github.com/jdgcs/sqlite3@v1.12.1-0.20210908114423-bc5f96e4dd51/testdata/tcl/fuzzcheck.c (about) 1 /* 2 ** 2015-05-25 3 ** 4 ** The author disclaims copyright to this source code. In place of 5 ** a legal notice, here is a blessing: 6 ** 7 ** May you do good and not evil. 8 ** May you find forgiveness for yourself and forgive others. 9 ** May you share freely, never taking more than you give. 10 ** 11 ************************************************************************* 12 ** 13 ** This is a utility program designed to aid running regressions tests on 14 ** the SQLite library using data from external fuzzers. 15 ** 16 ** This program reads content from an SQLite database file with the following 17 ** schema: 18 ** 19 ** CREATE TABLE db( 20 ** dbid INTEGER PRIMARY KEY, -- database id 21 ** dbcontent BLOB -- database disk file image 22 ** ); 23 ** CREATE TABLE xsql( 24 ** sqlid INTEGER PRIMARY KEY, -- SQL script id 25 ** sqltext TEXT -- Text of SQL statements to run 26 ** ); 27 ** CREATE TABLE IF NOT EXISTS readme( 28 ** msg TEXT -- Human-readable description of this test collection 29 ** ); 30 ** 31 ** For each database file in the DB table, the SQL text in the XSQL table 32 ** is run against that database. All README.MSG values are printed prior 33 ** to the start of the test (unless the --quiet option is used). If the 34 ** DB table is empty, then all entries in XSQL are run against an empty 35 ** in-memory database. 36 ** 37 ** This program is looking for crashes, assertion faults, and/or memory leaks. 38 ** No attempt is made to verify the output. The assumption is that either all 39 ** of the database files or all of the SQL statements are malformed inputs, 40 ** generated by a fuzzer, that need to be checked to make sure they do not 41 ** present a security risk. 42 ** 43 ** This program also includes some command-line options to help with 44 ** creation and maintenance of the source content database. The command 45 ** 46 ** ./fuzzcheck database.db --load-sql FILE... 47 ** 48 ** Loads all FILE... arguments into the XSQL table. The --load-db option 49 ** works the same but loads the files into the DB table. The -m option can 50 ** be used to initialize the README table. The "database.db" file is created 51 ** if it does not previously exist. Example: 52 ** 53 ** ./fuzzcheck new.db --load-sql *.sql 54 ** ./fuzzcheck new.db --load-db *.db 55 ** ./fuzzcheck new.db -m 'New test cases' 56 ** 57 ** The three commands above will create the "new.db" file and initialize all 58 ** tables. Then do "./fuzzcheck new.db" to run the tests. 59 ** 60 ** DEBUGGING HINTS: 61 ** 62 ** If fuzzcheck does crash, it can be run in the debugger and the content 63 ** of the global variable g.zTextName[] will identify the specific XSQL and 64 ** DB values that were running when the crash occurred. 65 ** 66 ** DBSQLFUZZ: (Added 2020-02-25) 67 ** 68 ** The dbsqlfuzz fuzzer includes both a database file and SQL to run against 69 ** that database in its input. This utility can now process dbsqlfuzz 70 ** input files. Load such files using the "--load-dbsql FILE ..." command-line 71 ** option. 72 ** 73 ** Dbsqlfuzz inputs are ordinary text. The first part of the file is text 74 ** that describes the content of the database (using a lot of hexadecimal), 75 ** then there is a divider line followed by the SQL to run against the 76 ** database. Because they are ordinary text, dbsqlfuzz inputs are stored 77 ** in the XSQL table, as if they were ordinary SQL inputs. The isDbSql() 78 ** function can look at a text string and determine whether or not it is 79 ** a valid dbsqlfuzz input. 80 */ 81 #include <stdio.h> 82 #include <stdlib.h> 83 #include <string.h> 84 #include <stdarg.h> 85 #include <ctype.h> 86 #include <assert.h> 87 #include "sqlite3.h" 88 #define ISSPACE(X) isspace((unsigned char)(X)) 89 #define ISDIGIT(X) isdigit((unsigned char)(X)) 90 91 92 #ifdef __unix__ 93 # include <signal.h> 94 # include <unistd.h> 95 #endif 96 97 #include <stddef.h> 98 #if !defined(_MSC_VER) 99 # include <stdint.h> 100 #endif 101 102 #if defined(_MSC_VER) 103 typedef unsigned char uint8_t; 104 #endif 105 106 /* 107 ** Files in the virtual file system. 108 */ 109 typedef struct VFile VFile; 110 struct VFile { 111 char *zFilename; /* Filename. NULL for delete-on-close. From malloc() */ 112 int sz; /* Size of the file in bytes */ 113 int nRef; /* Number of references to this file */ 114 unsigned char *a; /* Content of the file. From malloc() */ 115 }; 116 typedef struct VHandle VHandle; 117 struct VHandle { 118 sqlite3_file base; /* Base class. Must be first */ 119 VFile *pVFile; /* The underlying file */ 120 }; 121 122 /* 123 ** The value of a database file template, or of an SQL script 124 */ 125 typedef struct Blob Blob; 126 struct Blob { 127 Blob *pNext; /* Next in a list */ 128 int id; /* Id of this Blob */ 129 int seq; /* Sequence number */ 130 int sz; /* Size of this Blob in bytes */ 131 unsigned char a[1]; /* Blob content. Extra space allocated as needed. */ 132 }; 133 134 /* 135 ** Maximum number of files in the in-memory virtual filesystem. 136 */ 137 #define MX_FILE 10 138 139 /* 140 ** Maximum allowed file size 141 */ 142 #define MX_FILE_SZ 10000000 143 144 /* 145 ** All global variables are gathered into the "g" singleton. 146 */ 147 static struct GlobalVars { 148 const char *zArgv0; /* Name of program */ 149 const char *zDbFile; /* Name of database file */ 150 VFile aFile[MX_FILE]; /* The virtual filesystem */ 151 int nDb; /* Number of template databases */ 152 Blob *pFirstDb; /* Content of first template database */ 153 int nSql; /* Number of SQL scripts */ 154 Blob *pFirstSql; /* First SQL script */ 155 unsigned int uRandom; /* Seed for the SQLite PRNG */ 156 char zTestName[100]; /* Name of current test */ 157 } g; 158 159 /* 160 ** Print an error message and quit. 161 */ 162 static void fatalError(const char *zFormat, ...){ 163 va_list ap; 164 fprintf(stderr, "%s", g.zArgv0); 165 if( g.zDbFile ) fprintf(stderr, " %s", g.zDbFile); 166 if( g.zTestName[0] ) fprintf(stderr, " (%s)", g.zTestName); 167 fprintf(stderr, ": "); 168 va_start(ap, zFormat); 169 vfprintf(stderr, zFormat, ap); 170 va_end(ap); 171 fprintf(stderr, "\n"); 172 exit(1); 173 } 174 175 /* 176 ** signal handler 177 */ 178 #ifdef __unix__ 179 static void signalHandler(int signum){ 180 const char *zSig; 181 if( signum==SIGABRT ){ 182 zSig = "abort"; 183 }else if( signum==SIGALRM ){ 184 zSig = "timeout"; 185 }else if( signum==SIGSEGV ){ 186 zSig = "segfault"; 187 }else{ 188 zSig = "signal"; 189 } 190 fatalError(zSig); 191 } 192 #endif 193 194 /* 195 ** Set the an alarm to go off after N seconds. Disable the alarm 196 ** if N==0 197 */ 198 static void setAlarm(int N){ 199 #ifdef __unix__ 200 alarm(N); 201 #else 202 (void)N; 203 #endif 204 } 205 206 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK 207 /* 208 ** This an SQL progress handler. After an SQL statement has run for 209 ** many steps, we want to interrupt it. This guards against infinite 210 ** loops from recursive common table expressions. 211 ** 212 ** *pVdbeLimitFlag is true if the --limit-vdbe command-line option is used. 213 ** In that case, hitting the progress handler is a fatal error. 214 */ 215 static int progressHandler(void *pVdbeLimitFlag){ 216 if( *(int*)pVdbeLimitFlag ) fatalError("too many VDBE cycles"); 217 return 1; 218 } 219 #endif 220 221 /* 222 ** Reallocate memory. Show an error and quit if unable. 223 */ 224 static void *safe_realloc(void *pOld, int szNew){ 225 void *pNew = realloc(pOld, szNew<=0 ? 1 : szNew); 226 if( pNew==0 ) fatalError("unable to realloc for %d bytes", szNew); 227 return pNew; 228 } 229 230 /* 231 ** Initialize the virtual file system. 232 */ 233 static void formatVfs(void){ 234 int i; 235 for(i=0; i<MX_FILE; i++){ 236 g.aFile[i].sz = -1; 237 g.aFile[i].zFilename = 0; 238 g.aFile[i].a = 0; 239 g.aFile[i].nRef = 0; 240 } 241 } 242 243 244 /* 245 ** Erase all information in the virtual file system. 