projects/mysql-server/targets/fuzz_stmt_fetch.cc - platform/external/oss-fuzz - Git at Google

 #include <stdint.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string>
 #include <iostream>
 #include <mysql.h>
 #include <mysql/client_plugin.h>
 #include <mysqld_error.h>
 #include "violite.h"

 using namespace std;

 #define STRING_SIZE 50

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     MYSQL mysql;
     MYSQL_BIND    bind[4];
     MYSQL_RES     *prepare_meta_result;
     MYSQL_TIME    ts;
     unsigned long length[4];
     int           column_count;
     short         small_data;
     int           int_data;
     char          str_data[STRING_SIZE];
     bool          is_null[4];
     bool          error[4];
     bool opt_cleartext = true;
     unsigned int opt_ssl = SSL_MODE_DISABLED;

     mysql_init(&mysql);
     mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, &opt_cleartext);
     mysql_options(&mysql, MYSQL_OPT_SSL_MODE, &opt_ssl);
     mysql.options.protocol = MYSQL_PROTOCOL_FUZZ;
     // The fuzzing takes place on network data received from server
     sock_initfuzz(Data,Size);
     if (!mysql_real_connect(&mysql,"localhost","root","root","",0,NULL,0))
     {
         return 0;
     }

     MYSQL_STMT *stmt = mysql_stmt_init(&mysql);
     if (!stmt)
     {
         mysql_stmt_close(stmt);
         mysql_close(&mysql);
         return 0;
     }
     if (mysql_stmt_prepare(stmt, "SELECT col1, col2, col3, col4 FROM Cars",(ulong)strlen("SELECT col1, col2, col3, col4 FROM Cars")))
     {
         mysql_stmt_close(stmt);
         mysql_close(&mysql);
         return 0;
     }
     prepare_meta_result = mysql_stmt_result_metadata(stmt);
     if (!prepare_meta_result)
     {
         mysql_stmt_close(stmt);
         mysql_close(&mysql);
         return 0;
     }

     if (mysql_stmt_execute(stmt))
     {
         mysql_stmt_close(stmt);
         mysql_close(&mysql);
         return 0;
     }
     column_count= mysql_num_fields(prepare_meta_result);
     memset(bind, 0, sizeof(bind));
     /* INTEGER COLUMN */
     bind[0].buffer_type= MYSQL_TYPE_LONG;
     bind[0].buffer= (char *)&int_data;
     bind[0].is_null= &is_null[0];
     bind[0].length= &length[0];
     bind[0].error= &error[0];

     /* STRING COLUMN */
     bind[1].buffer_type= MYSQL_TYPE_STRING;
     bind[1].buffer= (char *)str_data;
     bind[1].buffer_length= STRING_SIZE;
     bind[1].is_null= &is_null[1];
     bind[1].length= &length[1];
     bind[1].error= &error[1];

     /* SMALLINT COLUMN */
     bind[2].buffer_type= MYSQL_TYPE_SHORT;
     bind[2].buffer= (char *)&small_data;
     bind[2].is_null= &is_null[2];
     bind[2].length= &length[2];
     bind[2].error= &error[2];

     /* TIMESTAMP COLUMN */
     bind[3].buffer_type= MYSQL_TYPE_TIMESTAMP;
     bind[3].buffer= (char *)&ts;
     bind[3].is_null= &is_null[3];
     bind[3].length= &length[3];
     bind[3].error= &error[3];

     if (mysql_stmt_bind_result(stmt, bind))
     {
         mysql_free_result(prepare_meta_result);
         mysql_stmt_close(stmt);
         mysql_close(&mysql);
         return 0;
     }
     if (mysql_stmt_store_result(stmt))
     {
         mysql_free_result(prepare_meta_result);
         mysql_stmt_close(stmt);
         mysql_close(&mysql);
         return 0;
     }
     while (1) {
         int status = mysql_stmt_fetch(stmt);
         if (status == 1 || status == MYSQL_NO_DATA)
             break;
     }

     mysql_free_result(prepare_meta_result);
     mysql_stmt_close(stmt);
     mysql_close(&mysql);
     return 0;
 }
	#include <stdint.h>
	#include <stdlib.h>
	#include <stdio.h>
	#include <string>
	#include <iostream>
	#include <mysql.h>
	#include <mysql/client_plugin.h>
	#include <mysqld_error.h>
	#include "violite.h"

	using namespace std;

