsigned char *zIn, /* Input text to be decoded */ 515 int nIn, /* Bytes of input text */ 516 unsigned char **paDecode, /* OUT: decoded database file */ 517 int *pnDecode /* OUT: Size of decoded database */ 518 ){ 519 unsigned char *a; /* Database under construction */ 520 int mx = 0; /* Current size of the database */ 521 sqlite3_uint64 nAlloc = 4096; /* Space allocated in a[] */ 522 unsigned int i; /* Next byte of zIn[] to read */ 523 unsigned int j; /* Temporary integer */ 524 unsigned int k; /* half-byte cursor index for output */ 525 unsigned int n; /* Number of bytes of input */ 526 unsigned char b = 0; 527 if( nIn<4 ) return -1; 528 n = (unsigned int)nIn; 529 a = sqlite3_malloc64( nAlloc ); 530 if( a==0 ){ 531 fprintf(stderr, "Out of memory!\n"); 532 exit(1); 533 } 534 memset(a, 0, (size_t)nAlloc); 535 for(i=k=0; i<n; i++){ 536 unsigned char c = (unsigned char)zIn[i]; 537 if( isxdigit(c) ){ 538 k++; 539 if( k & 1 ){ 540 b = hexToInt(c)*16; 541 }else{ 542 b += hexToInt(c); 543 j = k/2 - 1; 544 if( j>=nAlloc ){ 545 sqlite3_uint64 newSize; 546 if( nAlloc==MX_FILE_SZ || j>=MX_FILE_SZ ){ 547 if( eVerbosity ){ 548 fprintf(stderr, "Input database too big: max %d bytes\n", 549 MX_FILE_SZ); 550 } 551 sqlite3_free(a); 552 return -1; 553 } 554 newSize = nAlloc*2; 555 if( newSize<=j ){ 556 newSize = (j+4096)&~4095; 557 } 558 if( newSize>MX_FILE_SZ ){ 559 if( j>=MX_FILE_SZ ){ 560 sqlite3_free(a); 561 return -1; 562 } 563 newSize = MX_FILE_SZ; 564 } 565 a = sqlite3_realloc64( a, newSize ); 566 if( a==0 ){ 567 fprintf(stderr, "Out of memory!\n"); 568 exit(1); 569 } 570 assert( newSize > nAlloc ); 571 memset(a+nAlloc, 0, (size_t)(newSize - nAlloc)); 572 nAlloc = newSize; 573 } 574 if( j>=(unsigned)mx ){ 575 mx = (j + 4095)&~4095; 576 if( mx>MX_FILE_SZ ) mx = MX_FILE_SZ; 577 } 578 assert( j<nAlloc ); 579 a[j] = b; 580 } 581 }else if( zIn[i]=='[' && i<n-3 && isOffset(zIn+i, nIn-i, &k, &i) ){ 582 continue; 583 }else if( zIn[i]=='\n' && i<n-4 && memcmp(zIn+i,"\n--\n",4)==0 ){ 584 i += 4; 585 break; 586 } 587 } 588 *pnDecode = mx; 589 *paDecode = a; 590 return i; 591 } 592 593 /* 594 ** Progress handler callback. 595 ** 596 ** The argument is the cutoff-time after which all processing should 597 ** stop. So return non-zero if the cut-off time is exceeded. 598 */ 599 static int progress_handler(void *pClientData) { 600 FuzzCtx *p = (FuzzCtx*)pClientData; 601 sqlite3_int64 iNow = timeOfDay(); 602 int rc = iNow>=p->iCutoffTime; 603 sqlite3_int64 iDiff = iNow - p->iLastCb; 604 if( iDiff > p->mxInterval ) p->mxInterval = iDiff; 605 p->nCb++; 606 if( rc==0 && p->mxCb>0 && p->mxCb<=p->nCb ) rc = 1; 607 if( rc && !p->timeoutHit && eVerbosity>=2 ){ 608 printf("Timeout on progress callback %d\n", p->nCb); 609 fflush(stdout); 610 p->timeoutHit = 1; 611 } 612 return rc; 613 } 614 615 /* 616 ** Disallow debugging pragmas such as "PRAGMA vdbe_debug" and 617 ** "PRAGMA parser_trace" since they can dramatically increase the 618 ** amount of output without actually testing anything useful. 619 ** 620 ** Also block ATTACH and DETACH 621 */ 622 static int block_troublesome_sql( 623 void *Notused, 624 int eCode, 625 const char *zArg1, 626 const char *zArg2, 627 const char *zArg3, 628 const char *zArg4 629 ){ 630 (void)Notused; 631 (void)zArg2; 632 (void)zArg3; 633 (void)zArg4; 634 if( eCode==SQLITE_PRAGMA ){ 635 if( sqlite3_strnicmp("vdbe_", zArg1, 5)==0 636 || sqlite3_stricmp("parser_trace", zArg1)==0 637 || sqlite3_stricmp("temp_store_directory", zArg1)==0 638 ){ 639 return SQLITE_DENY; 640 } 641 }else if( (eCode==SQLITE_ATTACH || eCode==SQLITE_DETACH) 642 && zArg1 && zArg1[0] ){ 643 return SQLITE_DENY; 644 } 645 return SQLITE_OK; 646 } 647 648 /* 649 ** Run the SQL text 650 */ 651 static int runDbSql(sqlite3 *db, const char *zSql){ 652 int rc; 653 sqlite3_stmt *pStmt; 654 while( isspace(zSql[0]&0x7f) ) zSql++; 655 if( zSql[0]==0 ) return SQLITE_OK; 656 if( eVerbosity>=4 ){ 657 printf("RUNNING-SQL: [%s]\n", zSql); 658 fflush(stdout); 659 } 660 rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); 661 if( rc==SQLITE_OK ){ 662 while( (rc = sqlite3_step(pStmt))==SQLITE_ROW ){ 663 if( eVerbosity>=5 ){ 664 int j; 665 for(j=0; j<sqlite3_column_count(pStmt); j++){ 666 if( j ) printf(","); 667 switch( sqlite3_column_type(pStmt, j) ){ 668 case SQLITE_NULL: { 669 printf("NULL"); 670 break; 671 } 672 case SQLITE_INTEGER: 673 case SQLITE_FLOAT: { 674 printf("%s", sqlite3_column_text(pStmt, j)); 675 break; 676 } 677 case SQLITE_BLOB: { 678 int n = sqlite3_column_bytes(pStmt, j); 679 int i; 680 const unsigned char *a; 681 a = (const unsigned char*)sqlite3_column_blob(pStmt, j); 682 printf("x'"); 683 for(i=0; i<n; i++){ 684 printf("%02x", a[i]); 685 } 686 printf("'"); 687 break; 688 } 689 case SQLITE_TEXT: { 690 int n = sqlite3_column_bytes(pStmt, j); 691 int i; 692 const unsigned char *a; 693 a = (const unsigned char*)sqlite3_column_blob(pStmt, j); 694 printf("'"); 695 for(i=0; i<n; i++){ 696 if( a[i]=='\'' ){ 697 printf("''"); 698 }else{ 699 putchar(a[i]); 700 } 701 } 702 printf("'"); 703 break; 704 } 705 } /* End switch() */ 706 } /* End for() */ 707 printf("\n"); 708 fflush(stdout); 709 } /* End if( eVerbosity>=5 ) */ 710 } /* End while( SQLITE_ROW */ 711 if( rc!