246 */ 247 static void reformatVfs(void){ 248 int i; 249 for(i=0; i<MX_FILE; i++){ 250 if( g.aFile[i].sz<0 ) continue; 251 if( g.aFile[i].zFilename ){ 252 free(g.aFile[i].zFilename); 253 g.aFile[i].zFilename = 0; 254 } 255 if( g.aFile[i].nRef>0 ){ 256 fatalError("file %d still open. nRef=%d", i, g.aFile[i].nRef); 257 } 258 g.aFile[i].sz = -1; 259 free(g.aFile[i].a); 260 g.aFile[i].a = 0; 261 g.aFile[i].nRef = 0; 262 } 263 } 264 265 /* 266 ** Find a VFile by name 267 */ 268 static VFile *findVFile(const char *zName){ 269 int i; 270 if( zName==0 ) return 0; 271 for(i=0; i<MX_FILE; i++){ 272 if( g.aFile[i].zFilename==0 ) continue; 273 if( strcmp(g.aFile[i].zFilename, zName)==0 ) return &g.aFile[i]; 274 } 275 return 0; 276 } 277 278 /* 279 ** Find a VFile by name. Create it if it does not already exist and 280 ** initialize it to the size and content given. 281 ** 282 ** Return NULL only if the filesystem is full. 283 */ 284 static VFile *createVFile(const char *zName, int sz, unsigned char *pData){ 285 VFile *pNew = findVFile(zName); 286 int i; 287 if( pNew ) return pNew; 288 for(i=0; i<MX_FILE && g.aFile[i].sz>=0; i++){} 289 if( i>=MX_FILE ) return 0; 290 pNew = &g.aFile[i]; 291 if( zName ){ 292 int nName = (int)strlen(zName)+1; 293 pNew->zFilename = safe_realloc(0, nName); 294 memcpy(pNew->zFilename, zName, nName); 295 }else{ 296 pNew->zFilename = 0; 297 } 298 pNew->nRef = 0; 299 pNew->sz = sz; 300 pNew->a = safe_realloc(0, sz); 301 if( sz>0 ) memcpy(pNew->a, pData, sz); 302 return pNew; 303 } 304 305 306 /* 307 ** Implementation of the "readfile(X)" SQL function. The entire content 308 ** of the file named X is read and returned as a BLOB. NULL is returned 309 ** if the file does not exist or is unreadable. 310 */ 311 static void readfileFunc( 312 sqlite3_context *context, 313 int argc, 314 sqlite3_value **argv 315 ){ 316 const char *zName; 317 FILE *in; 318 long nIn; 319 void *pBuf; 320 321 zName = (const char*)sqlite3_value_text(argv[0]); 322 if( zName==0 ) return; 323 in = fopen(zName, "rb"); 324 if( in==0 ) return; 325 fseek(in, 0, SEEK_END); 326 nIn = ftell(in); 327 rewind(in); 328 pBuf = sqlite3_malloc64( nIn ); 329 if( pBuf && 1==fread(pBuf, nIn, 1, in) ){ 330 sqlite3_result_blob(context, pBuf, nIn, sqlite3_free); 331 }else{ 332 sqlite3_free(pBuf); 333 } 334 fclose(in); 335 } 336 337 /* 338 ** Implementation of the "readtextfile(X)" SQL function. The text content 339 ** of the file named X through the end of the file or to the first \000 340 ** character, whichever comes first, is read and returned as TEXT. NULL 341 ** is returned if the file does not exist or is unreadable. 342 */ 343 static void readtextfileFunc( 344 sqlite3_context *context, 345 int argc, 346 sqlite3_value **argv 347 ){ 348 const char *zName; 349 FILE *in; 350 long nIn; 351 char *pBuf; 352 353 zName = (const char*)sqlite3_value_text(argv[0]); 354 if( zName==0 ) return; 355 in = fopen(zName, "rb"); 356 if( in==0 ) return; 357 fseek(in, 0, SEEK_END); 358 nIn = ftell(in); 359 rewind(in); 360 pBuf = sqlite3_malloc64( nIn+1 ); 361 if( pBuf && 1==fread(pBuf, nIn, 1, in) ){ 362 pBuf[nIn] = 0; 363 sqlite3_result_text(context, pBuf, -1, sqlite3_free); 364 }else{ 365 sqlite3_free(pBuf); 366 } 367 fclose(in); 368 } 369 370 /* 371 ** Implementation of the "writefile(X,Y)" SQL function. The argument Y 372 ** is written into file X. The number of bytes written is returned. Or 373 ** NULL is returned if something goes wrong, such as being unable to open 374 ** file X for writing. 375 */ 376 static void writefileFunc( 377 sqlite3_context *context, 378 int argc, 379 sqlite3_value **argv 380 ){ 381 FILE *out; 382 const char *z; 383 sqlite3_int64 rc; 384 const char *zFile; 385 386 (void)argc; 387 zFile = (const char*)sqlite3_value_text(argv[0]); 388 if( zFile==0 ) return; 389 out = fopen(zFile, "wb"); 390 if( out==0 ) return; 391 z = (const char*)sqlite3_value_blob(argv[1]); 392 if( z==0 ){ 393 rc = 0; 394 }else{ 395 rc = fwrite(z, 1, sqlite3_value_bytes(argv[1]), out); 396 } 397 fclose(out); 398 sqlite3_result_int64(context, rc); 399 } 400 401 402 /* 403 ** Load a list of Blob objects from the database 404 */ 405 static void blobListLoadFromDb( 406 sqlite3 *db, /* Read from this database */ 407 const char *zSql, /* Query used to extract the blobs */ 408 int onlyId, /* Only load where id is this value */ 409 int *pN, /* OUT: Write number of blobs loaded here */ 410 Blob **ppList /* OUT: Write the head of the blob list here */ 411 ){ 412 Blob head; 413 Blob *p; 414 sqlite3_stmt *pStmt; 415 int n = 0; 416 int rc; 417 char *z2; 418 419 if( onlyId>0 ){ 420 z2 = sqlite3_mprintf("%s WHERE rowid=%d", zSql, onlyId); 421 }else{ 422 z2 = sqlite3_mprintf("%s", zSql); 423 } 424 rc = sqlite3_prepare_v2(db, z2, -1, &pStmt, 0); 425 sqlite3_free(z2); 426 if( rc ) fatalError("%s", sqlite3_errmsg(db)); 427 head.pNext = 0; 428 p = &head; 429 while( SQLITE_ROW==sqlite3_step(pStmt) ){ 430 int sz = sqlite3_column_bytes(pStmt, 1); 431 Blob *pNew = safe_realloc(0, sizeof(*pNew)+sz ); 432 pNew->id = sqlite3_column_int(pStmt, 0); 433 pNew->sz = sz; 434 pNew->seq = n++; 435 pNew->pNext = 0; 436 memcpy(pNew->a, sqlite3_column_blob(pStmt,1), sz); 437 pNew->a[sz] = 0; 438 p->pNext = pNew; 439 p = pNew; 440 } 441 sqlite3_finalize(pStmt); 442 *pN = n; 443 *ppList = head.pNext; 444 } 445 446 /* 447 ** Free a list of Blob objects 448 */ 449 static void blobListFree(Blob *p){ 450 Blob *pNext; 451 while( p ){ 452 pNext = p->pNext; 453 free(p); 454 p = pNext; 455 } 456 } 457 458 /* Return the current wall-clock time 459 ** 460 ** The number of milliseconds since the julian epoch. 461 ** 1907-01-01 00:00:00 -> 210866716800000 462 ** 2021-01-01 00:00:00 -> 212476176000000 463 */ 464 static sqlite3_int64 timeOfDay(void){ 465 static sqlite3_vfs *clockVfs = 0; 466 sqlite3_int64 t; 467 if( clockVfs==0 ){ 468 clockVfs = sqlite3_vfs_find(0); 469 if( clockVfs==0 ) return 0; 470 } 471 if( clockVfs->iVersion>=1 && clockVfs->xCurrentTimeInt64!=0 ){ 472 clockVfs->xCurrentTimeInt64(clockVfs, &t); 473 }else{ 474 double r; 475 clockVfs->xCurrentTime(clockVfs, &r); 476 t = (sqlite3_int64)(r*86400000.0); 477 } 478 return t; 479 } 480 481 /*************************************************************************** 482 ** Code to process combined database+SQL scripts generated by the 483 ** dbsqlfuzz fuzzer. 484 */ 485 486 /* An instance of the following object is passed by pointer as the 487 ** client data to various callbacks. 488 */ 489 typedef struct FuzzCtx { 490 sqlite3 *db; /* The database connection */ 491 sqlite3_int64 iCutoffTime; /* Stop processing at this time. */ 492 sqlite3_int64 iLastCb; /* Time recorded for previous progress callback */ 493 sqlite3_int64 mxInterval; /* Longest interval between two progress calls */ 494 unsigned nCb; /* Number of progress callbacks */ 495 unsigned mxCb; /* Maximum number of progress callbacks allowed */ 496 unsigned execCnt; /* Number of calls to the sqlite3_exec callback */ 497 int timeoutHit; /* True when reaching a timeout */ 498 } FuzzCtx; 499 500 /* Verbosity level for the dbsqlfuzz test runner */ 501 static int eVerbosity = 0; 502 503 /* True to activate PRAGMA vdbe_debug=on */ 504 static int bVdbeDebug = 0; 505 506 /* Timeout for each fuzzing attempt, in milliseconds */ 507 static int giTimeout = 10000; /* Defaults to 10 seconds */ 508 509 /* Maximum number of progress handler callbacks */ 510 static unsigned int mxProgressCb = 2000; 511 512 /* Maximum string length in SQLite */ 513 static int lengthLimit = 1000000; 514 515 /* Maximum expression depth */ 516 static int depthLimit = 500; 517 518 /* Limit on the amount of heap memory that can be used */ 519 static sqlite3_int64 heapLimit = 100000000; 520 521 /* Maximum byte-code program length in SQLite */ 522 static int vdbeOpLimit = 25000; 523 524 /* Maximum size of the in-memory database */ 525 static sqlite3_int64 maxDbSize = 104857600; 526 /* OOM simulation parameters */ 527 static unsigned int oomCounter = 0; /* Simulate OOM when equals 1 */ 528 static unsigned int oomRepeat = 0; /* Number of OOMs in a row */ 529 static void*(*defaultMalloc)(int) = 0; /* The low-level malloc routine */ 530 531 /* This routine is called when a simulated OOM occurs. It is broken 532 ** out as a separate routine to make it easy to set a breakpoint on 533 ** the OOM 534 */ 535 void oomFault(void){ 536 if( eVerbosity ){ 537 printf("Simulated OOM fault\n"); 538 } 539 if( oomRepeat>0 ){ 540 oomRepeat--; 541 }else{ 542 oomCounter--; 543 } 544 } 545 546 /* This routine is a replacement malloc() that is used to simulate 547 ** Out-Of-Memory (OOM) errors for testing purposes. 