projects/mysql-server/targets/fuzz_real_query.cc - platform/external/oss-fuzz - Git at Google

 #include <stdint.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string>
 #include <iostream>
 #include <mysql.h>
 #include <mysql/client_plugin.h>
 #include <mysqld_error.h>
 #include "violite.h"

 using namespace std;
 FILE *logfile = NULL;

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     MYSQL mysql;
     long flags;
     bool opt_cleartext = true;
     unsigned int opt_ssl = SSL_MODE_DISABLED;
     MYSQL_RES *result;

     if (Size < sizeof(unsigned long)) {
         return 0;
     }
     if (logfile == NULL) {
         logfile = fopen("/dev/null", "w");
     }
     memcpy(&flags, Data + Size - sizeof(unsigned long), sizeof(unsigned long));
     mysql_init(&mysql);
     mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, &opt_cleartext);
     mysql_options(&mysql, MYSQL_OPT_SSL_MODE, &opt_ssl);
     mysql.options.protocol = MYSQL_PROTOCOL_FUZZ;
     // The fuzzing takes place on network data received from server
     sock_initfuzz(Data,Size - sizeof(unsigned long));
     if (!mysql_real_connect(&mysql, "localhost", "root", "root", "dbname", 0, NULL, flags)) {
         goto out;
     } else {
         fprintf(logfile, "The last inserted row id is: %llu\n", mysql_insert_id(&mysql));
         fprintf(logfile, "%llu affected rows\n", mysql_affected_rows(&mysql));
         mysql_info(&mysql);
     }

     mysql_query(&mysql, "CREATE DATABASE fuzzbase");
     if (mysql_query(&mysql, "SELECT * FROM CARS")) {
         goto out;
     }
     result = mysql_store_result(&mysql);
     if (result != NULL) {
         int num_fields = mysql_num_fields(result);
         MYSQL_FIELD *field;
         while((field = mysql_fetch_field(result))) {
             fprintf(logfile, "%s\n", field->name);
         }
         MYSQL_ROW row = mysql_fetch_row(result);
         unsigned long * lengths = mysql_fetch_lengths(result);
         while (row ) {
             for(int i = 0; i < num_fields; i++) {
                 fprintf(logfile, "length %lu, %s\n", lengths[i], row[i] ? row[i] : "NULL");
             }
             row = mysql_fetch_row(result);
         }
         mysql_free_result(result);
     }
     result = mysql_list_dbs(&mysql, NULL);
     if (result) {
         mysql_free_result(result);
     }
     result = mysql_list_tables(&mysql, NULL);
     if (result) {
         mysql_free_result(result);
     }
     result = mysql_list_fields(&mysql, "sometable", NULL);
     if (result) {
         mysql_free_result(result);
     }
     result = mysql_list_processes(&mysql);
     if (result) {
         mysql_free_result(result);
     }
     mysql_ping(&mysql);

     if (mysql_change_user(&mysql, "user", "password", "new_database")) {
         goto out;
     }
     if (mysql_query(&mysql, "INSERT INTO Fuzzers(Name) VALUES('myfuzzer')") == 0) {
         fprintf(logfile, "The last inserted row id is: %llu\n", mysql_insert_id(&mysql));
         fprintf(logfile, "%llu affected rows\n", mysql_affected_rows(&mysql));
         mysql_info(&mysql);
     }
     mysql_get_host_info(&mysql);
     mysql_get_proto_info(&mysql);
     mysql_get_server_info(&mysql);
     mysql_get_server_version(&mysql);
     mysql_dump_debug_info(&mysql);
     mysql_sqlstate(&mysql);
     mysql_stat(&mysql);

 out:
     mysql_close(&mysql);
     return 0;
 }
	#include <stdint.h>
	#include <stdlib.h>
	#include <stdio.h>
	#include <string>
	#include <iostream>
	#include <mysql.h>
	#include <mysql/client_plugin.h>
	#include <mysqld_error.h>
	#include "violite.h"

	using namespace std;
	FILE *logfile = NULL;

	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
	MYSQL mysql;
	long flags;
	bool opt_cleartext = true;
	unsigned int opt_ssl = SSL_MODE_DISABLED;
	MYSQL_RES *result;

	if (Size < sizeof(unsigned long)) {
	return 0;
	}
	if (logfile == NULL) {
	logfile = fopen("/dev/null", "w");
	}
	memcpy(&flags, Data + Size - sizeof(unsigned long), sizeof(unsigned long));
	mysql_init(&mysql);
	mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, &opt_cleartext);
	mysql_options(&mysql, MYSQL_OPT_SSL_MODE, &opt_ssl);
	mysql.options.protocol = MYSQL_PROTOCOL_FUZZ;
	// The fuzzing takes place on network data received from server
	sock_initfuzz(Data,Size - sizeof(unsigned long));
	if (!mysql_real_connect(&mysql, "localhost", "root", "root", "dbname", 0, NULL, flags)) {
	goto out;
	} else {
	fprintf(logfile, "The last inserted row id is: %llu\n", mysql_insert_id(&mysql));
	fprintf(logfile, "%llu affected rows\n", mysql_affected_rows(&mysql));
	mysql_info(&mysql);
	}

	mysql_query(&mysql, "CREATE DATABASE fuzzbase");
	if (mysql_query(&mysql, "SELECT * FROM CARS")) {
	goto out;
	}
	result = mysql_store_result(&mysql);
	if (result != NULL) {
	int num_fields = mysql_num_fields(result);
	MYSQL_FIELD *field;
	while((field = mysql_fetch_field(result))) {
	fprintf(logfile, "%s\n", field->name);
	}
	MYSQL_ROW row = mysql_fetch_row(result);
	unsigned long * lengths = mysql_fetch_lengths(result);
	while (row ) {
	for(int i = 0; i < num_fields; i++) {
	fprintf(logfile, "length %lu, %s\n", lengths[i], row[i] ? row[i] : "NULL");
	}
	row = mysql_fetch_row(result);
	}
	mysql_free_result(result);
	}
	result = mysql_list_dbs(&mysql, NULL);
	if (result) {
	mysql_free_result(result);
	}
	result = mysql_list_tables(&mysql, NULL);
	if (result) {
	mysql_free_result(result);
	}
	result = mysql_list_fields(&mysql, "sometable", NULL);
	if (result) {
	mysql_free_result(result);
	}
	result = mysql_list_processes(&mysql);
	if (result) {
	mysql_free_result(result);
	}
	mysql_ping(&mysql);

	if (mysql_change_user(&mysql, "user", "password", "new_database")) {
	goto out;
	}
	if (mysql_query(&mysql, "INSERT INTO Fuzzers(Name) VALUES('myfuzzer')") == 0) {
	fprintf(logfile, "The last inserted row id is: %llu\n", mysql_insert_id(&mysql));
	fprintf(logfile, "%llu affected rows\n", mysql_affected_rows(&mysql));
	mysql_info(&mysql);
	}
	mysql_get_host_info(&mysql);
	mysql_get_proto_info(&mysql);
	mysql_get_server_info(&mysql);
	mysql_get_server_version(&mysql);
	mysql_dump_debug_info(&mysql);
	mysql_sqlstate(&mysql);
	mysql_stat(&mysql);

	out:
	mysql_close(&mysql);
	return 0;
	}