=SQLITE_DONE && eVerbosity>=4 ){ 712 printf("SQL-ERROR: (%d) %s\n", rc, sqlite3_errmsg(db)); 713 fflush(stdout); 714 } 715 }else if( eVerbosity>=4 ){ 716 printf("SQL-ERROR (%d): %s\n", rc, sqlite3_errmsg(db)); 717 fflush(stdout); 718 } /* End if( SQLITE_OK ) */ 719 return sqlite3_finalize(pStmt); 720 } 721 722 /* Invoke this routine to run a single test case */ 723 int runCombinedDbSqlInput(const uint8_t *aData, size_t nByte){ 724 int rc; /* SQLite API return value */ 725 int iSql; /* Index in aData[] of start of SQL */ 726 unsigned char *aDb = 0; /* Decoded database content */ 727 int nDb = 0; /* Size of the decoded database */ 728 int i; /* Loop counter */ 729 int j; /* Start of current SQL statement */ 730 char *zSql = 0; /* SQL text to run */ 731 int nSql; /* Bytes of SQL text */ 732 FuzzCtx cx; /* Fuzzing context */ 733 734 if( nByte<10 ) return 0; 735 if( sqlite3_initialize() ) return 0; 736 if( sqlite3_memory_used()!=0 ){ 737 int nAlloc = 0; 738 int nNotUsed = 0; 739 sqlite3_status(SQLITE_STATUS_MALLOC_COUNT, &nAlloc, &nNotUsed, 0); 740 fprintf(stderr,"Memory leak in mutator: %lld bytes in %d allocations\n", 741 sqlite3_memory_used(), nAlloc); 742 exit(1); 743 } 744 memset(&cx, 0, sizeof(cx)); 745 iSql = decodeDatabase((unsigned char*)aData, (int)nByte, &aDb, &nDb); 746 if( iSql<0 ) return 0; 747 nSql = (int)(nByte - iSql); 748 if( eVerbosity>=3 ){ 749 printf( 750 "****** %d-byte input, %d-byte database, %d-byte script " 751 "******\n", (int)nByte, nDb, nSql); 752 fflush(stdout); 753 } 754 rc = sqlite3_open(0, &cx.db); 755 if( rc ) return 1; 756 if( bVdbeDebug ){ 757 sqlite3_exec(cx.db, "PRAGMA vdbe_debug=ON", 0, 0, 0); 758 } 759 760 /* Invoke the progress handler frequently to check to see if we 761 ** are taking too long. The progress handler will return true 762 ** (which will block further processing) if more than giTimeout seconds have 763 ** elapsed since the start of the test. 764 */ 765 cx.iLastCb = timeOfDay(); 766 cx.iCutoffTime = cx.iLastCb + giTimeout; /* Now + giTimeout seconds */ 767 cx.mxCb = mxProgressCb; 768 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK 769 sqlite3_progress_handler(cx.db, 10, progress_handler, (void*)&cx); 770 #endif 771 772 /* Set a limit on the maximum size of a prepared statement, and the 773 ** maximum length of a string or blob */ 774 if( vdbeOpLimit>0 ){ 775 sqlite3_limit(cx.db, SQLITE_LIMIT_VDBE_OP, vdbeOpLimit); 776 } 777 if( lengthLimit>0 ){ 778 sqlite3_limit(cx.db, SQLITE_LIMIT_LENGTH, lengthLimit); 779 } 780 781 if( nDb>=20 && aDb[18]==2 && aDb[19]==2 ){ 782 aDb[18] = aDb[19] = 1; 783 } 784 rc = sqlite3_deserialize(cx.db, "main", aDb, nDb, nDb, 785 SQLITE_DESERIALIZE_RESIZEABLE | 786 SQLITE_DESERIALIZE_FREEONCLOSE); 787 if( rc ){ 788 fprintf(stderr, "sqlite3_deserialize() failed with %d\n", rc); 789 goto testrun_finished; 790 } 791 if( maxDbSize>0 ){ 792 sqlite3_int64 x = maxDbSize; 793 sqlite3_file_control(cx.db, "main", SQLITE_FCNTL_SIZE_LIMIT, &x); 794 } 795 796 /* For high debugging levels, turn on debug mode */ 797 if( eVerbosity>=5 ){ 798 sqlite3_exec(cx.db, "PRAGMA vdbe_debug=ON;", 0, 0, 0); 799 } 800 801 /* Block debug pragmas and ATTACH/DETACH. But wait until after 802 ** deserialize to do this because deserialize depends on ATTACH */ 803 sqlite3_set_authorizer(cx.db, block_troublesome_sql, 0); 804 805 /* Consistent PRNG seed */ 806 sqlite3_randomness(0,0); 807 808 zSql = sqlite3_malloc( nSql + 1 ); 809 if( zSql==0 ){ 810 fprintf(stderr, "Out of memory!\n"); 811 }else{ 812 memcpy(zSql, aData+iSql, nSql); 813 zSql[nSql] = 0; 814 for(i=j=0; zSql[i]; i++){ 815 if( zSql[i]==';' ){ 816 char cSaved = zSql[i+1]; 817 zSql[i+1] = 0; 818 if( sqlite3_complete(zSql+j) ){ 819 rc = runDbSql(cx.db, zSql+j); 820 j = i+1; 821 } 822 zSql[i+1] = cSaved; 823 if( rc==SQLITE_INTERRUPT || progress_handler(&cx) ){ 824 goto testrun_finished; 825 } 826 } 827 } 828 if( j<i ){ 829 runDbSql(cx.db, zSql+j); 830 } 831 } 832 testrun_finished: 833 sqlite3_free(zSql); 834 rc = sqlite3_close(cx.db); 835 if( rc!=SQLITE_OK ){ 836 fprintf(stdout, "sqlite3_close() returns %d\n", rc); 837 } 838 if( eVerbosity>=2 ){ 839 fprintf(stdout, "Peak memory usages: %f MB\n", 840 sqlite3_memory_highwater(1) / 1000000.0); 841 } 842 if( sqlite3_memory_used()!=0 ){ 843 int nAlloc = 0; 844 int nNotUsed = 0; 845 sqlite3_status(SQLITE_STATUS_MALLOC_COUNT, &nAlloc, &nNotUsed, 0); 846 fprintf(stderr,"Memory leak: %lld bytes in %d allocations\n", 847 sqlite3_memory_used(), nAlloc); 848 exit(1); 849 } 850 return 0; 851 } 852 853 /* 854 ** END of the dbsqlfuzz code 855 ***************************************************************************/ 856 857 /* Look at a SQL text and try to determine if it begins with a database 858 ** description, such as would be found in a dbsqlfuzz test case. Return 859 ** true if this does appear to be a dbsqlfuzz test case and false otherwise. 860 */ 861 static int isDbSql(unsigned char *a, int n){ 862 unsigned char buf[12]; 863 int i; 864 if( n>4 && memcmp(a,"\n--\n",4)==0 ) return 1; 865 while( n>0 && isspace(a[0]) ){ a++; n--; } 866 for(i=0; n>0 && i<8; n--, a++){ 867 if( isxdigit(a[0]) ) buf[i++] = a[0]; 868 } 869 if( i==8 && memcmp(buf,"53514c69",8)==0 ) return 1; 870 return 0; 871 } 872 873 /* Implementation of the isdbsql(TEXT) SQL function. 874 */ 875 static void isDbSqlFunc( 876 sqlite3_context *context, 877 int argc, 878 sqlite3_value **argv 879 ){ 880 int n = sqlite3_value_bytes(argv[0]); 881 unsigned char *a = (unsigned char*)sqlite3_value_blob(argv[0]); 882 sqlite3_result_int(context, a!