548 */ 549 static void *oomMalloc(int nByte){ 550 if( oomCounter ){ 551 if( oomCounter==1 ){ 552 oomFault(); 553 return 0; 554 }else{ 555 oomCounter--; 556 } 557 } 558 return defaultMalloc(nByte); 559 } 560 561 /* Register the OOM simulator. This must occur before any memory 562 ** allocations */ 563 static void registerOomSimulator(void){ 564 sqlite3_mem_methods mem; 565 sqlite3_shutdown(); 566 sqlite3_config(SQLITE_CONFIG_GETMALLOC, &mem); 567 defaultMalloc = mem.xMalloc; 568 mem.xMalloc = oomMalloc; 569 sqlite3_config(SQLITE_CONFIG_MALLOC, &mem); 570 } 571 572 /* Turn off any pending OOM simulation */ 573 static void disableOom(void){ 574 oomCounter = 0; 575 oomRepeat = 0; 576 } 577 578 /* 579 ** Translate a single byte of Hex into an integer. 580 ** This routine only works if h really is a valid hexadecimal 581 ** character: 0..9a..fA..F 582 */ 583 static unsigned char hexToInt(unsigned int h){ 584 #ifdef SQLITE_EBCDIC 585 h += 9*(1&~(h>>4)); /* EBCDIC */ 586 #else 587 h += 9*(1&(h>>6)); /* ASCII */ 588 #endif 589 return h & 0xf; 590 } 591 592 /* 593 ** The first character of buffer zIn[0..nIn-1] is a '['. This routine 594 ** checked to see if the buffer holds "[NNNN]" or "[+NNNN]" and if it 595 ** does it makes corresponding changes to the *pK value and *pI value 596 ** and returns true. If the input buffer does not match the patterns, 597 ** no changes are made to either *pK or *pI and this routine returns false. 598 */ 599 static int isOffset( 600 const unsigned char *zIn, /* Text input */ 601 int nIn, /* Bytes of input */ 602 unsigned int *pK, /* half-byte cursor to adjust */ 603 unsigned int *pI /* Input index to adjust */ 604 ){ 605 int i; 606 unsigned int k = 0; 607 unsigned char c; 608 for(i=1; i<nIn && (c = zIn[i])!=']'; i++){ 609 if( !isxdigit(c) ) return 0; 610 k = k*16 + hexToInt(c); 611 } 612 if( i==nIn ) return 0; 613 *pK = 2*k; 614 *pI += i; 615 return 1; 616 } 617 618 /* 619 ** Decode the text starting at zIn into a binary database file. 620 ** The maximum length of zIn is nIn bytes. Store the binary database 621 ** file in space obtained from sqlite3_malloc(). 622 ** 623 ** Return the number of bytes of zIn consumed. Or return -1 if there 624 ** is an error. One potential error is that the recipe specifies a 625 ** database file larger than MX_FILE_SZ bytes. 626 ** 627 ** Abort on an OOM. 628 */ 629 static int decodeDatabase( 630 const unsigned char *zIn, /* Input text to be decoded */ 631 int nIn, /* Bytes of input text */ 632 unsigned char **paDecode, /* OUT: decoded database file */ 633 int *pnDecode /* OUT: Size of decoded database */ 634 ){ 635 unsigned char *a, *aNew; /* Database under construction */ 636 int mx = 0; /* Current size of the database */ 637 sqlite3_uint64 nAlloc = 4096; /* Space allocated in a[] */ 638 unsigned int i; /* Next byte of zIn[] to read */ 639 unsigned int j; /* Temporary integer */ 640 unsigned int k; /* half-byte cursor index for output */ 641 unsigned int n; /* Number of bytes of input */ 642 unsigned char b = 0; 643 if( nIn<4 ) return -1; 644 n = (unsigned int)nIn; 645 a = sqlite3_malloc64( nAlloc ); 646 if( a==0 ){ 647 fprintf(stderr, "Out of memory!\n"); 648 exit(1); 649 } 650 memset(a, 0, (size_t)nAlloc); 651 for(i=k=0; i<n; i++){ 652 unsigned char c = (unsigned char)zIn[i]; 653 if( isxdigit(c) ){ 654 k++; 655 if( k & 1 ){ 656 b = hexToInt(c)*16; 657 }else{ 658 b += hexToInt(c); 659 j = k/2 - 1; 660 if( j>=nAlloc ){ 661 sqlite3_uint64 newSize; 662 if( nAlloc==MX_FILE_SZ || j>=MX_FILE_SZ ){ 663 if( eVerbosity ){ 664 fprintf(stderr, "Input database too big: max %d bytes\n", 665 MX_FILE_SZ); 666 } 667 sqlite3_free(a); 668 return -1; 669 } 670 newSize = nAlloc*2; 671 if( newSize<=j ){ 672 newSize = (j+4096)&~4095; 673 } 674 if( newSize>MX_FILE_SZ ){ 675 if( j>=MX_FILE_SZ ){ 676 sqlite3_free(a); 677 return -1; 678 } 679 newSize = MX_FILE_SZ; 680 } 681 aNew = sqlite3_realloc64( a, newSize ); 682 if( aNew==0 ){ 683 sqlite3_free(a); 684 return -1; 685 } 686 a = aNew; 687 assert( newSize > nAlloc ); 688 memset(a+nAlloc, 0, (size_t)(newSize - nAlloc)); 689 nAlloc = newSize; 690 } 691 if( j>=(unsigned)mx ){ 692 mx = (j + 4095)&~4095; 693 if( mx>MX_FILE_SZ ) mx = MX_FILE_SZ; 694 } 695 assert( j<nAlloc ); 696 a[j] = b; 697 } 698 }else if( zIn[i]=='[' && i<n-3 && isOffset(zIn+i, nIn-i, &k, &i) ){ 699 continue; 700 }else if( zIn[i]=='\n' && i<n-4 && memcmp(zIn+i,"\n--\n",4)==0 ){ 701 i += 4; 702 break; 703 } 704 } 705 *pnDecode = mx; 706 *paDecode = a; 707 return i; 708 } 709 710 /* 711 ** Progress handler callback. 712 ** 713 ** The argument is the cutoff-time after which all processing should 714 ** stop. So return non-zero if the cut-off time is exceeded. 715 */ 716 static int progress_handler(void *pClientData) { 717 FuzzCtx *p = (FuzzCtx*)pClientData; 718 sqlite3_int64 iNow = timeOfDay(); 719 int rc = iNow>=p->iCutoffTime; 720 sqlite3_int64 iDiff = iNow - p->iLastCb; 721 /* printf("time-remaining: %lld\n", p->iCutoffTime - iNow); */ 722 if( iDiff > p->mxInterval ) p->mxInterval = iDiff; 723 p->nCb++; 724 if( rc==0 && p->mxCb>0 && p->mxCb<=p->nCb ) rc = 1; 725 if( rc && !p->timeoutHit && eVerbosity>=2 ){ 726 printf("Timeout on progress callback %d\n", p->nCb); 727 fflush(stdout); 728 p->timeoutHit = 1; 729 } 730 return rc; 731 } 732 733 /* 734 ** Disallow debugging pragmas such as "PRAGMA vdbe_debug" and 735 ** "PRAGMA parser_trace" since they can dramatically increase the 736 ** amount of output without actually testing anything useful. 737 ** 738 ** Also block ATTACH if attaching a file from the filesystem. 739 */ 740 static int block_troublesome_sql( 741 void *Notused, 742 int eCode, 743 const char *zArg1, 744 const char *zArg2, 745 const char *zArg3, 746 const char *zArg4 747 ){ 748 (void)Notused; 749 (void)zArg2; 750 (void)zArg3; 751 (void)zArg4; 752 if( eCode==SQLITE_PRAGMA ){ 753 if( eVerbosity==0 ){ 754 if( sqlite3_strnicmp("vdbe_", zArg1, 5)==0 755 || sqlite3_stricmp("parser_trace", zArg1)==0 756 || sqlite3_stricmp("temp_store_directory", zArg1)==0 757 ){ 758 return SQLITE_DENY; 759 } 760 }else if( sqlite3_stricmp("oom",zArg1)==0 761 && zArg2!=0 && zArg2[0]!=0 ){ 762 oomCounter = atoi(zArg2); 763 } 764 }else if( eCode==SQLITE_ATTACH ){ 765 if( zArg1==0 || (zArg1[0]!=0 && strcmp(zArg1,":memory:")!=0) ){ 766 return SQLITE_DENY; 767 } 768 } 769 return SQLITE_OK; 770 } 771 772 /* 773 ** Run the SQL text 774 */ 775 static int runDbSql(sqlite3 *db, const char *zSql){ 776 int rc; 777 sqlite3_stmt *pStmt; 778 while( isspace(zSql[0]&0x7f) ) zSql++; 779 if( zSql[0]==0 ) return SQLITE_OK; 780 if( eVerbosity>=4 ){ 781 printf("RUNNING-SQL: [%s]\n", zSql); 782 fflush(stdout); 783 } 784 rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); 785 if( rc==SQLITE_OK ){ 786 while( (rc = sqlite3_step(pStmt))==SQLITE_ROW ){ 787 if( eVerbosity>=5 ){ 788 int j; 789 for(j=0; j<sqlite3_column_count(pStmt); j++){ 790 if( j ) printf(","); 791 switch( sqlite3_column_type(pStmt, j) ){ 792 case SQLITE_NULL: { 793 printf("NULL"); 794 break; 795 } 796 case SQLITE_INTEGER: 797 case SQLITE_FLOAT: { 798 printf("%s", sqlite3_column_text(pStmt, j)); 799 break; 800 } 801 case SQLITE_BLOB: { 802 int n = sqlite3_column_bytes(pStmt, j); 803 int i; 804 const unsigned char *a; 805 a = (const unsigned char*)sqlite3_column_blob(pStmt, j); 806 printf("x'"); 807 for(i=0; i<n; i++){ 808 printf("%02x", a[i]); 809 } 810 printf("'"); 811 break; 812 } 813 case SQLITE_TEXT: { 814 int n = sqlite3_column_bytes(pStmt, j); 815 int i; 816 const unsigned char *a; 817 a = (const unsigned char*)sqlite3_column_blob(pStmt, j); 818 printf("'"); 819 for(i=0; i<n; i++){ 820 if( a[i]=='\'' ){ 821 printf("''"); 822 }else{ 823 putchar(a[i]); 824 } 825 } 826 printf("'"); 827 break; 828 } 829 } /* End switch() */ 830 } /* End for() */ 831 printf("\n"); 832 fflush(stdout); 833 } /* End if( eVerbosity>=5 ) */ 834 } /* End while( SQLITE_ROW */ 835 if( rc!