	#define STRING_SIZE 50

	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
	MYSQL mysql;
	MYSQL_BIND bind[4];
	MYSQL_RES *prepare_meta_result;
	MYSQL_TIME ts;
	unsigned long length[4];
	int column_count;
	short small_data;
	int int_data;
	char str_data[STRING_SIZE];
	bool is_null[4];
	bool error[4];
	bool opt_cleartext = true;
	unsigned int opt_ssl = SSL_MODE_DISABLED;

	mysql_init(&mysql);
	mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, &opt_cleartext);
	mysql_options(&mysql, MYSQL_OPT_SSL_MODE, &opt_ssl);
	mysql.options.protocol = MYSQL_PROTOCOL_FUZZ;
	// The fuzzing takes place on network data received from server
	sock_initfuzz(Data,Size);
	if (!mysql_real_connect(&mysql,"localhost","root","root","",0,NULL,0))
	{
	return 0;
	}

	MYSQL_STMT *stmt = mysql_stmt_init(&mysql);
	if (!stmt)
	{
	mysql_stmt_close(stmt);
	mysql_close(&mysql);
	return 0;
	}
	if (mysql_stmt_prepare(stmt, "SELECT col1, col2, col3, col4 FROM Cars",(ulong)strlen("SELECT col1, col2, col3, col4 FROM Cars")))
	{
	mysql_stmt_close(stmt);
	mysql_close(&mysql);
	return 0;
	}
	prepare_meta_result = mysql_stmt_result_metadata(stmt);
	if (!prepare_meta_result)
	{
	mysql_stmt_close(stmt);
	mysql_close(&mysql);
	return 0;
	}

	if (mysql_stmt_execute(stmt))
	{
	mysql_stmt_close(stmt);
	mysql_close(&mysql);
	return 0;
	}
	column_count= mysql_num_fields(prepare_meta_result);
	memset(bind, 0, sizeof(bind));
	/* INTEGER COLUMN */
	bind[0].buffer_type= MYSQL_TYPE_LONG;
	bind[0].buffer= (char *)&int_data;
	bind[0].is_null= &is_null[0];
	bind[0].length= &length[0];
	bind[0].error= &error[0];

	/* STRING COLUMN */
	bind[1].buffer_type= MYSQL_TYPE_STRING;
	bind[1].buffer= (char *)str_data;
	bind[1].buffer_length= STRING_SIZE;
	bind[1].is_null= &is_null[1];
	bind[1].length= &length[1];
	bind[1].error= &error[1];

	/* SMALLINT COLUMN */
	bind[2].buffer_type= MYSQL_TYPE_SHORT;
	bind[2].buffer= (char *)&small_data;
	bind[2].is_null= &is_null[2];
	bind[2].length= &length[2];
	bind[2].error= &error[2];

	/* TIMESTAMP COLUMN */
	bind[3].buffer_type= MYSQL_TYPE_TIMESTAMP;
	bind[3].buffer= (char *)&ts;
	bind[3].is_null= &is_null[3];
	bind[3].length= &length[3];
	bind[3].error= &error[3];

	if (mysql_stmt_bind_result(stmt, bind))
	{
	mysql_free_result(prepare_meta_result);
	mysql_stmt_close(stmt);
	mysql_close(&mysql);
	return 0;
	}
	if (mysql_stmt_store_result(stmt))
	{
	mysql_free_result(prepare_meta_result);
	mysql_stmt_close(stmt);
	mysql_close(&mysql);
	return 0;
	}
	while (1) {
	int status = mysql_stmt_fetch(stmt);
	if (status == 1 \|\| status == MYSQL_NO_DATA)
	break;
	}

	mysql_free_result(prepare_meta_result);
	mysql_stmt_close(stmt);
	mysql_close(&mysql);
	return 0;
	}