=0 && n>0 && isDbSql(a,n)); 883 } 884 885 /* Methods for the VHandle object 886 */ 887 static int inmemClose(sqlite3_file *pFile){ 888 VHandle *p = (VHandle*)pFile; 889 VFile *pVFile = p->pVFile; 890 pVFile->nRef--; 891 if( pVFile->nRef==0 && pVFile->zFilename==0 ){ 892 pVFile->sz = -1; 893 free(pVFile->a); 894 pVFile->a = 0; 895 } 896 return SQLITE_OK; 897 } 898 static int inmemRead( 899 sqlite3_file *pFile, /* Read from this open file */ 900 void *pData, /* Store content in this buffer */ 901 int iAmt, /* Bytes of content */ 902 sqlite3_int64 iOfst /* Start reading here */ 903 ){ 904 VHandle *pHandle = (VHandle*)pFile; 905 VFile *pVFile = pHandle->pVFile; 906 if( iOfst<0 || iOfst>=pVFile->sz ){ 907 memset(pData, 0, iAmt); 908 return SQLITE_IOERR_SHORT_READ; 909 } 910 if( iOfst+iAmt>pVFile->sz ){ 911 memset(pData, 0, iAmt); 912 iAmt = (int)(pVFile->sz - iOfst); 913 memcpy(pData, pVFile->a + iOfst, iAmt); 914 return SQLITE_IOERR_SHORT_READ; 915 } 916 memcpy(pData, pVFile->a + iOfst, iAmt); 917 return SQLITE_OK; 918 } 919 static int inmemWrite( 920 sqlite3_file *pFile, /* Write to this file */ 921 const void *pData, /* Content to write */ 922 int iAmt, /* bytes to write */ 923 sqlite3_int64 iOfst /* Start writing here */ 924 ){ 925 VHandle *pHandle = (VHandle*)pFile; 926 VFile *pVFile = pHandle->pVFile; 927 if( iOfst+iAmt > pVFile->sz ){ 928 if( iOfst+iAmt >= MX_FILE_SZ ){ 929 return SQLITE_FULL; 930 } 931 pVFile->a = safe_realloc(pVFile->a, (int)(iOfst+iAmt)); 932 if( iOfst > pVFile->sz ){ 933 memset(pVFile->a + pVFile->sz, 0, (int)(iOfst - pVFile->sz)); 934 } 935 pVFile->sz = (int)(iOfst + iAmt); 936 } 937 memcpy(pVFile->a + iOfst, pData, iAmt); 938 return SQLITE_OK; 939 } 940 static int inmemTruncate(sqlite3_file *pFile, sqlite3_int64 iSize){ 941 VHandle *pHandle = (VHandle*)pFile; 942 VFile *pVFile = pHandle->pVFile; 943 if( pVFile->sz>iSize && iSize>=0 ) pVFile->sz = (int)iSize; 944 return SQLITE_OK; 945 } 946 static int inmemSync(sqlite3_file *pFile, int flags){ 947 return SQLITE_OK; 948 } 949 static int inmemFileSize(sqlite3_file *pFile, sqlite3_int64 *pSize){ 950 *pSize = ((VHandle*)pFile)->pVFile->sz; 951 return SQLITE_OK; 952 } 953 static int inmemLock(sqlite3_file *pFile, int type){ 954 return SQLITE_OK; 955 } 956 static int inmemUnlock(sqlite3_file *pFile, int type){ 957 return SQLITE_OK; 958 } 959 static int inmemCheckReservedLock(sqlite3_file *pFile, int *pOut){ 960 *pOut = 0; 961 return SQLITE_OK; 962 } 963 static int inmemFileControl(sqlite3_file *pFile, int op, void *pArg){ 964 return SQLITE_NOTFOUND; 965 } 966 static int inmemSectorSize(sqlite3_file *pFile){ 967 return 512; 968 } 969 static int inmemDeviceCharacteristics(sqlite3_file *pFile){ 970 return 971 SQLITE_IOCAP_SAFE_APPEND | 972 SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN | 973 SQLITE_IOCAP_POWERSAFE_OVERWRITE; 974 } 975 976 977 /* Method table for VHandle 978 */ 979 static sqlite3_io_methods VHandleMethods = { 980 /* iVersion */ 1, 981 /* xClose */ inmemClose, 982 /* xRead */ inmemRead, 983 /* xWrite */ inmemWrite, 984 /* xTruncate */ inmemTruncate, 985 /* xSync */ inmemSync, 986 /* xFileSize */ inmemFileSize, 987 /* xLock */ inmemLock, 988 /* xUnlock */ inmemUnlock, 989 /* xCheck... */ inmemCheckReservedLock, 990 /* xFileCtrl */ inmemFileControl, 991 /* xSectorSz */ inmemSectorSize, 992 /* xDevchar */ inmemDeviceCharacteristics, 993 /* xShmMap */ 0, 994 /* xShmLock */ 0, 995 /* xShmBarrier */ 0, 996 /* xShmUnmap */ 0, 997 /* xFetch */ 0, 998 /* xUnfetch */ 0 999 }; 1000 1001 /* 1002 ** Open a new file in the inmem VFS. All files are anonymous and are 1003 ** delete-on-close. 1004 */ 1005 static int inmemOpen( 1006 sqlite3_vfs *pVfs, 1007 const char *zFilename, 1008 sqlite3_file *pFile, 1009 int openFlags, 1010 int *pOutFlags 1011 ){ 1012 VFile *pVFile = createVFile(zFilename, 0, (unsigned char*)""); 1013 VHandle *pHandle = (VHandle*)pFile; 1014 if( pVFile==0 ){ 1015 return SQLITE_FULL; 1016 } 1017 pHandle->pVFile = pVFile; 1018 pVFile->nRef++; 1019 pFile->pMethods = &VHandleMethods; 1020 if( pOutFlags ) *pOutFlags = openFlags; 1021 return SQLITE_OK; 1022 } 1023 1024 /* 1025 ** Delete a file by name 1026 */ 1027 static int inmemDelete( 1028 sqlite3_vfs *pVfs, 1029 const char *zFilename, 1030 int syncdir 1031 ){ 1032 VFile *pVFile = findVFile(zFilename); 1033 if( pVFile==0 ) return SQLITE_OK; 1034 if( pVFile->nRef==0 ){ 1035 free(pVFile->zFilename); 1036 pVFile->zFilename = 0; 1037 pVFile->sz = -1; 1038 free(pVFile->a); 1039 pVFile->a = 0; 1040 return SQLITE_OK; 1041 } 1042 return SQLITE_IOERR_DELETE; 1043 } 1044 1045 /* Check for the existance of a file 1046 */ 1047 static int inmemAccess( 1048 sqlite3_vfs *pVfs, 1049 const char *zFilename, 1050 int flags, 1051 int *pResOut 1052 ){ 1053 VFile *pVFile = findVFile(zFilename); 1054 *pResOut = pVFile!=0; 1055 return SQLITE_OK; 1056 } 1057 1058 /* Get the canonical pathname for a file 1059 */ 1060 static int inmemFullPathname( 1061 sqlite3_vfs *pVfs, 1062 const char *zFilename, 1063 int nOut, 1064 char *zOut 1065 ){ 1066 sqlite3_snprintf(nOut, zOut, "%s", zFilename); 1067 return SQLITE_OK; 1068 } 1069 1070 /* Always use the same random see, for repeatability. 