=SQLITE_DONE && eVerbosity>=4 ){ 836 printf("SQL-ERROR: (%d) %s\n", rc, sqlite3_errmsg(db)); 837 fflush(stdout); 838 } 839 }else if( eVerbosity>=4 ){ 840 printf("SQL-ERROR (%d): %s\n", rc, sqlite3_errmsg(db)); 841 fflush(stdout); 842 } /* End if( SQLITE_OK ) */ 843 return sqlite3_finalize(pStmt); 844 } 845 846 /* Invoke this routine to run a single test case */ 847 int runCombinedDbSqlInput(const uint8_t *aData, size_t nByte, int iTimeout){ 848 int rc; /* SQLite API return value */ 849 int iSql; /* Index in aData[] of start of SQL */ 850 unsigned char *aDb = 0; /* Decoded database content */ 851 int nDb = 0; /* Size of the decoded database */ 852 int i; /* Loop counter */ 853 int j; /* Start of current SQL statement */ 854 char *zSql = 0; /* SQL text to run */ 855 int nSql; /* Bytes of SQL text */ 856 FuzzCtx cx; /* Fuzzing context */ 857 858 if( nByte<10 ) return 0; 859 if( sqlite3_initialize() ) return 0; 860 if( sqlite3_memory_used()!=0 ){ 861 int nAlloc = 0; 862 int nNotUsed = 0; 863 sqlite3_status(SQLITE_STATUS_MALLOC_COUNT, &nAlloc, &nNotUsed, 0); 864 fprintf(stderr,"memory leak prior to test start:" 865 " %lld bytes in %d allocations\n", 866 sqlite3_memory_used(), nAlloc); 867 exit(1); 868 } 869 memset(&cx, 0, sizeof(cx)); 870 iSql = decodeDatabase((unsigned char*)aData, (int)nByte, &aDb, &nDb); 871 if( iSql<0 ) return 0; 872 nSql = (int)(nByte - iSql); 873 if( eVerbosity>=3 ){ 874 printf( 875 "****** %d-byte input, %d-byte database, %d-byte script " 876 "******\n", (int)nByte, nDb, nSql); 877 fflush(stdout); 878 } 879 rc = sqlite3_open(0, &cx.db); 880 if( rc ){ 881 sqlite3_free(aDb); 882 return 1; 883 } 884 if( bVdbeDebug ){ 885 sqlite3_exec(cx.db, "PRAGMA vdbe_debug=ON", 0, 0, 0); 886 } 887 888 /* Invoke the progress handler frequently to check to see if we 889 ** are taking too long. The progress handler will return true 890 ** (which will block further processing) if more than giTimeout seconds have 891 ** elapsed since the start of the test. 892 */ 893 cx.iLastCb = timeOfDay(); 894 cx.iCutoffTime = cx.iLastCb + (iTimeout<giTimeout ? iTimeout : giTimeout); 895 cx.mxCb = mxProgressCb; 896 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK 897 sqlite3_progress_handler(cx.db, 10, progress_handler, (void*)&cx); 898 #endif 899 900 /* Set a limit on the maximum size of a prepared statement, and the 901 ** maximum length of a string or blob */ 902 if( vdbeOpLimit>0 ){ 903 sqlite3_limit(cx.db, SQLITE_LIMIT_VDBE_OP, vdbeOpLimit); 904 } 905 if( lengthLimit>0 ){ 906 sqlite3_limit(cx.db, SQLITE_LIMIT_LENGTH, lengthLimit); 907 } 908 if( depthLimit>0 ){ 909 sqlite3_limit(cx.db, SQLITE_LIMIT_EXPR_DEPTH, depthLimit); 910 } 911 sqlite3_limit(cx.db, SQLITE_LIMIT_LIKE_PATTERN_LENGTH, 100); 912 sqlite3_hard_heap_limit64(heapLimit); 913 914 if( nDb>=20 && aDb[18]==2 && aDb[19]==2 ){ 915 aDb[18] = aDb[19] = 1; 916 } 917 rc = sqlite3_deserialize(cx.db, "main", aDb, nDb, nDb, 918 SQLITE_DESERIALIZE_RESIZEABLE | 919 SQLITE_DESERIALIZE_FREEONCLOSE); 920 if( rc ){ 921 fprintf(stderr, "sqlite3_deserialize() failed with %d\n", rc); 922 goto testrun_finished; 923 } 924 if( maxDbSize>0 ){ 925 sqlite3_int64 x = maxDbSize; 926 sqlite3_file_control(cx.db, "main", SQLITE_FCNTL_SIZE_LIMIT, &x); 927 } 928 929 /* For high debugging levels, turn on debug mode */ 930 if( eVerbosity>=5 ){ 931 sqlite3_exec(cx.db, "PRAGMA vdbe_debug=ON;", 0, 0, 0); 932 } 933 934 /* Block debug pragmas and ATTACH/DETACH. But wait until after 935 ** deserialize to do this because deserialize depends on ATTACH */ 936 sqlite3_set_authorizer(cx.db, block_troublesome_sql, 0); 937 938 /* Consistent PRNG seed */ 939 #ifdef SQLITE_TESTCTRL_PRNG_SEED 940 sqlite3_table_column_metadata(cx.db, 0, "x", 0, 0, 0, 0, 0, 0); 941 sqlite3_test_control(SQLITE_TESTCTRL_PRNG_SEED, 1, cx.db); 942 #else 943 sqlite3_randomness(0,0); 944 #endif 945 946 zSql = sqlite3_malloc( nSql + 1 ); 947 if( zSql==0 ){ 948 fprintf(stderr, "Out of memory!\n"); 949 }else{ 950 memcpy(zSql, aData+iSql, nSql); 951 zSql[nSql] = 0; 952 for(i=j=0; zSql[i]; i++){ 953 if( zSql[i]==';' ){ 954 char cSaved = zSql[i+1]; 955 zSql[i+1] = 0; 956 if( sqlite3_complete(zSql+j) ){ 957 rc = runDbSql(cx.db, zSql+j); 958 j = i+1; 959 } 960 zSql[i+1] = cSaved; 961 if( rc==SQLITE_INTERRUPT || progress_handler(&cx) ){ 962 goto testrun_finished; 963 } 964 } 965 } 966 if( j<i ){ 967 runDbSql(cx.db, zSql+j); 968 } 969 } 970 testrun_finished: 971 sqlite3_free(zSql); 972 rc = sqlite3_close(cx.db); 973 if( rc!=SQLITE_OK ){ 974 fprintf(stdout, "sqlite3_close() returns %d\n", rc); 975 } 976 if( eVerbosity>=2 ){ 977 fprintf(stdout, "Peak memory usages: %f MB\n", 978 sqlite3_memory_highwater(1) / 1000000.0); 979 } 980 if( sqlite3_memory_used()!=0 ){ 981 int nAlloc = 0; 982 int nNotUsed = 0; 983 sqlite3_status(SQLITE_STATUS_MALLOC_COUNT, &nAlloc, &nNotUsed, 0); 984 fprintf(stderr,"Memory leak: %lld bytes in %d allocations\n", 985 sqlite3_memory_used(), nAlloc); 986 exit(1); 987 } 988 sqlite3_hard_heap_limit64(0); 989 sqlite3_soft_heap_limit64(0); 990 return 0; 991 } 992 993 /* 994 ** END of the dbsqlfuzz code 995 ***************************************************************************/ 996 997 /* Look at a SQL text and try to determine if it begins with a database 998 ** description, such as would be found in a dbsqlfuzz test case. Return 999 ** true if this does appear to be a dbsqlfuzz test case and false otherwise. 1000 */ 1001 static int isDbSql(unsigned char *a, int n){ 1002 unsigned char buf[12]; 1003 int i; 1004 if( n>4 && memcmp(a,"\n--\n",4)==0 ) return 1; 1005 while( n>0 && isspace(a[0]) ){ a++; n--; } 1006 for(i=0; n>0 && i<8; n--, a++){ 1007 if( isxdigit(a[0]) ) buf[i++] = a[0]; 1008 } 1009 if( i==8 && memcmp(buf,"53514c69",8)==0 ) return 1; 1010 return 0; 1011 } 1012 1013 /* Implementation of the isdbsql(TEXT) SQL function. 1014 */ 1015 static void isDbSqlFunc( 1016 sqlite3_context *context, 1017 int argc, 1018 sqlite3_value **argv 1019 ){ 1020 int n = sqlite3_value_bytes(argv[0]); 1021 unsigned char *a = (unsigned char*)sqlite3_value_blob(argv[0]); 1022 sqlite3_result_int(context, a!=0 && n>0 && isDbSql(a,n)); 1023 } 1024 1025 /* Methods for the VHandle object 1026 */ 1027 static int inmemClose(sqlite3_file *pFile){ 1028 VHandle *p = (VHandle*)pFile; 1029 VFile *pVFile = p->pVFile; 1030 pVFile->nRef--; 1031 if( pVFile->nRef==0 && pVFile->zFilename==0 ){ 1032 pVFile->sz = -1; 1033 free(pVFile->a); 1034 pVFile->a = 0; 1035 } 1036 return SQLITE_OK; 1037 } 1038 static int inmemRead( 1039 sqlite3_file *pFile, /* Read from this open file */ 1040 void *pData, /* Store content in this buffer */ 1041 int iAmt, /* Bytes of content */ 1042 sqlite3_int64 iOfst /* Start reading here */ 1043 ){ 1044 VHandle *pHandle = (VHandle*)pFile; 1045 VFile *pVFile = pHandle->pVFile; 1046 if( iOfst<0 || iOfst>=pVFile->sz ){ 1047 memset(pData, 0, iAmt); 1048 return SQLITE_IOERR_SHORT_READ; 1049 } 1050 if( iOfst+iAmt>pVFile->sz ){ 1051 memset(pData, 0, iAmt); 1052 iAmt = (int)(pVFile->sz - iOfst); 1053 memcpy(pData, pVFile->a + iOfst, iAmt); 1054 return SQLITE_IOERR_SHORT_READ; 1055 } 1056 memcpy(pData, pVFile->a + iOfst, iAmt); 1057 return SQLITE_OK; 1058 } 1059 static int inmemWrite( 1060 sqlite3_file *pFile, /* Write to this file */ 1061 const void *pData, /* Content to write */ 1062 int iAmt, /* bytes to write */ 1063 sqlite3_int64 iOfst /* Start writing here */ 1064 ){ 1065 VHandle *pHandle = (VHandle*)pFile; 1066 VFile *pVFile = pHandle->pVFile; 1067 if( iOfst+iAmt > pVFile->sz ){ 1068 if( iOfst+iAmt >= MX_FILE_SZ ){ 1069 return SQLITE_FULL; 1070 } 1071 pVFile->a = safe_realloc(pVFile->a, (int)(iOfst+iAmt)); 1072 if( iOfst > pVFile->sz ){ 1073 memset(pVFile->a + pVFile->sz, 0, (int)(iOfst - pVFile->sz)); 1074 } 1075 pVFile->sz = (int)(iOfst + iAmt); 1076 } 1077 memcpy(pVFile->a + iOfst, pData, iAmt); 1078 return SQLITE_OK; 1079 } 1080 static int inmemTruncate(sqlite3_file *pFile, sqlite3_int64 iSize){ 1081 VHandle *pHandle = (VHandle*)pFile; 1082 VFile *pVFile = pHandle->pVFile; 1083 if( pVFile->sz>iSize && iSize>=0 ) pVFile->sz = (int)iSize; 1084 return SQLITE_OK; 1085 } 1086 static int inmemSync(sqlite3_file *pFile, int flags){ 1087 return SQLITE_OK; 1088 } 1089 static int inmemFileSize(sqlite3_file *pFile, sqlite3_int64 *pSize){ 1090 *pSize = ((VHandle*)pFile)->pVFile->sz; 1091 return SQLITE_OK; 1092 } 1093 static int inmemLock(sqlite3_file *pFile, int type){ 1094 return SQLITE_OK; 1095 } 1096 static int inmemUnlock(sqlite3_file *pFile, int type){ 1097 return SQLITE_OK; 1098 } 1099 static int inmemCheckReservedLock(sqlite3_file *pFile, int *pOut){ 1100 *pOut = 0; 1101 return SQLITE_OK; 1102 } 1103 static int inmemFileControl(sqlite3_file *pFile, int op, void *pArg){ 1104 return SQLITE_NOTFOUND; 1105 } 1106 static int inmemSectorSize(sqlite3_file *pFile){ 1107 return 512; 1108 } 1109 static int inmemDeviceCharacteristics(sqlite3_file *pFile){ 1110 return 1111 SQLITE_IOCAP_SAFE_APPEND | 1112 SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN | 1113 SQLITE_IOCAP_POWERSAFE_OVERWRITE; 1114 } 1115 1116 1117 /* Method table for VHandle 1118 */ 1119 static sqlite3_io_methods VHandleMethods = { 1120 /* iVersion */ 1, 1121 /* xClose */ inmemClose, 1122 /* xRead */ inmemRead, 1123 /* xWrite */ inmemWrite, 1124 /* xTruncate */ inmemTruncate, 1125 /* xSync */ inmemSync, 1126 /* xFileSize */ inmemFileSize, 1127 /* xLock */ inmemLock, 1128 /* xUnlock */ inmemUnlock, 1129 /* xCheck... */ inmemCheckReservedLock, 1130 /* xFileCtrl */ inmemFileControl, 1131 /* xSectorSz */ inmemSectorSize, 1132 /* xDevchar */ inmemDeviceCharacteristics, 1133 /* xShmMap */ 0, 1134 /* xShmLock */ 0, 1135 /* xShmBarrier */ 0, 1136 /* xShmUnmap */ 0, 1137 /* xFetch */ 0, 1138 /* xUnfetch */ 0 1139 }; 1140 1141 /* 1142 ** Open a new file in the inmem VFS. All files are anonymous and are 1143 ** delete-on-close. 1144 */ 1145 static int inmemOpen( 1146 sqlite3_vfs *pVfs, 1147 const char *zFilename, 1148 sqlite3_file *pFile, 1149 int openFlags, 1150 int *pOutFlags 1151 ){ 1152 VFile *pVFile = createVFile(zFilename, 0, (unsigned char*)""); 1153 VHandle *pHandle = (VHandle*)pFile; 1154 if( pVFile==0 ){ 1155 return SQLITE_FULL; 1156 } 1157 pHandle->pVFile = pVFile; 1158 pVFile->nRef++; 1159 pFile->pMethods = &VHandleMethods; 1160 if( pOutFlags ) *pOutFlags = openFlags; 1161 return SQLITE_OK; 1162 } 1163 1164 /* 1165 ** Delete a file by name 1166 */ 1167 static int inmemDelete( 1168 sqlite3_vfs *pVfs, 1169 const char *zFilename, 1170 int syncdir 1171 ){ 1172 VFile *pVFile = findVFile(zFilename); 1173 if( pVFile==0 ) return SQLITE_OK; 1174 if( pVFile->nRef==0 ){ 1175 free(pVFile->zFilename); 1176 pVFile->zFilename = 0; 1177 pVFile->sz = -1; 1178 free(pVFile->a); 1179 pVFile->a = 0; 1180 return SQLITE_OK; 1181 } 1182 return SQLITE_IOERR_DELETE; 1183 } 1184 1185 /* Check for the existance of a file 1186 */ 1187 static int inmemAccess( 1188 sqlite3_vfs *pVfs, 1189 const char *zFilename, 1190 int flags, 1191 int *pResOut 1192 ){ 1193 VFile *pVFile = findVFile(zFilename); 1194 *pResOut = pVFile!=0; 1195 return SQLITE_OK; 1196 } 1197 1198 /* Get the canonical pathname for a file 1199 */ 1200 static int inmemFullPathname( 1201 sqlite3_vfs *pVfs, 1202 const char *zFilename, 1203 int nOut, 1204 char *zOut 1205 ){ 1206 sqlite3_snprintf(nOut, zOut, "%s", zFilename); 1207 return SQLITE_OK; 1208 } 1209 1210 /* Always use the same random see, for repeatability. 1211 */ 1212 static int inmemRandomness(sqlite3_vfs *NotUsed, int nBuf, char *zBuf){ 1213 memset(zBuf, 0, nBuf); 1214 memcpy(zBuf, &g.uRandom, nBuf<sizeof(g.uRandom) ? nBuf : sizeof(g.uRandom)); 1215 return nBuf; 1216 } 1217 1218 /* 1219 ** Register the VFS that reads from the g.aFile[] set of files. 1220 */ 1221 static void inmemVfsRegister(int makeDefault){ 1222 static sqlite3_vfs inmemVfs; 1223 sqlite3_vfs *pDefault = sqlite3_vfs_find(0); 1224 inmemVfs.iVersion = 3; 1225 inmemVfs.szOsFile = sizeof(VHandle); 1226 inmemVfs.mxPathname = 200; 1227 inmemVfs.zName = "inmem"; 1228 inmemVfs.xOpen = inmemOpen; 1229 inmemVfs.xDelete = inmemDelete; 1230 inmemVfs.xAccess = inmemAccess; 1231 inmemVfs.xFullPathname = inmemFullPathname; 1232 inmemVfs.xRandomness = inmemRandomness; 1233 inmemVfs.xSleep = pDefault->xSleep; 1234 inmemVfs.xCurrentTimeInt64 = pDefault->xCurrentTimeInt64; 1235 sqlite3_vfs_register(&inmemVfs, makeDefault); 1236 }; 1237 1238 /* 1239 ** Allowed values for the runFlags parameter to runSql() 1240 */ 1241 #define SQL_TRACE 0x0001 /* Print each SQL statement as it is prepared */ 1242 #define SQL_OUTPUT 0x0002 /* Show the SQL output */ 1243 1244 /* 1245 ** Run multiple commands of SQL. Similar to sqlite3_exec(), but does not 1246 ** stop if an error is encountered. 1247 */ 1248 static void runSql(sqlite3 *db, const char *zSql, unsigned runFlags){ 1249 const char *zMore; 1250 sqlite3_stmt *pStmt; 1251 1252 while( zSql && zSql[0] ){ 1253 zMore = 0; 1254 pStmt = 0; 1255 sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zMore); 1256 if( zMore==zSql ) break; 1257 if( runFlags & SQL_TRACE ){ 1258 const char *z = zSql; 1259 int n; 1260 while( z<zMore && ISSPACE(z[0]) ) z++; 1261 n = (int)(zMore - z); 1262 while( n>0 && ISSPACE(z[n-1]) ) n--; 1263 if( n==0 ) break; 1264 if( pStmt==0 ){ 1265 printf("TRACE: %.*s (error: %s)\n", n, z, sqlite3_errmsg(db)); 1266 }else{ 1267 printf("TRACE: %.*s\n", n, z); 1268 } 1269 } 1270 zSql = zMore; 1271 if( pStmt ){ 1272 if( (runFlags & SQL_OUTPUT)==0 ){ 1273 while( SQLITE_ROW==sqlite3_step(pStmt) ){} 1274 }else{ 1275 int nCol = -1; 1276 while( SQLITE_ROW==sqlite3_step(pStmt) ){ 1277 int i; 1278 if( nCol<0 ){ 1279 nCol = sqlite3_column_count(pStmt); 1280 }else if( nCol>0 ){ 1281 printf("--------------------------------------------\n"); 1282 } 1283 for(i=0; i<nCol; i++){ 1284 int eType = sqlite3_column_type(pStmt,i); 1285 printf("%s = ", sqlite3_column_name(pStmt,i)); 1286 switch( eType ){ 1287 case SQLITE_NULL: { 1288 printf("NULL\n"); 1289 break; 1290 } 1291 case SQLITE_INTEGER: { 1292 printf("INT %s\n", sqlite3_column_text(pStmt,i)); 1293 break; 1294 } 1295 case SQLITE_FLOAT: { 1296 printf("FLOAT %s\n", sqlite3_column_text(pStmt,i)); 1297 break; 1298 } 1299 case SQLITE_TEXT: { 1300 printf("TEXT [%s]\n", sqlite3_column_text(pStmt,i)); 1301 break; 1302 } 1303 case SQLITE_BLOB: { 1304 printf("BLOB (%d bytes)\n", sqlite3_column_bytes(pStmt,i)); 1305 break; 1306 } 1307 } 1308 } 1309 } 1310 } 1311 sqlite3_finalize(pStmt); 1312 } 1313 } 1314 } 1315 1316 /* 1317 ** Rebuild the database file. 1318 ** 1319 ** (1) Remove duplicate entries 1320 ** (2) Put all entries in order 1321 ** (3) Vacuum 1322 */ 1323 static void rebuild_database(sqlite3 *db, int dbSqlOnly){ 1324 int rc; 1325 char *zSql; 1326 zSql = sqlite3_mprintf( 1327 "BEGIN;\n" 1328 "CREATE TEMP TABLE dbx AS SELECT DISTINCT dbcontent FROM db;\n" 1329 "DELETE FROM db;\n" 1330 "INSERT INTO db(dbid, dbcontent) " 1331 " SELECT NULL, dbcontent FROM dbx ORDER BY 2;\n" 1332 "DROP TABLE dbx;\n" 1333 "CREATE TEMP TABLE sx AS SELECT DISTINCT sqltext FROM xsql %s;\n" 1334 "DELETE FROM xsql;\n" 1335 "INSERT INTO xsql(sqlid,sqltext) " 1336 " SELECT NULL, sqltext FROM sx ORDER BY 2;\n" 1337 "DROP TABLE sx;\n" 1338 "COMMIT;\n" 1339 "PRAGMA page_size=1024;\n" 1340 "VACUUM;\n", 1341 dbSqlOnly ? " WHERE isdbsql(sqltext)" : "" 1342 ); 1343 rc = sqlite3_exec(db, zSql, 0, 0, 0); 1344 sqlite3_free(zSql); 1345 if( rc ) fatalError("cannot rebuild: %s", sqlite3_errmsg(db)); 1346 } 1347 1348 /* 1349 ** Return the value of a hexadecimal digit. Return -1 if the input 1350 ** is not a hex digit. 1351 */ 1352 static int hexDigitValue(char c){ 1353 if( c>='0' && c<='9' ) return c - '0'; 1354 if( c>='a' && c<='f' ) return c - 'a' + 10; 1355 if( c>='A' && c<='F' ) return c - 'A' + 10; 1356 return -1; 1357 } 1358 1359 /* 1360 ** Interpret zArg as an integer value, possibly with suffixes. 1361 */ 1362 static int integerValue(const char *zArg){ 1363 sqlite3_int64 v = 0; 1364 static const struct { char *zSuffix; int iMult; } aMult[] = { 1365 { "KiB", 1024 }, 1366 { "MiB", 1024*1024 }, 1367 { "GiB", 1024*1024*1024 }, 1368 { "KB", 1000 }, 1369 { "MB", 1000000 }, 1370 { "GB", 1000000000 }, 1371 { "K", 1000 }, 1372 { "M", 1000000 }, 1373 { "G", 1000000000 }, 1374 }; 1375 int i; 1376 int isNeg = 0; 1377 if( zArg[0]=='-' ){ 1378 isNeg = 1; 1379 zArg++; 1380 }else if( zArg[0]=='+' ){ 1381 zArg++; 1382 } 1383 if( zArg[0]=='0' && zArg[1]=='x' ){ 1384 int x; 1385 zArg += 2; 1386 while( (x = hexDigitValue(zArg[0]))>=0 ){ 1387 v = (v<<4) + x; 1388 zArg++; 1389 } 1390 }else{ 1391 while( ISDIGIT(zArg[0]) ){ 1392 v = v*10 + zArg[0] - '0'; 1393 zArg++; 1394 } 1395 } 1396 for(i=0; i<sizeof(aMult)/sizeof(aMult[0]); i++){ 1397 if( sqlite3_stricmp(aMult[i].zSuffix, zArg)==0 ){ 1398 v *= aMult[i].iMult; 1399 break; 1400 } 1401 } 1402 if( v>0x7fffffff ) fatalError("parameter too large - max 2147483648"); 1403 return (int)(isNeg? -v : v); 1404 } 1405 1406 /* 1407 ** Return the number of "v" characters in a string. Return 0 if there 1408 ** are any characters in the string other than "v". 