// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include #include #include #include #include #include #include "sqlite3.h" static const std::array kBadKeyword{{'R', 'E', 'G', 'E', 'X', 'P'}}; bool checkForBadKeyword(const uint8_t* data, size_t size) { auto it = std::search( data, data + size, kBadKeyword.begin(), kBadKeyword.end(), [](char c1, char c2) { return std::toupper(c1) == std::toupper(c2); }); if (it != data + size) return true; return false; } static int Progress(void *not_used_ptr) { return 1; } // Entry point for LibFuzzer. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { if (size < 2) return 0; if (checkForBadKeyword(data, size)) return 0; sqlite3* db; int return_code = sqlite3_open_v2( "db.db", &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY, 0); if (SQLITE_OK != return_code) return 0; // Use first byte as random selector for other parameters. int selector = data[0]; // To cover both cases when progress_handler is used and isn't used. if (selector & 1) sqlite3_progress_handler(db, 4, &Progress, NULL); else sqlite3_progress_handler(db, 0, NULL, NULL); // Remove least significant bit to make further usage of selector independent. selector >>= 1; sqlite3_stmt* statement = NULL; int result = sqlite3_prepare_v2(db, reinterpret_cast(data + 1), static_cast(size - 1), &statement, NULL); if (result == SQLITE_OK) { // Use selector value to randomize number of iterations. for (int i = 0; i < selector; i++) { if (sqlite3_step(statement) != SQLITE_ROW) break; } sqlite3_finalize(statement); } sqlite3_close(db); return 0; }