1071 */ 1072 static int inmemRandomness(sqlite3_vfs *NotUsed, int nBuf, char *zBuf){ 1073 memset(zBuf, 0, nBuf); 1074 memcpy(zBuf, &g.uRandom, nBuf<sizeof(g.uRandom) ? nBuf : sizeof(g.uRandom)); 1075 return nBuf; 1076 } 1077 1078 /* 1079 ** Register the VFS that reads from the g.aFile[] set of files. 1080 */ 1081 static void inmemVfsRegister(int makeDefault){ 1082 static sqlite3_vfs inmemVfs; 1083 sqlite3_vfs *pDefault = sqlite3_vfs_find(0); 1084 inmemVfs.iVersion = 3; 1085 inmemVfs.szOsFile = sizeof(VHandle); 1086 inmemVfs.mxPathname = 200; 1087 inmemVfs.zName = "inmem"; 1088 inmemVfs.xOpen = inmemOpen; 1089 inmemVfs.xDelete = inmemDelete; 1090 inmemVfs.xAccess = inmemAccess; 1091 inmemVfs.xFullPathname = inmemFullPathname; 1092 inmemVfs.xRandomness = inmemRandomness; 1093 inmemVfs.xSleep = pDefault->xSleep; 1094 inmemVfs.xCurrentTimeInt64 = pDefault->xCurrentTimeInt64; 1095 sqlite3_vfs_register(&inmemVfs, makeDefault); 1096 }; 1097 1098 /* 1099 ** Allowed values for the runFlags parameter to runSql() 1100 */ 1101 #define SQL_TRACE 0x0001 /* Print each SQL statement as it is prepared */ 1102 #define SQL_OUTPUT 0x0002 /* Show the SQL output */ 1103 1104 /* 1105 ** Run multiple commands of SQL. Similar to sqlite3_exec(), but does not 1106 ** stop if an error is encountered. 1107 */ 1108 static void runSql(sqlite3 *db, const char *zSql, unsigned runFlags){ 1109 const char *zMore; 1110 sqlite3_stmt *pStmt; 1111 1112 while( zSql && zSql[0] ){ 1113 zMore = 0; 1114 pStmt = 0; 1115 sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zMore); 1116 if( zMore==zSql ) break; 1117 if( runFlags & SQL_TRACE ){ 1118 const char *z = zSql; 1119 int n; 1120 while( z<zMore && ISSPACE(z[0]) ) z++; 1121 n = (int)(zMore - z); 1122 while( n>0 && ISSPACE(z[n-1]) ) n--; 1123 if( n==0 ) break; 1124 if( pStmt==0 ){ 1125 printf("TRACE: %.*s (error: %s)\n", n, z, sqlite3_errmsg(db)); 1126 }else{ 1127 printf("TRACE: %.*s\n", n, z); 1128 } 1129 } 1130 zSql = zMore; 1131 if( pStmt ){ 1132 if( (runFlags & SQL_OUTPUT)==0 ){ 1133 while( SQLITE_ROW==sqlite3_step(pStmt) ){} 1134 }else{ 1135 int nCol = -1; 1136 while( SQLITE_ROW==sqlite3_step(pStmt) ){ 1137 int i; 1138 if( nCol<0 ){ 1139 nCol = sqlite3_column_count(pStmt); 1140 }else if( nCol>0 ){ 1141 printf("--------------------------------------------\n"); 1142 } 1143 for(i=0; i<nCol; i++){ 1144 int eType = sqlite3_column_type(pStmt,i); 1145 printf("%s = ", sqlite3_column_name(pStmt,i)); 1146 switch( eType ){ 1147 case SQLITE_NULL: { 1148 printf("NULL\n"); 1149 break; 1150 } 1151 case SQLITE_INTEGER: { 1152 printf("INT %s\n", sqlite3_column_text(pStmt,i)); 1153 break; 1154 } 1155 case SQLITE_FLOAT: { 1156 printf("FLOAT %s\n", sqlite3_column_text(pStmt,i)); 1157 break; 1158 } 1159 case SQLITE_TEXT: { 1160 printf("TEXT [%s]\n", sqlite3_column_text(pStmt,i)); 1161 break; 1162 } 1163 case SQLITE_BLOB: { 1164 printf("BLOB (%d bytes)\n", sqlite3_column_bytes(pStmt,i)); 1165 break; 1166 } 1167 } 1168 } 1169 } 1170 } 1171 sqlite3_finalize(pStmt); 1172 } 1173 } 1174 } 1175 1176 /* 1177 ** Rebuild the database file. 1178 ** 1179 ** (1) Remove duplicate entries 1180 ** (2) Put all entries in order 1181 ** (3) Vacuum 1182 */ 1183 static void rebuild_database(sqlite3 *db, int dbSqlOnly){ 1184 int rc; 1185 char *zSql; 1186 zSql = sqlite3_mprintf( 1187 "BEGIN;\n" 1188 "CREATE TEMP TABLE dbx AS SELECT DISTINCT dbcontent FROM db;\n" 1189 "DELETE FROM db;\n" 1190 "INSERT INTO db(dbid, dbcontent) " 1191 " SELECT NULL, dbcontent FROM dbx ORDER BY 2;\n" 1192 "DROP TABLE dbx;\n" 1193 "CREATE TEMP TABLE sx AS SELECT DISTINCT sqltext FROM xsql %s;\n" 1194 "DELETE FROM xsql;\n" 1195 "INSERT INTO xsql(sqlid,sqltext) " 1196 " SELECT NULL, sqltext FROM sx ORDER BY 2;\n" 1197 "DROP TABLE sx;\n" 1198 "COMMIT;\n" 1199 "PRAGMA page_size=1024;\n" 1200 "VACUUM;\n", 1201 dbSqlOnly ? " WHERE isdbsql(sqltext)" : "" 1202 ); 1203 rc = sqlite3_exec(db, zSql, 0, 0, 0); 1204 sqlite3_free(zSql); 1205 if( rc ) fatalError("cannot rebuild: %s", sqlite3_errmsg(db)); 1206 } 1207 1208 /* 1209 ** Return the value of a hexadecimal digit. Return -1 if the input 1210 ** is not a hex digit. 1211 */ 1212 static int hexDigitValue(char c){ 1213 if( c>='0' && c<='9' ) return c - '0'; 1214 if( c>='a' && c<='f' ) return c - 'a' + 10; 1215 if( c>='A' && c<='F' ) return c - 'A' + 10; 1216 return -1; 1217 } 1218 1219 /* 1220 ** Interpret zArg as an integer value, possibly with suffixes. 1221 */ 1222 static int integerValue(const char *zArg){ 1223 sqlite3_int64 v = 0; 1224 static const struct { char *zSuffix; int iMult; } aMult[] = { 1225 { "KiB", 1024 }, 1226 { "MiB", 1024*1024 }, 1227 { "GiB", 1024*1024*1024 }, 1228 { "KB", 1000 }, 1229 { "MB", 1000000 }, 1230 { "GB", 1000000000 }, 1231 { "K", 1000 }, 1232 { "M", 1000000 }, 1233 { "G", 1000000000 }, 1234 }; 1235 int i; 1236 int isNeg = 0; 1237 if( zArg[0]=='-' ){ 1238 isNeg = 1; 1239 zArg++; 1240 }else if( zArg[0]=='+' ){ 1241 zArg++; 1242 } 1243 if( zArg[0]=='0' && zArg[1]=='x' ){ 1244 int x; 1245 zArg += 2; 1246 while( (x = hexDigitValue(zArg[0]))>=0 ){ 1247 v = (v<<4) + x; 1248 zArg++; 1249 } 1250 }else{ 1251 while( ISDIGIT(zArg[0]) ){ 1252 v = v*10 + zArg[0] - '0'; 1253 zArg++; 1254 } 1255 } 1256 for(i=0; i<sizeof(aMult)/sizeof(aMult[0]); i++){ 1257 if( sqlite3_stricmp(aMult[i].zSuffix, zArg)==0 ){ 1258 v *= aMult[i].iMult; 1259 break; 1260 } 1261 } 1262 if( v>0x7fffffff ) fatalError("parameter too large - max 2147483648"); 1263 return (int)(isNeg? -v : v); 1264 } 1265 1266 /* 1267 ** Return the number of "v" characters in a string. Return 0 if there 1268 ** are any characters in the string other than "v". 