1409 */ 1410 static int numberOfVChar(const char *z){ 1411 int N = 0; 1412 while( z[0] && z[0]=='v' ){ 1413 z++; 1414 N++; 1415 } 1416 return z[0]==0 ? N : 0; 1417 } 1418 1419 /* 1420 ** Print sketchy documentation for this utility program 1421 */ 1422 static void showHelp(void){ 1423 printf("Usage: %s [options] SOURCE-DB ?ARGS...?\n", g.zArgv0); 1424 printf( 1425 "Read databases and SQL scripts from SOURCE-DB and execute each script against\n" 1426 "each database, checking for crashes and memory leaks.\n" 1427 "Options:\n" 1428 " --cell-size-check Set the PRAGMA cell_size_check=ON\n" 1429 " --dbid N Use only the database where dbid=N\n" 1430 " --export-db DIR Write databases to files(s) in DIR. Works with --dbid\n" 1431 " --export-sql DIR Write SQL to file(s) in DIR. Also works with --sqlid\n" 1432 " --help Show this help text\n" 1433 " --info Show information about SOURCE-DB w/o running tests\n" 1434 " --limit-depth N Limit expression depth to N. Default: 500\n" 1435 " --limit-heap N Limit heap memory to N. Default: 100M\n" 1436 " --limit-mem N Limit memory used by test SQLite instance to N bytes\n" 1437 " --limit-vdbe Panic if any test runs for more than 100,000 cycles\n" 1438 " --load-sql FILE.. Load SQL scripts fron files into SOURCE-DB\n" 1439 " --load-db FILE.. Load template databases from files into SOURCE_DB\n" 1440 " --load-dbsql FILE.. Load dbsqlfuzz outputs into the xsql table\n" 1441 " ^^^^------ Use \"-\" for FILE to read filenames from stdin\n" 1442 " -m TEXT Add a description to the database\n" 1443 " --native-vfs Use the native VFS for initially empty database files\n" 1444 " --native-malloc Turn off MEMSYS3/5 and Lookaside\n" 1445 " --oss-fuzz Enable OSS-FUZZ testing\n" 1446 " --prng-seed N Seed value for the PRGN inside of SQLite\n" 1447 " -q|--quiet Reduced output\n" 1448 " --rebuild Rebuild and vacuum the database file\n" 1449 " --result-trace Show the results of each SQL command\n" 1450 " --skip N Skip the first N test cases\n" 1451 " --spinner Use a spinner to show progress\n" 1452 " --sqlid N Use only SQL where sqlid=N\n" 1453 " --timeout N Maximum time for any one test in N millseconds\n" 1454 " -v|--verbose Increased output. Repeat for more output.\n" 1455 " --vdbe-debug Activate VDBE debugging.\n" 1456 ); 1457 } 1458 1459 int main(int argc, char **argv){ 1460 sqlite3_int64 iBegin; /* Start time of this program */ 1461 int quietFlag = 0; /* True if --quiet or -q */ 1462 int verboseFlag = 0; /* True if --verbose or -v */ 1463 char *zInsSql = 0; /* SQL statement for --load-db or --load-sql */ 1464 int iFirstInsArg = 0; /* First argv[] for --load-db or --load-sql */ 1465 sqlite3 *db = 0; /* The open database connection */ 1466 sqlite3_stmt *pStmt; /* A prepared statement */ 1467 int rc; /* Result code from SQLite interface calls */ 1468 Blob *pSql; /* For looping over SQL scripts */ 1469 Blob *pDb; /* For looping over template databases */ 1470 int i; /* Loop index for the argv[] loop */ 1471 int dbSqlOnly = 0; /* Only use scripts that are dbsqlfuzz */ 1472 int onlySqlid = -1; /* --sqlid */ 1473 int onlyDbid = -1; /* --dbid */ 1474 int nativeFlag = 0; /* --native-vfs */ 1475 int rebuildFlag = 0; /* --rebuild */ 1476 int vdbeLimitFlag = 0; /* --limit-vdbe */ 1477 int infoFlag = 0; /* --info */ 1478 int nSkip = 0; /* --skip */ 1479 int bSpinner = 0; /* True for --spinner */ 1480 int timeoutTest = 0; /* undocumented --timeout-test flag */ 1481 int runFlags = 0; /* Flags sent to runSql() */ 1482 char *zMsg = 0; /* Add this message */ 1483 int nSrcDb = 0; /* Number of source databases */ 1484 char **azSrcDb = 0; /* Array of source database names */ 1485 int iSrcDb; /* Loop over all source databases */ 1486 int nTest = 0; /* Total number of tests performed */ 1487 char *zDbName = ""; /* Appreviated name of a source database */ 1488 const char *zFailCode = 0; /* Value of the TEST_FAILURE env variable */ 1489 int cellSzCkFlag = 0; /* --cell-size-check */ 1490 int sqlFuzz = 0; /* True for SQL fuzz. False for DB fuzz */ 1491 int iTimeout = 120000; /* Default 120-second timeout */ 1492 int nMem = 0; /* Memory limit override */ 1493 int nMemThisDb = 0; /* Memory limit set by the CONFIG table */ 1494 char *zExpDb = 0; /* Write Databases to files in this directory */ 1495 char *zExpSql = 0; /* Write SQL to files in this directory */ 1496 void *pHeap = 0; /* Heap for use by SQLite */ 1497 int ossFuzz = 0; /* enable OSS-FUZZ testing */ 1498 int ossFuzzThisDb = 0; /* ossFuzz value for this particular database */ 1499 int nativeMalloc = 0; /* Turn off MEMSYS3/5 and lookaside if true */ 1500 sqlite3_vfs *pDfltVfs; /* The default VFS */ 1501 int openFlags4Data; /* Flags for sqlite3_open_v2() */ 1502 int bTimer = 0; /* Show elapse time for each test */ 1503 int nV; /* How much to increase verbosity with -vvvv */ 1504 sqlite3_int64 tmStart; /* Start of each test */ 1505 1506 registerOomSimulator(); 1507 sqlite3_initialize(); 1508 iBegin = timeOfDay(); 1509 #ifdef __unix__ 1510 signal(SIGALRM, signalHandler); 1511 signal(SIGSEGV, signalHandler); 1512 signal(SIGABRT, signalHandler); 1513 #endif 1514 g.zArgv0 = argv[0]; 1515 openFlags4Data = SQLITE_OPEN_READONLY; 1516 zFailCode = getenv("TEST_FAILURE"); 1517 pDfltVfs = sqlite3_vfs_find(0); 1518 inmemVfsRegister(1); 1519 for(i=1; i<argc; i++){ 1520 const char *z = argv[i]; 1521 if( z[0]=='-' ){ 1522 z++; 1523 if( z[0]=='-' ) z++; 1524 if( strcmp(z,"cell-size-check")==0 ){ 1525 cellSzCkFlag = 1; 1526 }else 1527 if( strcmp(z,"dbid")==0 ){ 1528 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1529 onlyDbid = integerValue(argv[++i]); 1530 }else 1531 if( strcmp(z,"export-db")==0 ){ 1532 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1533 zExpDb = argv[++i]; 1534 }else 1535 if( strcmp(z,"export-sql")==0 || strcmp(z,"export-dbsql")==0 ){ 1536 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1537 zExpSql = argv[++i]; 1538 }else 1539 if( strcmp(z,"help")==0 ){ 1540 showHelp(); 1541 return 0; 1542 }else 1543 if( strcmp(z,"info")==0 ){ 1544 infoFlag = 1; 1545 }else 1546 if( strcmp(z,"limit-depth")==0 ){ 1547 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1548 depthLimit = integerValue(argv[++i]); 1549 }else 1550 if( strcmp(z,"limit-heap")==0 ){ 1551 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1552 heapLimit = integerValue(argv[++i]); 1553 }else 1554 if( strcmp(z,"limit-mem")==0 ){ 1555 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1556 nMem = integerValue(argv[++i]); 1557 }else 1558 if( strcmp(z,"limit-vdbe")==0 ){ 1559 vdbeLimitFlag = 1; 1560 }else 1561 if( strcmp(z,"load-sql")==0 ){ 1562 zInsSql = "INSERT INTO xsql(sqltext)" 1563 "VALUES(CAST(readtextfile(?1) AS text))"; 1564 iFirstInsArg = i+1; 1565 openFlags4Data = SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE; 1566 break; 1567 }else 1568 if( strcmp(z,"load-db")==0 ){ 1569 zInsSql = "INSERT INTO db(dbcontent) VALUES(readfile(?1))"; 1570 iFirstInsArg = i+1; 1571 openFlags4Data = SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE; 1572 break; 1573 }else 1574 if( strcmp(z,"load-dbsql")==0 ){ 1575 zInsSql = "INSERT INTO xsql(sqltext)" 1576 "VALUES(CAST(readtextfile(?1) AS text))"; 1577 iFirstInsArg = i+1; 1578 openFlags4Data = SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE; 1579 dbSqlOnly = 1; 1580 break; 1581 }else 1582 if( strcmp(z,"m")==0 ){ 1583 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1584 zMsg = argv[++i]; 1585 openFlags4Data = SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE; 1586 }else 1587 if( strcmp(z,"native-malloc")==0 ){ 1588 nativeMalloc = 1; 1589 }else 1590 if( strcmp(z,"native-vfs")==0 ){ 1591 nativeFlag = 1; 1592 }else 1593 