testing/libfuzzer/fuzzers/sqlite3_prepare_v2_fuzzer.cc - Issue 2497603002: Limit memory usage for sqlite3 fuzzer + move it to sqlite dir.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: testing/libfuzzer/fuzzers/sqlite3_prepare_v2_fuzzer.cc

Issue 2497603002: Limit memory usage for sqlite3 fuzzer + move it to sqlite dir. (Closed)

Patch Set: Fix nits. Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include <stddef.h>

6 #include <stdint.h>

7

8 #include <algorithm>

9 #include <array>

10 #include <string>

11 #include <vector>

12

13 #include "third_party/sqlite/sqlite3.h"

14

15

16 static const std::array<uint8_t, 6> kBadKeyword{{'R', 'E', 'G', 'E', 'X', 'P'}};

17

18

19 bool checkForBadKeyword(const uint8_t* data, size_t size) {

20 auto it = std::search(

21 data, data + size, kBadKeyword.begin(), kBadKeyword.end(),

22 [](char c1, char c2) { return std::toupper(c1) == std::toupper(c2); });

23

24 if (it != data + size)

25 return true;

26

27 return false;

28 }

29

30

31 static int Progress(void *not_used_ptr) {

32 return 1;

33 }

34

35

36 // Entry point for LibFuzzer.

37 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

38 if (size < 2)

39 return 0;

40

41 if (checkForBadKeyword(data, size))

42 return 0;

43

44 sqlite3* db;

45 int return_code = sqlite3_open_v2(

46 "db.db",

47 &db,

48 SQLITE_OPEN_READWRITE \| SQLITE_OPEN_CREATE \| SQLITE_OPEN_MEMORY, 0);

49

50

51 if (SQLITE_OK != return_code)

52 return 0;

53

54 // Use first byte as random selector for other parameters.

55 int selector = data[0];

56

57 // To cover both cases when progress_handler is used and isn't used.

58 if (selector & 1)

59 sqlite3_progress_handler(db, 4, &Progress, NULL);

60 else

61 sqlite3_progress_handler(db, 0, NULL, NULL);

62

63 // Remove least significant bit to make further usage of selector independent.

64 selector >>= 1;

65

66 sqlite3_stmt* statement = NULL;

67 int result = sqlite3_prepare_v2(db, reinterpret_cast<const char*>(data + 1),

68 static_cast<int>(size - 1), &statement, NULL);

69 if (result == SQLITE_OK) {

70 // Use selector value to randomize number of iterations.

71 for (int i = 0; i < selector; i++) {

72 if (sqlite3_step(statement) != SQLITE_ROW)

73 break;

74 }

75

76 sqlite3_finalize(statement);

77 }

78

79 sqlite3_close(db);

80 return 0;

81 }

OLD	NEW

« no previous file with comments | « testing/libfuzzer/fuzzers/dicts/generated/sqlite3_prepare_v2_fuzzer.dict ('k') | third_party/sqlite/BUILD.gn » ('j') | no next file with comments »