1269 */ 1270 static int numberOfVChar(const char *z){ 1271 int N = 0; 1272 while( z[0] && z[0]=='v' ){ 1273 z++; 1274 N++; 1275 } 1276 return z[0]==0 ? N : 0; 1277 } 1278 1279 /* 1280 ** Print sketchy documentation for this utility program 1281 */ 1282 static void showHelp(void){ 1283 printf("Usage: %s [options] SOURCE-DB ?ARGS...?\n", g.zArgv0); 1284 printf( 1285 "Read databases and SQL scripts from SOURCE-DB and execute each script against\n" 1286 "each database, checking for crashes and memory leaks.\n" 1287 "Options:\n" 1288 " --cell-size-check Set the PRAGMA cell_size_check=ON\n" 1289 " --dbid N Use only the database where dbid=N\n" 1290 " --export-db DIR Write databases to files(s) in DIR. Works with --dbid\n" 1291 " --export-sql DIR Write SQL to file(s) in DIR. Also works with --sqlid\n" 1292 " --help Show this help text\n" 1293 " --info Show information about SOURCE-DB w/o running tests\n" 1294 " --limit-mem N Limit memory used by test SQLite instance to N bytes\n" 1295 " --limit-vdbe Panic if any test runs for more than 100,000 cycles\n" 1296 " --load-sql ARGS... Load SQL scripts fron files into SOURCE-DB\n" 1297 " --load-db ARGS... Load template databases from files into SOURCE_DB\n" 1298 " --load-dbsql ARGS.. Load dbsqlfuzz outputs into the xsql table\n" 1299 " -m TEXT Add a description to the database\n" 1300 " --native-vfs Use the native VFS for initially empty database files\n" 1301 " --native-malloc Turn off MEMSYS3/5 and Lookaside\n" 1302 " --oss-fuzz Enable OSS-FUZZ testing\n" 1303 " --prng-seed N Seed value for the PRGN inside of SQLite\n" 1304 " -q|--quiet Reduced output\n" 1305 " --rebuild Rebuild and vacuum the database file\n" 1306 " --result-trace Show the results of each SQL command\n" 1307 " --sqlid N Use only SQL where sqlid=N\n" 1308 " --timeout N Abort if any single test needs more than N seconds\n" 1309 " -v|--verbose Increased output. Repeat for more output.\n" 1310 ); 1311 } 1312 1313 int main(int argc, char **argv){ 1314 sqlite3_int64 iBegin; /* Start time of this program */ 1315 int quietFlag = 0; /* True if --quiet or -q */ 1316 int verboseFlag = 0; /* True if --verbose or -v */ 1317 char *zInsSql = 0; /* SQL statement for --load-db or --load-sql */ 1318 int iFirstInsArg = 0; /* First argv[] for --load-db or --load-sql */ 1319 sqlite3 *db = 0; /* The open database connection */ 1320 sqlite3_stmt *pStmt; /* A prepared statement */ 1321 int rc; /* Result code from SQLite interface calls */ 1322 Blob *pSql; /* For looping over SQL scripts */ 1323 Blob *pDb; /* For looping over template databases */ 1324 int i; /* Loop index for the argv[] loop */ 1325 int dbSqlOnly = 0; /* Only use scripts that are dbsqlfuzz */ 1326 int onlySqlid = -1; /* --sqlid */ 1327 int onlyDbid = -1; /* --dbid */ 1328 int nativeFlag = 0; /* --native-vfs */ 1329 int rebuildFlag = 0; /* --rebuild */ 1330 int vdbeLimitFlag = 0; /* --limit-vdbe */ 1331 int infoFlag = 0; /* --info */ 1332 int timeoutTest = 0; /* undocumented --timeout-test flag */ 1333 int runFlags = 0; /* Flags sent to runSql() */ 1334 char *zMsg = 0; /* Add this message */ 1335 int nSrcDb = 0; /* Number of source databases */ 1336 char **azSrcDb = 0; /* Array of source database names */ 1337 int iSrcDb; /* Loop over all source databases */ 1338 int nTest = 0; /* Total number of tests performed */ 1339 char *zDbName = ""; /* Appreviated name of a source database */ 1340 const char *zFailCode = 0; /* Value of the TEST_FAILURE env variable */ 1341 int cellSzCkFlag = 0; /* --cell-size-check */ 1342 int sqlFuzz = 0; /* True for SQL fuzz. False for DB fuzz */ 1343 int iTimeout = 120; /* Default 120-second timeout */ 1344 int nMem = 0; /* Memory limit */ 1345 int nMemThisDb = 0; /* Memory limit set by the CONFIG table */ 1346 char *zExpDb = 0; /* Write Databases to files in this directory */ 1347 char *zExpSql = 0; /* Write SQL to files in this directory */ 1348 void *pHeap = 0; /* Heap for use by SQLite */ 1349 int ossFuzz = 0; /* enable OSS-FUZZ testing */ 1350 int ossFuzzThisDb = 0; /* ossFuzz value for this particular database */ 1351 int nativeMalloc = 0; /* Turn off MEMSYS3/5 and lookaside if true */ 1352 sqlite3_vfs *pDfltVfs; /* The default VFS */ 1353 int openFlags4Data; /* Flags for sqlite3_open_v2() */ 1354 int nV; /* How much to increase verbosity with -vvvv */ 1355 1356 sqlite3_initialize(); 1357 iBegin = timeOfDay(); 1358 #ifdef __unix__ 1359 signal(SIGALRM, timeoutHandler); 1360 #endif 1361 g.zArgv0 = argv[0]; 1362 openFlags4Data = SQLITE_OPEN_READONLY; 1363 zFailCode = getenv("TEST_FAILURE"); 1364 pDfltVfs = sqlite3_vfs_find(0); 1365 inmemVfsRegister(1); 1366 for(i=1; i<argc; i++){ 1367 const char *z = argv[i]; 1368 if( z[0]=='-' ){ 1369 z++; 1370 if( z[0]=='-' ) z++; 1371 if( strcmp(z,"cell-size-check")==0 ){ 1372 cellSzCkFlag = 1; 1373 }else 1374 if( strcmp(z,"dbid")==0 ){ 1375 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1376 onlyDbid = integerValue(argv[++i]); 1377 }else 1378 if( strcmp(z,"export-db")==0 ){ 1379 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1380 zExpDb = argv[++i]; 1381 }else 1382 if( strcmp(z,"export-sql")==0 || strcmp(z,"export-dbsql")==0 ){ 1383 