if( strcmp(z,"oss-fuzz")==0 ){ 1594 ossFuzz = 1; 1595 }else 1596 if( strcmp(z,"prng-seed")==0 ){ 1597 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1598 g.uRandom = atoi(argv[++i]); 1599 }else 1600 if( strcmp(z,"quiet")==0 || strcmp(z,"q")==0 ){ 1601 quietFlag = 1; 1602 verboseFlag = 0; 1603 eVerbosity = 0; 1604 }else 1605 if( strcmp(z,"rebuild")==0 ){ 1606 rebuildFlag = 1; 1607 openFlags4Data = SQLITE_OPEN_READWRITE; 1608 }else 1609 if( strcmp(z,"result-trace")==0 ){ 1610 runFlags |= SQL_OUTPUT; 1611 }else 1612 if( strcmp(z,"skip")==0 ){ 1613 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1614 nSkip = atoi(argv[++i]); 1615 }else 1616 if( strcmp(z,"spinner")==0 ){ 1617 bSpinner = 1; 1618 }else 1619 if( strcmp(z,"timer")==0 ){ 1620 bTimer = 1; 1621 }else 1622 if( strcmp(z,"sqlid")==0 ){ 1623 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1624 onlySqlid = integerValue(argv[++i]); 1625 }else 1626 if( strcmp(z,"timeout")==0 ){ 1627 if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]); 1628 iTimeout = integerValue(argv[++i]); 1629 }else 1630 if( strcmp(z,"timeout-test")==0 ){ 1631 timeoutTest = 1; 1632 #ifndef __unix__ 1633 fatalError("timeout is not available on non-unix systems"); 1634 #endif 1635 }else 1636 if( strcmp(z,"vdbe-debug")==0 ){ 1637 bVdbeDebug = 1; 1638 }else 1639 if( strcmp(z,"verbose")==0 ){ 1640 quietFlag = 0; 1641 verboseFlag++; 1642 eVerbosity++; 1643 if( verboseFlag>1 ) runFlags |= SQL_TRACE; 1644 }else 1645 if( (nV = numberOfVChar(z))>=1 ){ 1646 quietFlag = 0; 1647 verboseFlag += nV; 1648 eVerbosity += nV; 1649 if( verboseFlag>1 ) runFlags |= SQL_TRACE; 1650 }else 1651 if( strcmp(z,"version")==0 ){ 1652 int ii; 1653 const char *zz; 1654 printf("SQLite %s %s\n", sqlite3_libversion(), sqlite3_sourceid()); 1655 for(ii=0; (zz = sqlite3_compileoption_get(ii))!=0; ii++){ 1656 printf("%s\n", zz); 1657 } 1658 return 0; 1659 }else 1660 { 1661 fatalError("unknown option: %s", argv[i]); 1662 } 1663 }else{ 1664 nSrcDb++; 1665 azSrcDb = safe_realloc(azSrcDb, nSrcDb*sizeof(azSrcDb[0])); 1666 azSrcDb[nSrcDb-1] = argv[i]; 1667 } 1668 } 1669 if( nSrcDb==0 ) fatalError("no source database specified"); 1670 if( nSrcDb>1 ){ 1671 if( zMsg ){ 1672 fatalError("cannot change the description of more than one database"); 1673 } 1674 if( zInsSql ){ 1675 fatalError("cannot import into more than one database"); 1676 } 1677 } 1678 1679 /* Process each source database separately */ 1680 for(iSrcDb=0; iSrcDb<nSrcDb; iSrcDb++){ 1681 g.zDbFile = azSrcDb[iSrcDb]; 1682 rc = sqlite3_open_v2(azSrcDb[iSrcDb], &db, 1683 openFlags4Data, pDfltVfs->zName); 1684 if( rc ){ 1685 fatalError("cannot open source database %s - %s", 1686 azSrcDb[iSrcDb], sqlite3_errmsg(db)); 1687 } 1688 1689 /* Print the description, if there is one */ 1690 if( infoFlag ){ 1691 int n; 1692 zDbName = azSrcDb[iSrcDb]; 1693 i = (int)strlen(zDbName) - 1; 1694 while( i>0 && zDbName[i-1]!='/' && zDbName[i-1]!='\\' ){ i--; } 1695 zDbName += i; 1696 sqlite3_prepare_v2(db, "SELECT msg FROM readme", -1, &pStmt, 0); 1697 if( pStmt && sqlite3_step(pStmt)==SQLITE_ROW ){ 1698 printf("%s: %s", zDbName, sqlite3_column_text(pStmt,0)); 1699 }else{ 1700 printf("%s: (empty \"readme\")", zDbName); 1701 } 1702 sqlite3_finalize(pStmt); 1703 sqlite3_prepare_v2(db, "SELECT count(*) FROM db", -1, &pStmt, 0); 1704 if( pStmt 1705 && sqlite3_step(pStmt)==SQLITE_ROW 1706 && (n = sqlite3_column_int(pStmt,0))>0 1707 ){ 1708 printf(" - %d DBs", n); 1709 } 1710 sqlite3_finalize(pStmt); 1711 sqlite3_prepare_v2(db, "SELECT count(*) FROM xsql", -1, &pStmt, 0); 1712 if( pStmt 1713 && sqlite3_step(pStmt)==SQLITE_ROW 1714 && (n = sqlite3_column_int(pStmt,0))>0 1715 ){ 1716 printf(" - %d scripts", n); 1717 } 1718 sqlite3_finalize(pStmt); 1719 printf("\n"); 1720 sqlite3_close(db); 1721 continue; 1722 } 1723 1724 rc = sqlite3_exec(db, 1725 "CREATE TABLE IF NOT EXISTS db(\n" 1726 " dbid INTEGER PRIMARY KEY, -- database id\n" 1727 " dbcontent BLOB -- database disk file image\n" 1728 ");\n" 1729 "CREATE TABLE IF NOT EXISTS xsql(\n" 1730 " sqlid INTEGER PRIMARY KEY, -- SQL script id\n" 1731 " sqltext TEXT -- Text of SQL statements to run\n" 1732 ");" 1733 "CREATE TABLE IF NOT EXISTS readme(\n" 1734 " msg TEXT -- Human-readable description of this file\n" 1735 ");", 0, 0, 0); 1736 if( rc ) fatalError("cannot create schema: %s", sqlite3_errmsg(db)); 1737 if( zMsg ){ 1738 char *zSql; 1739 zSql = sqlite3_mprintf( 1740 "DELETE FROM readme; INSERT INTO readme(msg) VALUES(%Q)", zMsg); 1741 rc = sqlite3_exec(db, zSql, 0, 0, 0); 1742 sqlite3_free(zSql); 1743 if( rc ) fatalError("cannot change description: %s", sqlite3_errmsg(db)); 1744 } 1745 ossFuzzThisDb = ossFuzz; 1746 1747 /* If the CONFIG(name,value) table exists, read db-specific settings 1748 ** from that table */ 1749 if( sqlite3_table_column_metadata(db,0,"config",0,0,0,0,0,0)==SQLITE_OK ){ 1750 rc = sqlite3_prepare_v2(db, "SELECT name, value FROM config", 1751 -1, &pStmt, 0); 1752 if( rc ) fatalError("cannot prepare query of CONFIG table: %s", 1753 sqlite3_errmsg(db)); 1754 while( SQLITE_ROW==sqlite3_step(pStmt) ){ 1755 const char *zName = (const char *)sqlite3_column_text(pStmt,0); 1756 if( zName==0 ) continue; 1757 if( strcmp(zName, "oss-fuzz")==0 ){ 1758 ossFuzzThisDb = sqlite3_column_int(pStmt,1); 1759 if( verboseFlag ) printf("Config: oss-fuzz=%d\n", ossFuzzThisDb); 1760 } 1761 if( strcmp(zName, "limit-mem")==0 ){ 1762 nMemThisDb = sqlite3_column_int(pStmt,1); 1763 if( verboseFlag ) printf("Config: limit-mem=%d\n", nMemThisDb); 1764 } 1765 } 1766 sqlite3_finalize(pStmt); 1767 } 1768 1769 if( zInsSql ){ 1770 sqlite3_create_function(db, "readfile", 1, SQLITE_UTF8, 0, 1771 readfileFunc, 0, 0); 1772 sqlite3_create_function(db, "readtextfile", 1, SQLITE_UTF8, 0, 1773 readtextfileFunc, 0, 0); 1774 sqlite3_create_function(db, "isdbsql", 1, SQLITE_UTF8, 0, 1775 isDbSqlFunc, 0, 0); 1776 rc = sqlite3_prepare_v2(db, zInsSql, -1, &pStmt, 0); 1777 if( rc ) fatalError("cannot prepare statement [%s]: %s", 1778 zInsSql, sqlite3_errmsg(db)); 1779 rc = sqlite3_exec(db, "BEGIN", 0, 0, 0); 1780 if( rc ) fatalError("cannot start a transaction"); 1781 for(i=iFirstInsArg; i<argc; i++){ 1782 if( strcmp(argv[i],"-")==0 ){ 1783 /* A filename of "-" means read multiple filenames from stdin */ 1784 char zLine[2000]; 1785 while( rc==0 && fgets(zLine,sizeof(zLine),stdin)!=0 ){ 1786 size_t kk = strlen(zLine); 1787 while( kk>0 && zLine[kk-1]<=' ' ) kk--; 1788 sqlite3_bind_text(pStmt, 1, zLine, kk, SQLITE_STATIC); 1789 if( verboseFlag ) printf("loading %.*s\n", (int)kk, zLine); 1790 sqlite3_step(pStmt); 1791 rc = sqlite3_reset(pStmt); 1792 if( rc ) fatalError("insert failed for %s", zLine); 1793 } 1794 }else{ 1795 sqlite3_bind_text(pStmt, 1, argv[i], -1, SQLITE_STATIC); 1796 if( verboseFlag ) printf("loading %s\n", argv[i]); 1797 sqlite3_step(pStmt); 1798 rc = sqlite3_reset(pStmt); 1799 if( rc ) fatalError("insert failed for %s", argv[i]); 1800 } 1801 } 1802 sqlite3_finalize(pStmt); 1803 rc = sqlite3_exec(db, "COMMIT", 0, 0, 0); 1804 if( rc ) fatalError("cannot commit the transaction: %s", 1805 sqlite3_errmsg(db)); 1806 rebuild_database(db, dbSqlOnly); 1807 sqlite3_close(db); 1808 return 0; 1809 } 1810 rc = sqlite3_exec(db, "PRAGMA query_only=1;", 0, 0, 0); 1811 if( rc ) fatalError("cannot set database to query-only"); 1812 if( zExpDb!=0 || zExpSql!=0 ){ 1813 sqlite3_create_function(db, "writefile", 2, SQLITE_UTF8, 0, 1814 writefileFunc, 0, 0); 1815 if( zExpDb!=0 ){ 1816 const char *zExDb = 1817 "SELECT writefile(printf('%s/db%06d.db',?1,dbid),dbcontent)," 1818 " dbid, printf('%s/db%06d.db',?1,dbid), length(dbcontent)" 1819 " FROM db WHERE ?2<0 OR dbid=?2;"; 1820 rc = sqlite3_prepare_v2(db, zExDb, -1, &pStmt, 0); 1821 if( rc ) fatalError("cannot prepare statement [%s]: %s", 1822 zExDb, sqlite3_errmsg(db)); 1823 sqlite3_bind_text64(pStmt, 1, zExpDb, strlen(zExpDb), 1824 SQLITE_STATIC, SQLITE_UTF8); 1825 sqlite3_bind_int(pStmt, 2, onlyDbid); 1826 while( sqlite3_step(pStmt)==SQLITE_ROW ){ 1827 printf("write db-%d (%d bytes) into %s\n", 1828 sqlite3_column_int(pStmt,1), 1829 sqlite3_column_int(pStmt,3), 1830 sqlite3_column_text(pStmt,2)); 1831 } 1832 sqlite3_finalize(pStmt); 1833 } 1834 if( zExpSql!