New issue
Advanced search Search tips

Issue 900482 link

Starred by 1 user
Status: Fixed
Owner:
mpdenton@chromium.org
Closed: Dec 15
Cc:
mmoroz@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

sqlite fuzzers are completely ineffective

Project Member Reported by och...@chromium.org, Oct 31

Comment 1 by mmoroz@chromium.org, Oct 31 

Issue 665384 has been merged into this issue.

Comment 2 by mmoroz@chromium.org, Oct 31 

I think the sqlite3 version was upgraded a few times over the past year(s). We should probably delete the existing fuzz target (https://cs.chromium.org/chromium/src/third_party/sqlite/fuzz/sqlite3_prepare_v2_fuzzer.cc) and use the upstream one instead (https://cs.chromium.org/chromium/src/third_party/sqlite/sqlite-src-3250200/test/ossfuzz.c).

Comment 3 by mmoroz@chromium.org, Oct 31 

In addition to c#2, we have ossfuzz.c which was manually added a while ago (https://cs.chromium.org/chromium/src/third_party/sqlite/fuzz/ossfuzz.c -- this also needs to be removed.

Correct link to the upstream fuzz target should be: https://cs.chromium.org/chromium/src/third_party/sqlite/src/test/ossfuzz.c

Comment 4 by mpdenton@google.com, Nov 5

Owner: mpdenton@chromium.org
Status: Assigned (was: Untriaged)
I can try to tackle this.

Comment 5 by infe...@chromium.org, Nov 5 

Please also check if this other fuzz target is even needed since it seems to be crashing as well.

fuzzer_test("sqlite3_prepare_v2_fuzzer") {
  sources = [
    "fuzz/sqlite3_prepare_v2_fuzzer.cc",
  ]
  deps = [
    ":sqlite",
  ]
  dict = "fuzz/sqlite3_prepare_v2_fuzzer.dict"
}

Comment 6 by mmoroz@chromium.org, Nov 5 

It's not needed. Two existing targets should be deleted and the upstream version of ossfuzz.c should be used instead.
Project Member

Comment 7 by bugdroid1@chromium.org, Nov 16 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5cb3a6cd8648c1585a8bd47c8333c5e406476527

commit 5cb3a6cd8648c1585a8bd47c8333c5e406476527
Author: Matthew Denton <mpdenton@chromium.org>
Date: Fri Nov 16 21:55:21 2018

Fixed sqlite fuzzer to use upstream version

Deleted our custom sqlite fuzzers that crash on startup. Also added a
patch for the upstream version of ossfuzz.c so that it will actually
compile and run with our config (SQLITE_OMIT_PROGRESS_CALLBACK and
SQLITE_OMIT_AUTOINIT both caused issues).

Bug:  900482 
Change-Id: Ib314a8589b6c7b6e53704a2ae15bf69c0a62fcdf
Reviewed-on: https://chromium-review.googlesource.com/c/1330292
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608967}
[modify] https://crrev.com/5cb3a6cd8648c1585a8bd47c8333c5e406476527/third_party/sqlite/BUILD.gn
[delete] https://crrev.com/bda447c5128013852f89a0601dd35847fd2b2710/third_party/sqlite/fuzz/ossfuzz.c
[modify] https://crrev.com/5cb3a6cd8648c1585a8bd47c8333c5e406476527/third_party/sqlite/fuzz/sql.dict
[delete] https://crrev.com/bda447c5128013852f89a0601dd35847fd2b2710/third_party/sqlite/fuzz/sqlite3_prepare_v2_fuzzer.cc
[delete] https://crrev.com/bda447c5128013852f89a0601dd35847fd2b2710/third_party/sqlite/fuzz/sqlite3_prepare_v2_fuzzer.dict
[add] https://crrev.com/5cb3a6cd8648c1585a8bd47c8333c5e406476527/third_party/sqlite/patches/0010-Fix-ossfuzz.c-to-compile-and-run-with-our-config.patch
[modify] https://crrev.com/5cb3a6cd8648c1585a8bd47c8333c5e406476527/third_party/sqlite/src/test/ossfuzz.c

Comment 8 by mpdenton@chromium.org, Dec 15

Status: Fixed (was: Assigned)

Sign in to add a comment