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1384 zExpSql = argv[++i]; 1385 }else 1386 if( strcmp(z,"help")==0 ){ 1387 showHelp(); 1388 return 0; 1389 }else 1390 if( strcmp(z,"info")==0 ){ 1391 infoFlag = 1; 1392 }else 1393 if( strcmp(z,"limit-mem")==0 ){ 1394 #if !defined(SQLITE_ENABLE_MEMSYS3) && !defined(SQLITE_ENABLE_MEMSYS5) 1395 fatalError("the %s option requires -DSQLITE_ENABLE_MEMSYS5 or _MEMSYS3", 1396 argv[i]); 1397 #else 1398 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1399 nMem = integerValue(argv[++i]); 1400 #endif 1401 }else 1402 if( strcmp(z,"limit-vdbe")==0 ){ 1403 vdbeLimitFlag = 1; 1404 }else 1405 if( strcmp(z,"load-sql")==0 ){ 1406 zInsSql = "INSERT INTO xsql(sqltext)VALUES(CAST(readfile(?1) AS text))"; 1407 iFirstInsArg = i+1; 1408 openFlags4Data = SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE; 1409 break; 1410 }else 1411 if( strcmp(z,"load-db")==0 ){ 1412 zInsSql = "INSERT INTO db(dbcontent) VALUES(readfile(?1))"; 1413 iFirstInsArg = i+1; 1414 openFlags4Data = SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE; 1415 break; 1416 }else 1417 if( strcmp(z,"load-dbsql")==0 ){ 1418 zInsSql = "INSERT INTO xsql(sqltext)VALUES(CAST(readfile(?1) AS text))"; 1419 iFirstInsArg = i+1; 1420 openFlags4Data = SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE; 1421 dbSqlOnly = 1; 1422 break; 1423 }else 1424 if( strcmp(z,"m")==0 ){ 1425 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1426 zMsg = argv[++i]; 1427 openFlags4Data = SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE; 1428 }else 1429 if( strcmp(z,"native-malloc")==0 ){ 1430 nativeMalloc = 1; 1431 }else 1432 if( strcmp(z,"native-vfs")==0 ){ 1433 nativeFlag = 1; 1434 }else 1435 if( strcmp(z,"oss-fuzz")==0 ){ 1436 ossFuzz = 1; 1437 }else 1438 if( strcmp(z,"prng-seed")==0 ){ 1439 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1440 g.uRandom = atoi(argv[++i]); 1441 }else 1442 if( strcmp(z,"quiet")==0 || strcmp(z,"q")==0 ){ 1443 quietFlag = 1; 1444 verboseFlag = 0; 1445 eVerbosity = 0; 1446 }else 1447 if( strcmp(z,"rebuild")==0 ){ 1448 rebuildFlag = 1; 1449 openFlags4Data = SQLITE_OPEN_READWRITE; 1450 }else 1451 if( strcmp(z,"result-trace")==0 ){ 1452 runFlags |= SQL_OUTPUT; 1453 }else 1454 if( strcmp(z,"sqlid")==0 ){ 1455 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1456 onlySqlid = integerValue(argv[++i]); 1457 }else 1458 if( strcmp(z,"timeout")==0 ){ 1459 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1460 iTimeout = integerValue(argv[++i]); 1461 }else 1462 if( strcmp(z,"timeout-test")==0 ){ 1463 timeoutTest = 1; 1464 #ifndef __unix__ 1465 fatalError("timeout is not available on non-unix systems"); 1466 #endif 1467 }else 1468 if( strcmp(z,"verbose")==0 ){ 1469 quietFlag = 0; 1470 verboseFlag++; 1471 eVerbosity++; 1472 if( verboseFlag>1 ) runFlags |= SQL_TRACE; 1473 }else 1474 if( (nV = numberOfVChar(z))>=1 ){ 1475 quietFlag = 0; 1476 verboseFlag += nV; 1477 eVerbosity += nV; 1478 if( verboseFlag>1 ) runFlags |= SQL_TRACE; 1479 }else 1480 if( strcmp(z,"version")==0 ){ 1481 int ii; 1482 const char *zz; 1483 printf("SQLite %s %s\n", sqlite3_libversion(), sqlite3_sourceid()); 1484 for(ii=0; (zz = sqlite3_compileoption_get(ii))!=0; ii++){ 1485 printf("%s\n", zz); 1486 } 1487 return 0; 1488 }else 1489 { 1490 fatalError("unknown option: %s", argv[i]); 1491 } 1492 }else{ 1493 nSrcDb++; 1494 azSrcDb = safe_realloc(azSrcDb, nSrcDb*sizeof(azSrcDb[0])); 1495 azSrcDb[nSrcDb-1] = argv[i]; 1496 } 1497 } 1498 if( nSrcDb==0 ) fatalError("no source database specified"); 1499 if( nSrcDb>1 ){ 1500 if( zMsg ){ 1501 fatalError("cannot change the description of more than one database"); 1502 } 1503 if( zInsSql ){ 1504 fatalError("cannot import into more than one database"); 1505 } 1506 } 1507 1508 /* Process each source database separately */ 1509 for(iSrcDb=0; iSrcDb<nSrcDb; iSrcDb++){ 1510 rc = sqlite3_open_v2(azSrcDb[iSrcDb], &db, 1511 openFlags4Data, pDfltVfs->zName); 1512 if( rc ){ 1513 fatalError("cannot open source database %s - %s", 1514 azSrcDb[iSrcDb], sqlite3_errmsg(db)); 1515 } 1516 1517 /* Print the description, if there is one */ 1518 if( infoFlag ){ 1519 int n; 1520 zDbName = azSrcDb[iSrcDb]; 1521 i = (int)strlen(zDbName) - 1; 1522 while( i>0 && zDbName[i-1]!='/' && zDbName[i-1]!='\\' ){ i--; } 1523 zDbName += i; 1524 sqlite3_prepare_v2(db, "SELECT msg FROM readme", -1, &pStmt, 0); 1525 if( pStmt && sqlite3_step(pStmt)==SQLITE_ROW ){ 1526 printf("%s: %s", zDbName, sqlite3_column_text(pStmt,0)); 1527 }else{ 1528 printf("%s: (empty \"readme\")", zDbName); 1529 } 1530 sqlite3_finalize(pStmt); 1531 sqlite3_prepare_v2(db, "SELECT count(*) FROM db", -1, &pStmt, 0); 1532 if( pStmt 1533 && sqlite3_step(pStmt)==SQLITE_ROW 1534 && (n = sqlite3_column_int(pStmt,0))>0 1535 ){ 1536 printf(" - %d DBs", n); 1537 } 1538 sqlite3_finalize(pStmt); 1539 sqlite3_prepare_v2(db, "SELECT count(*) FROM xsql", -1, &pStmt, 0); 1540 if( pStmt 1541 && sqlite3_step(pStmt)==SQLITE_ROW 1542 && (n = sqlite3_column_int(pStmt,0))>0 1543 ){ 1544 printf(" - %d scripts", n); 1545 } 1546 sqlite3_finalize(pStmt); 1547 printf("\n"); 1548 sqlite3_close(db); 1549 continue; 1550 } 1551 1552 rc = sqlite3_exec(db, 1553 "CREATE TABLE IF NOT EXISTS db(\n" 1554 " dbid INTEGER PRIMARY KEY, -- database id\n" 1555 " dbcontent BLOB -- database disk file image\n" 1556 ");\n" 1557 "CREATE