third_party/sqlite/patches/0011-Add-dbfuzz2-progress-handler-patch.patch - chromium/src - Git at Google

 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Darwin Huang <huangdarwin@chromium.org>
 Date: Wed, 27 Mar 2019 12:10:17 -0700
 Subject: [PATCH 11/11] Add dbfuzz2 progress handler patch

 This backports https://www.sqlite.org/src/info/b99f8512c06b9d47

 Bug: 925890
 ---
  third_party/sqlite/patched/test/dbfuzz2.c | 31 +++++++++++++++++++++++
  1 file changed, 31 insertions(+)

 diff --git a/third_party/sqlite/patched/test/dbfuzz2.c b/third_party/sqlite/patched/test/dbfuzz2.c
 index dd1ed061717b..6eca1f7f32ae 100644
 --- a/third_party/sqlite/patched/test/dbfuzz2.c
 +++ b/third_party/sqlite/patched/test/dbfuzz2.c
 @@ -74,6 +74,10 @@ static int bVdbeDebug = 0;
  /* Maximum size of the in-memory database file */
  static sqlite3_int64 szMax = 104857600;

 +/* Progress handler callback data */
 +static int nCb = 0;                  /* Number of callbacks seen so far */
 +static int mxCb = 250000;            /* Maximum allowed callbacks */
 +
  /***** Copy/paste from ext/misc/memtrace.c ***************************/
  /* The original memory allocation routines */
  static sqlite3_mem_methods memtraceBase;
 @@ -157,6 +161,21 @@ int sqlite3MemTraceDeactivate(void){
  }
  /***** End copy/paste from ext/misc/memtrace.c ***************************/

 +/*
 +** Progress handler callback
 +**
 +** Count the number of callbacks and cause an abort once the limit is
 +** reached.
 +*/
 +static int progress_handler(void *pNotUsed){
 +  nCb++;
 +  if( nCb<mxCb ) return 0;
 +  if( eVerbosity>=1 ){
 +    printf("-- Progress limit of %d reached\n", mxCb);
 +  }
 +  return 1;
 +}
 +
  /* libFuzzer invokes this routine with fuzzed database files (in aData).
  ** This routine run SQLite against the malformed database to see if it
  ** can provoke a failure or malfunction.
 @@ -187,12 +206,16 @@ int LLVMFuzzerTestOneInput(const uint8_t *aData, size_t nByte){
    if( bVdbeDebug ){
      sqlite3_exec(db, "PRAGMA vdbe_debug=ON", 0, 0, 0);
    }
 +  if( mxCb>0 ){
 +    sqlite3_progress_handler(db, 10, progress_handler, 0);
 +  }
    for(i=0; i<sizeof(azSql)/sizeof(azSql[0]); i++){
      if( eVerbosity>=1 ){
        printf("%s\n", azSql[i]);
        fflush(stdout);
      }
      zErr = 0;
 +    nCb = 0;
      rc = sqlite3_exec(db, azSql[i], 0, 0, &zErr);
      if( rc && eVerbosity>=1 ){
        printf("-- rc=%d zErr=%s\n", rc, zErr);
 @@ -247,6 +270,14 @@ int LLVMFuzzerInitialize(int *pArgc, char ***pArgv){
          bVdbeDebug = 1;
          continue;
        }
 +      if( strcmp(z,"limit")==0 ){
 +        if( i+1==argc ){
 +          fprintf(stderr, "missing argument to %s\n", argv[i]);
 +          exit(1);
 +        }
 +        mxCb = strtol(argv[++i], 0, 0);
 +        continue;
 +      }
        if( strcmp(z,"memtrace")==0 ){
          sqlite3MemTraceActivate(stdout);
          continue;
 --
 2.20.1
	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	From: Darwin Huang <huangdarwin@chromium.org>
	Date: Wed, 27 Mar 2019 12:10:17 -0700
	Subject: [PATCH 11/11] Add dbfuzz2 progress handler patch

	This backports https://www.sqlite.org/src/info/b99f8512c06b9d47

	Bug: 925890
	---
	third_party/sqlite/patched/test/dbfuzz2.c \| 31 +++++++++++++++++++++++
	1 file changed, 31 insertions(+)

	diff --git a/third_party/sqlite/patched/test/dbfuzz2.c b/third_party/sqlite/patched/test/dbfuzz2.c
	index dd1ed061717b..6eca1f7f32ae 100644
	--- a/third_party/sqlite/patched/test/dbfuzz2.c
	+++ b/third_party/sqlite/patched/test/dbfuzz2.c
	@@ -74,6 +74,10 @@ static int bVdbeDebug = 0;
	/* Maximum size of the in-memory database file */
	static sqlite3_int64 szMax = 104857600;

	+/* Progress handler callback data */
	+static int nCb = 0; /* Number of callbacks seen so far */
	+static int mxCb = 250000; /* Maximum allowed callbacks */
	+
	/*** Copy/paste from ext/misc/memtrace.c *************************/
	/* The original memory allocation routines */
	static sqlite3_mem_methods memtraceBase;
	@@ -157,6 +161,21 @@ int sqlite3MemTraceDeactivate(void){
	}
	/*** End copy/paste from ext/misc/memtrace.c *************************/

	+/*
	+** Progress handler callback
	+**
	+** Count the number of callbacks and cause an abort once the limit is
	+** reached.
	+*/
	+static int progress_handler(void *pNotUsed){
	+ nCb++;
	+ if( nCb<mxCb ) return 0;
	+ if( eVerbosity>=1 ){
	+ printf("-- Progress limit of %d reached\n", mxCb);
	+ }
	+ return 1;
	+}
	+
	/* libFuzzer invokes this routine with fuzzed database files (in aData).
	** This routine run SQLite against the malformed database to see if it
	** can provoke a failure or malfunction.
	@@ -187,12 +206,16 @@ int LLVMFuzzerTestOneInput(const uint8_t *aData, size_t nByte){
	if( bVdbeDebug ){
	sqlite3_exec(db, "PRAGMA vdbe_debug=ON", 0, 0, 0);
	}
	+ if( mxCb>0 ){
	+ sqlite3_progress_handler(db, 10, progress_handler, 0);
	+ }
	for(i=0; i<sizeof(azSql)/sizeof(azSql[0]); i++){
	if( eVerbosity>=1 ){
	printf("%s\n", azSql[i]);
	fflush(stdout);
	}
	zErr = 0;
	+ nCb = 0;
	rc = sqlite3_exec(db, azSql[i], 0, 0, &zErr);
	if( rc && eVerbosity>=1 ){
	printf("-- rc=%d zErr=%s\n", rc, zErr);
	@@ -247,6 +270,14 @@ int LLVMFuzzerInitialize(int pArgc, char **pArgv){
	bVdbeDebug = 1;
	continue;
	}
	+ if( strcmp(z,"limit")==0 ){
	+ if( i+1==argc ){
	+ fprintf(stderr, "missing argument to %s\n", argv[i]);
	+ exit(1);
	+ }
	+ mxCb = strtol(argv[++i], 0, 0);
	+ continue;
	+ }
	if( strcmp(z,"memtrace")==0 ){
	sqlite3MemTraceActivate(stdout);
	continue;
	--
	2.20.1