=0 ){ 1835 const char *zExSql = 1836 "SELECT writefile(printf('%s/sql%06d.txt',?1,sqlid),sqltext)," 1837 " sqlid, printf('%s/sql%06d.txt',?1,sqlid), length(sqltext)" 1838 " FROM xsql WHERE ?2<0 OR sqlid=?2;"; 1839 rc = sqlite3_prepare_v2(db, zExSql, -1, &pStmt, 0); 1840 if( rc ) fatalError("cannot prepare statement [%s]: %s", 1841 zExSql, sqlite3_errmsg(db)); 1842 sqlite3_bind_text64(pStmt, 1, zExpSql, strlen(zExpSql), 1843 SQLITE_STATIC, SQLITE_UTF8); 1844 sqlite3_bind_int(pStmt, 2, onlySqlid); 1845 while( sqlite3_step(pStmt)==SQLITE_ROW ){ 1846 printf("write sql-%d (%d bytes) into %s\n", 1847 sqlite3_column_int(pStmt,1), 1848 sqlite3_column_int(pStmt,3), 1849 sqlite3_column_text(pStmt,2)); 1850 } 1851 sqlite3_finalize(pStmt); 1852 } 1853 sqlite3_close(db); 1854 return 0; 1855 } 1856 1857 /* Load all SQL script content and all initial database images from the 1858 ** source db 1859 */ 1860 blobListLoadFromDb(db, "SELECT sqlid, sqltext FROM xsql", onlySqlid, 1861 &g.nSql, &g.pFirstSql); 1862 if( g.nSql==0 ) fatalError("need at least one SQL script"); 1863 blobListLoadFromDb(db, "SELECT dbid, dbcontent FROM db", onlyDbid, 1864 &g.nDb, &g.pFirstDb); 1865 if( g.nDb==0 ){ 1866 g.pFirstDb = safe_realloc(0, sizeof(Blob)); 1867 memset(g.pFirstDb, 0, sizeof(Blob)); 1868 g.pFirstDb->id = 1; 1869 g.pFirstDb->seq = 0; 1870 g.nDb = 1; 1871 sqlFuzz = 1; 1872 } 1873 1874 /* Print the description, if there is one */ 1875 if( !quietFlag ){ 1876 zDbName = azSrcDb[iSrcDb]; 1877 i = (int)strlen(zDbName) - 1; 1878 while( i>0 && zDbName[i-1]!='/' && zDbName[i-1]!='\\' ){ i--; } 1879 zDbName += i; 1880 sqlite3_prepare_v2(db, "SELECT msg FROM readme", -1, &pStmt, 0); 1881 if( pStmt && sqlite3_step(pStmt)==SQLITE_ROW ){ 1882 printf("%s: %s\n", zDbName, sqlite3_column_text(pStmt,0)); 1883 } 1884 sqlite3_finalize(pStmt); 1885 } 1886 1887 /* Rebuild the database, if requested */ 1888 if( rebuildFlag ){ 1889 if( !quietFlag ){ 1890 printf("%s: rebuilding... ", zDbName); 1891 fflush(stdout); 1892 } 1893 rebuild_database(db, 0); 1894 if( !quietFlag ) printf("done\n"); 1895 } 1896 1897 /* Close the source database. Verify that no SQLite memory allocations are 1898 ** outstanding. 1899 */ 1900 sqlite3_close(db); 1901 if( sqlite3_memory_used()>0 ){ 1902 fatalError("SQLite has memory in use before the start of testing"); 1903 } 1904 1905 /* Limit available memory, if requested */ 1906 sqlite3_shutdown(); 1907 1908 if( nMemThisDb>0 && nMem==0 ){ 1909 if( !nativeMalloc ){ 1910 pHeap = realloc(pHeap, nMemThisDb); 1911 if( pHeap==0 ){ 1912 fatalError("failed to allocate %d bytes of heap memory", nMem); 1913 } 1914 sqlite3_config(SQLITE_CONFIG_HEAP, pHeap, nMemThisDb, 128); 1915 }else{ 1916 sqlite3_hard_heap_limit64((sqlite3_int64)nMemThisDb); 1917 } 1918 }else{ 1919 sqlite3_hard_heap_limit64(0); 1920 } 1921 1922 /* Disable lookaside with the --native-malloc option */ 1923 if( nativeMalloc ){ 1924 sqlite3_config(SQLITE_CONFIG_LOOKASIDE, 0, 0); 1925 } 1926 1927 /* Reset the in-memory virtual filesystem */ 1928 formatVfs(); 1929 1930 /* Run a test using each SQL script against each database. 1931 */ 1932 if( !verboseFlag && !quietFlag && !bSpinner ) printf("%s:", zDbName); 1933 for(pSql=g.pFirstSql; pSql; pSql=pSql->pNext){ 1934 tmStart = timeOfDay(); 1935 if( isDbSql(pSql->a, pSql->sz) ){ 1936 sqlite3_snprintf(sizeof(g.zTestName), g.zTestName, "sqlid=%d",pSql->id); 1937 if( bSpinner ){ 1938 int nTotal =g.nSql; 1939 int idx = pSql->seq; 1940 printf("\r%s: %d/%d ", zDbName, idx, nTotal); 1941 fflush(stdout); 1942 }else if( verboseFlag ){ 1943 printf("%s\n", g.zTestName); 1944 fflush(stdout); 1945 }else if( !quietFlag ){ 1946 static int prevAmt = -1; 1947 int idx = pSql->seq; 1948 int amt = idx*10/(g.nSql); 1949 if( amt!=prevAmt ){ 1950 printf(" %d%%", amt*10); 1951 fflush(stdout); 1952 prevAmt = amt; 1953 } 1954 } 1955 if( nSkip>0 ){ 1956 nSkip--; 1957 }else{ 1958 runCombinedDbSqlInput(pSql->a, pSql->sz, iTimeout); 1959 } 1960 nTest++; 1961 if( bTimer ){ 1962 sqlite3_int64 tmEnd = timeOfDay(); 1963 printf("%lld %s\n", tmEnd - tmStart, g.zTestName); 1964 } 1965 g.zTestName[0] = 0; 1966 disableOom(); 1967 continue; 1968 } 1969 for(pDb=g.pFirstDb; pDb; pDb=pDb->pNext){ 1970 int openFlags; 1971 const char *zVfs = "inmem"; 1972 sqlite3_snprintf(sizeof(g.zTestName), g.zTestName, "sqlid=%d,dbid=%d", 1973 pSql->id, pDb->id); 1974 if( bSpinner ){ 1975 int nTotal = g.nDb*g.nSql; 1976 int idx = pSql->seq*g.nDb + pDb->id - 1; 1977 printf("\r%s: %d/%d ", zDbName, idx, nTotal); 1978 fflush(stdout); 1979 }else if( verboseFlag ){ 1980 printf("%s\n", g.zTestName); 1981 fflush(stdout); 1982 }else if( !quietFlag ){ 1983 static int prevAmt = -1; 1984 int idx = pSql->seq*g.nDb + pDb->id - 1; 1985 int amt = idx*10/(g.nDb*g.nSql); 1986 if( amt!=prevAmt ){ 1987 printf(" %d%%", amt*10); 1988 fflush(stdout); 1989 prevAmt = amt; 1990 } 1991 } 1992 if( nSkip>0 ){ 1993 nSkip--; 1994 continue; 1995 } 1996 createVFile("main.db", pDb->sz, pDb->a); 1997 sqlite3_randomness(0,0); 1998 if( ossFuzzThisDb ){ 1999 #ifndef SQLITE_OSS_FUZZ 2000 fatalError("--oss-fuzz not supported: recompile" 2001 " with -DSQLITE_OSS_FUZZ"); 2002 #else 2003 extern int LLVMFuzzerTestOneInput(const uint8_t*, size_t); 2004 LLVMFuzzerTestOneInput((const uint8_t*)pSql->a, (size_t)pSql->sz); 2005 #endif 2006 }else{ 2007 openFlags = SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE; 2008 if( nativeFlag && pDb->sz==0 ){ 2009 openFlags |= SQLITE_OPEN_MEMORY; 2010 zVfs = 0; 2011 } 2012 rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs); 2013 if( rc ) fatalError("cannot open inmem database"); 2014 sqlite3_limit(db, SQLITE_LIMIT_LENGTH, 100000000); 2015 sqlite3_limit(db, SQLITE_LIMIT_LIKE_PATTERN_LENGTH, 50); 2016 if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags); 2017 setAlarm((iTimeout+999)/1000); 2018 /* Enable test functions */ 2019 sqlite3_test_control(SQLITE_TESTCTRL_INTERNAL_FUNCTIONS, db); 2020 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK 2021 if( sqlFuzz || vdbeLimitFlag ){ 2022 sqlite3_progress_handler(db, 100000, progressHandler, 2023 &vdbeLimitFlag); 2024 } 2025 #endif 2026 #ifdef SQLITE_TESTCTRL_PRNG_SEED 2027 sqlite3_test_control(SQLITE_TESTCTRL_PRNG_SEED, 1, db); 2028 #endif 2029 if( bVdbeDebug ){ 2030 sqlite3_exec(db, "PRAGMA vdbe_debug=ON", 0, 0, 0); 2031 } 2032 do{ 2033 runSql(db, (char*)pSql->a, runFlags); 2034 }while( timeoutTest ); 2035 setAlarm(0); 2036 sqlite3_exec(db, "PRAGMA temp_store_directory=''", 0, 0, 0); 2037 sqlite3_close(db); 2038 } 2039 if( sqlite3_memory_used()>0 ){ 2040 fatalError("memory leak: %lld bytes outstanding", 2041 sqlite3_memory_used()); 2042 } 2043 reformatVfs(); 2044 nTest++; 2045 if( bTimer ){ 2046 sqlite3_int64 tmEnd = timeOfDay(); 2047 printf("%lld %s\n", tmEnd - tmStart, g.zTestName); 2048 } 2049 g.zTestName[0] = 0; 2050 2051 /* Simulate an error if the TEST_FAILURE environment variable is "5". 2052 ** This is used to verify that automated test script really do spot 2053 ** errors that occur in this test program. 2054 */ 2055 if( zFailCode ){ 2056 if( zFailCode[0]=='5' && zFailCode[1]==0 ){ 2057 fatalError("simulated failure"); 2058 }else if( zFailCode[0]!=0 ){ 2059 /* If TEST_FAILURE is something other than 5, just exit the test 2060 ** early */ 2061 printf("\nExit early due to TEST_FAILURE being set\n"); 2062 iSrcDb = nSrcDb-1; 2063 goto sourcedb_cleanup; 2064 } 2065 } 2066 } 2067 } 2068 if( bSpinner ){ 2069 int nTotal = g.nDb*g.nSql; 2070 printf("\r%s: %d/%d \n", zDbName, nTotal, nTotal); 2071 }else if( !quietFlag && !verboseFlag ){ 2072 printf(" 100%% - %d tests\n", g.nDb*g.nSql); 2073 } 2074 2075 /* Clean up at the end of processing a single source database 2076 */ 2077 sourcedb_cleanup: 2078 blobListFree(g.pFirstSql); 2079 blobListFree(g.pFirstDb); 2080 reformatVfs(); 2081 2082 } /* End loop over all source databases */ 2083 2084 if( !quietFlag ){ 2085 sqlite3_int64 iElapse = timeOfDay() - iBegin; 2086 printf("fuzzcheck: 0 errors out of %d tests in %d.%03d seconds\n" 2087 "SQLite %s %s\n", 2088 nTest, (int)(iElapse/1000), (int)(iElapse%1000), 2089 sqlite3_libversion(), sqlite3_sourceid()); 2090 } 2091 free(azSrcDb); 2092 free(pHeap); 2093 return 0; 2094 }