TABLE IF NOT EXISTS xsql(\n" 1558 " sqlid INTEGER PRIMARY KEY, -- SQL script id\n" 1559 " sqltext TEXT -- Text of SQL statements to run\n" 1560 ");" 1561 "CREATE TABLE IF NOT EXISTS readme(\n" 1562 " msg TEXT -- Human-readable description of this file\n" 1563 ");", 0, 0, 0); 1564 if( rc ) fatalError("cannot create schema: %s", sqlite3_errmsg(db)); 1565 if( zMsg ){ 1566 char *zSql; 1567 zSql = sqlite3_mprintf( 1568 "DELETE FROM readme; INSERT INTO readme(msg) VALUES(%Q)", zMsg); 1569 rc = sqlite3_exec(db, zSql, 0, 0, 0); 1570 sqlite3_free(zSql); 1571 if( rc ) fatalError("cannot change description: %s", sqlite3_errmsg(db)); 1572 } 1573 ossFuzzThisDb = ossFuzz; 1574 1575 /* If the CONFIG(name,value) table exists, read db-specific settings 1576 ** from that table */ 1577 if( sqlite3_table_column_metadata(db,0,"config",0,0,0,0,0,0)==SQLITE_OK ){ 1578 rc = sqlite3_prepare_v2(db, "SELECT name, value FROM config", 1579 -1, &pStmt, 0); 1580 if( rc ) fatalError("cannot prepare query of CONFIG table: %s", 1581 sqlite3_errmsg(db)); 1582 while( SQLITE_ROW==sqlite3_step(pStmt) ){ 1583 const char *zName = (const char *)sqlite3_column_text(pStmt,0); 1584 if( zName==0 ) continue; 1585 if( strcmp(zName, "oss-fuzz")==0 ){ 1586 ossFuzzThisDb = sqlite3_column_int(pStmt,1); 1587 if( verboseFlag ) printf("Config: oss-fuzz=%d\n", ossFuzzThisDb); 1588 } 1589 if( strcmp(zName, "limit-mem")==0 && !nativeMalloc ){ 1590 #if !defined(SQLITE_ENABLE_MEMSYS3) && !defined(SQLITE_ENABLE_MEMSYS5) 1591 fatalError("the limit-mem option requires -DSQLITE_ENABLE_MEMSYS5" 1592 " or _MEMSYS3"); 1593 #else 1594 nMemThisDb = sqlite3_column_int(pStmt,1); 1595 if( verboseFlag ) printf("Config: limit-mem=%d\n", nMemThisDb); 1596 #endif 1597 } 1598 } 1599 sqlite3_finalize(pStmt); 1600 } 1601 1602 if( zInsSql ){ 1603 sqlite3_create_function(db, "readfile", 1, SQLITE_UTF8, 0, 1604 readfileFunc, 0, 0); 1605 sqlite3_create_function(db, "isdbsql", 1, SQLITE_UTF8, 0, 1606 isDbSqlFunc, 0, 0); 1607 rc = sqlite3_prepare_v2(db, zInsSql, -1, &pStmt, 0); 1608 if( rc ) fatalError("cannot prepare statement [%s]: %s", 1609 zInsSql, sqlite3_errmsg(db)); 1610 rc = sqlite3_exec(db, "BEGIN", 0, 0, 0); 1611 if( rc ) fatalError("cannot start a transaction"); 1612 for(i=iFirstInsArg; i<argc; i++){ 1613 sqlite3_bind_text(pStmt, 1, argv[i], -1, SQLITE_STATIC); 1614 sqlite3_step(pStmt); 1615 rc = sqlite3_reset(pStmt); 1616 if( rc ) fatalError("insert failed for %s", argv[i]); 1617 } 1618 sqlite3_finalize(pStmt); 1619 rc = sqlite3_exec(db, "COMMIT", 0, 0, 0); 1620 if( rc ) fatalError("cannot commit the transaction: %s", 1621 sqlite3_errmsg(db)); 1622 rebuild_database(db, dbSqlOnly); 1623 sqlite3_close(db); 1624 return 0; 1625 } 1626 rc = sqlite3_exec(db, "PRAGMA query_only=1;", 0, 0, 0); 1627 if( rc ) fatalError("cannot set database to query-only"); 1628 if( zExpDb!=0 || zExpSql!=0 ){ 1629 sqlite3_create_function(db, "writefile", 2, SQLITE_UTF8, 0, 1630 writefileFunc, 0, 0); 1631 if( zExpDb!=0 ){ 1632 const char *zExDb = 1633 "SELECT writefile(printf('%s/db%06d.db',?1,dbid),dbcontent)," 1634 " dbid, printf('%s/db%06d.db',?1,dbid), length(dbcontent)" 1635 " FROM db WHERE ?2<0 OR dbid=?2;"; 1636 rc = sqlite3_prepare_v2(db, zExDb, -1, &pStmt, 0); 1637 if( rc ) fatalError("cannot prepare statement [%s]: %s", 1638 zExDb, sqlite3_errmsg(db)); 1639 sqlite3_bind_text64(pStmt, 1, zExpDb, strlen(zExpDb), 1640 SQLITE_STATIC, SQLITE_UTF8); 1641 sqlite3_bind_int(pStmt, 2, onlyDbid); 1642 while( sqlite3_step(pStmt)==SQLITE_ROW ){ 1643 printf("write db-%d (%d bytes) into %s\n", 1644 sqlite3_column_int(pStmt,1), 1645 sqlite3_column_int(pStmt,3), 1646 sqlite3_column_text(pStmt,2)); 1647 } 1648 sqlite3_finalize(pStmt); 1649 } 1650 if( zExpSql!=0 ){ 1651 const char *zExSql = 1652 "SELECT writefile(printf('%s/sql%06d.txt',?1,sqlid),sqltext)," 1653 " sqlid, printf('%s/sql%06d.txt',?1,sqlid), length(sqltext)" 1654 " FROM xsql WHERE ?2<0 OR sqlid=?2;"; 1655 rc = sqlite3_prepare_v2(db, zExSql, -1, &pStmt, 0); 1656 if( rc ) fatalError("cannot prepare statement [%s]: %s", 1657 zExSql, sqlite3_errmsg(db)); 1658 sqlite3_bind_text64(pStmt, 1, zExpSql, strlen(zExpSql), 1659 SQLITE_STATIC, SQLITE_UTF8); 1660 sqlite3_bind_int(pStmt, 2, onlySqlid); 1661 while( sqlite3_step(pStmt)==SQLITE_ROW ){ 1662 printf("write sql-%d (%d bytes) into %s\n", 1663 sqlite3_column_int(pStmt,1), 1664 sqlite3_column_int(pStmt,3), 1665 sqlite3_column_text(pStmt,2)); 1666 } 1667 sqlite3_finalize(pStmt); 1668 } 1669 sqlite3_close(db); 1670 return 0; 1671 } 1672 1673 /* Load all SQL script content and all initial database images from the 1674 ** source db 1675 */ 1676 blobListLoadFromDb(db, "SELECT sqlid, sqltext FROM xsql", onlySqlid, 1677 &g.nSql, &g.pFirstSql); 1678 if( g.nSql==0 ) fatalError("need at least one SQL script"); 1679 blobListLoadFromDb(db, "SELECT dbid, dbcontent FROM db", onlyDbid, 1680 &g.nDb, &g.pFirstDb); 1681 if( g.nDb==0 ){ 1682 g.pFirstDb = safe_realloc(0, sizeof(Blob)); 1683 memset(g.pFirstDb, 0, sizeof(Blob)); 1684 g.pFirstDb->id = 1; 1685 g.pFirstDb->seq = 0; 1686 g.nDb = 1; 1687 sqlFuzz = 1; 1688 } 1689 1690 /* Print the description, if there is one */ 1691 if( !quietFlag ){ 1692 zDbName = azSrcDb[iSrcDb]; 1693 i = (int)strlen(zDbName) - 1; 1694 while( i>0 && zDbName[i-1]!='/' && zDbName[i-1]!='\\' ){ i--; } 1695 zDbName += i; 1696 sqlite3_prepare_v2(db, "SELECT msg FROM readme", -1, &pStmt, 0); 1697 if( pStmt && sqlite3_step(pStmt)==SQLITE_ROW ){ 1698 printf("%s: %s\n", zDbName, sqlite3_column_text(pStmt,0)); 1699 } 1700 sqlite3_finalize(pStmt); 1701 } 1702 1703 /* Rebuild the database, if requested */ 1704 if( rebuildFlag ){ 1705 if( !quietFlag ){ 1706 printf("%s: rebuilding... ", zDbName); 1707 fflush(stdout); 1708 } 1709 rebuild_database(db, 0); 1710 if( !quietFlag ) printf("done\n"); 1711 } 1712 1713 /* Close the source database. Verify that no SQLite memory allocations are 1714 ** outstanding. 1715 */ 1716 sqlite3_close(db); 1717 if( sqlite3_memory_used()>0 ){ 1718 fatalError("SQLite has memory in use before the start of testing"); 1719 } 1720 1721 /* Limit available memory, if requested */ 1722 sqlite3_shutdown(); 1723 if( nMemThisDb>0 && !nativeMalloc ){ 1724 pHeap = realloc(pHeap, nMemThisDb); 1725 if( pHeap==0 ){ 1726 fatalError("failed to allocate %d bytes of heap memory", nMem); 1727 } 1728 sqlite3_config(SQLITE_CONFIG_HEAP, pHeap, nMemThisDb, 128); 1729 } 1730 1731 /* Disable lookaside with the --native-malloc option */ 1732 if( nativeMalloc ){ 1733 sqlite3_config(SQLITE_CONFIG_LOOKASIDE, 0, 0); 1734 } 1735 1736 /* Reset the in-memory virtual filesystem */ 1737 formatVfs(); 1738 1739 /* Run a test using each SQL script against each database. 1740 */ 1741 if( !verboseFlag && !quietFlag ) printf("%s:", zDbName); 1742 for(pSql=g.pFirstSql; pSql; pSql=pSql->pNext){ 1743 if( isDbSql(pSql->a, pSql->sz) ){ 1744 sqlite3_snprintf(sizeof(g.zTestName), g.zTestName, "sqlid=%d",pSql->id); 1745 if( verboseFlag ){ 1746 printf("%s\n", g.zTestName); 1747 fflush(stdout); 1748 }else if( !quietFlag ){ 1749 static int prevAmt = -1; 1750 int idx = pSql->seq; 1751 int amt = idx*10/(g.nSql); 1752 if( amt!=prevAmt ){ 1753 printf(" %d%%", amt*10); 1754 fflush(stdout); 1755 prevAmt = amt; 1756 } 1757 } 1758 runCombinedDbSqlInput(pSql->a, pSql->sz); 1759 nTest++; 1760 g.zTestName[0] = 0; 1761 continue; 1762 } 1763 for(pDb=g.pFirstDb; pDb; pDb=pDb->pNext){ 1764 int openFlags; 1765 const char *zVfs = "inmem"; 1766 sqlite3_snprintf(sizeof(g.zTestName), g.zTestName, "sqlid=%d,dbid=%d", 1767 pSql->id, pDb->id); 1768 if( verboseFlag ){ 1769 printf("%s\n", g.zTestName); 1770 fflush(stdout); 1771 }else if( !quietFlag ){ 1772 static int prevAmt = -1; 1773 int idx = pSql->seq*g.nDb + pDb->id - 1; 1774 int amt = idx*10/(g.nDb*g.nSql); 1775 if( amt!=prevAmt ){ 1776 printf(" %d%%", amt*10); 1777 fflush(stdout); 1778 prevAmt = amt; 1779 } 1780 } 1781 createVFile("main.db", pDb->sz, pDb->a); 1782 sqlite3_randomness(0,0); 1783 if( ossFuzzThisDb ){ 1784 #ifndef SQLITE_OSS_FUZZ 1785 fatalError("--oss-fuzz not supported: recompile" 1786 " with -DSQLITE_OSS_FUZZ"); 1787 #else 1788 extern int LLVMFuzzerTestOneInput(const uint8_t*, size_t); 1789 LLVMFuzzerTestOneInput((const uint8_t*)pSql->a, (size_t)pSql->sz); 1790 #endif 1791 }else{ 1792 openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE; 1793 if( nativeFlag && pDb->sz==0 ){ 1794 openFlags |= SQLITE_OPEN_MEMORY; 1795 zVfs = 0; 1796 } 1797 rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs); 1798 if( rc ) fatalError("cannot open inmem database"); 1799 sqlite3_limit(db, SQLITE_LIMIT_LENGTH, 100000000); 1800 sqlite3_limit(db, SQLITE_LIMIT_LIKE_PATTERN_LENGTH, 50); 1801 if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags); 1802 setAlarm(iTimeout); 1803 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK 1804 if( sqlFuzz || vdbeLimitFlag ){ 1805 sqlite3_progress_handler(db, 100000, progressHandler, 1806 &vdbeLimitFlag); 1807 } 1808 #endif 1809 #ifdef SQLITE_TESTCTRL_PRNG_SEED 1810 sqlite3_test_control(SQLITE_TESTCTRL_PRNG_SEED, 1, db); 1811 #endif 1812 do{ 1813 runSql(db, (char*)pSql->a, runFlags); 1814 }while( timeoutTest ); 1815 setAlarm(0); 1816 sqlite3_exec(db, "PRAGMA temp_store_directory=''", 0, 0, 0); 1817 sqlite3_close(db); 1818 } 1819 if( sqlite3_memory_used()>0 ){ 1820 fatalError("memory leak: %lld bytes outstanding", 1821 sqlite3_memory_used()); 1822 } 1823 reformatVfs(); 1824 nTest++; 1825 g.zTestName[0] = 0; 1826 1827 /* Simulate an error if the TEST_FAILURE environment variable is "5". 1828 ** This is used to verify that automated test script really do spot 1829 ** errors that occur in this test program. 1830 */ 1831 if( zFailCode ){ 1832 if( zFailCode[0]=='5' && zFailCode[1]==0 ){ 1833 fatalError("simulated failure"); 1834 }else if( zFailCode[0]!=0 ){ 1835 /* If TEST_FAILURE is something other than 5, just exit the test 1836 ** early */ 1837 printf("\nExit early due to TEST_FAILURE being set\n"); 1838 iSrcDb = nSrcDb-1; 1839 goto sourcedb_cleanup; 1840 } 1841 } 1842 } 1843 } 1844 if( !quietFlag && !verboseFlag ){ 1845 printf(" 100%% - %d tests\n", g.nDb*g.nSql); 1846 } 1847 1848 /* Clean up at the end of processing a single source database 1849 */ 1850 sourcedb_cleanup: 1851 blobListFree(g.pFirstSql); 1852 blobListFree(g.pFirstDb); 1853 reformatVfs(); 1854 1855 } /* End loop over all source databases */ 1856 1857 if( !quietFlag ){ 1858 sqlite3_int64 iElapse = timeOfDay() - iBegin; 1859 printf("fuzzcheck: 0 errors out of %d tests in %d.%03d seconds\n" 1860 "SQLite %s %s\n", 1861 nTest, (int)(iElapse/1000), (int)(iElapse%1000), 1862 sqlite3_libversion(), sqlite3_sourceid()); 1863 } 1864 free(azSrcDb); 1865 free(pHeap); 1866 return 0; 1867 } 1868