android13/external/oss-fuzz/projects/mysql-server/targets/fuzz_real_query.cc

#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <string>
#include <iostream>
#include <mysql.h>
#include <mysql/client_plugin.h>
#include <mysqld_error.h>
#include "violite.h"

using namespace std;
FILE *logfile = NULL;

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    MYSQL mysql;
    long flags;
    bool opt_cleartext = true;
    unsigned int opt_ssl = SSL_MODE_DISABLED;
    MYSQL_RES *result;

    if (Size < sizeof(unsigned long)) {
        return 0;
    }
    if (logfile == NULL) {
        logfile = fopen("/dev/null", "w");
    }
    memcpy(&flags, Data + Size - sizeof(unsigned long), sizeof(unsigned long));
    mysql_init(&mysql);
    mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, &opt_cleartext);
    mysql_options(&mysql, MYSQL_OPT_SSL_MODE, &opt_ssl);
    mysql.options.protocol = MYSQL_PROTOCOL_FUZZ;
    // The fuzzing takes place on network data received from server
    sock_initfuzz(Data,Size - sizeof(unsigned long));
    if (!mysql_real_connect(&mysql, "localhost", "root", "root", "dbname", 0, NULL, flags)) {
        goto out;
    } else {
        fprintf(logfile, "The last inserted row id is: %llu\n", mysql_insert_id(&mysql));
        fprintf(logfile, "%llu affected rows\n", mysql_affected_rows(&mysql));
        mysql_info(&mysql);
    }

    mysql_query(&mysql, "CREATE DATABASE fuzzbase");
    if (mysql_query(&mysql, "SELECT * FROM CARS")) {
        goto out;
    }
    result = mysql_store_result(&mysql);
    if (result != NULL) {
        int num_fields = mysql_num_fields(result);
        MYSQL_FIELD *field;
        while((field = mysql_fetch_field(result))) {
            fprintf(logfile, "%s\n", field->name);
        }
        MYSQL_ROW row = mysql_fetch_row(result);
        unsigned long * lengths = mysql_fetch_lengths(result);
        while (row ) {
            for(int i = 0; i < num_fields; i++) {
                fprintf(logfile, "length %lu, %s\n", lengths[i], row[i] ? row[i] : "NULL");
            }
            row = mysql_fetch_row(result);
        }
        mysql_free_result(result);
    }
    result = mysql_list_dbs(&mysql, NULL);
    if (result) {
        mysql_free_result(result);
    }
    result = mysql_list_tables(&mysql, NULL);
    if (result) {
        mysql_free_result(result);
    }
    result = mysql_list_fields(&mysql, "sometable", NULL);
    if (result) {
        mysql_free_result(result);
    }
    result = mysql_list_processes(&mysql);
    if (result) {
        mysql_free_result(result);
    }
    mysql_ping(&mysql);

    if (mysql_change_user(&mysql, "user", "password", "new_database")) {
        goto out;
    }
    if (mysql_query(&mysql, "INSERT INTO Fuzzers(Name) VALUES('myfuzzer')") == 0) {
        fprintf(logfile, "The last inserted row id is: %llu\n", mysql_insert_id(&mysql));
        fprintf(logfile, "%llu affected rows\n", mysql_affected_rows(&mysql));
        mysql_info(&mysql);
    }
    mysql_get_host_info(&mysql);
    mysql_get_proto_info(&mysql);
    mysql_get_server_info(&mysql);
    mysql_get_server_version(&mysql);
    mysql_dump_debug_info(&mysql);
    mysql_sqlstate(&mysql);
    mysql_stat(&mysql);

out:
    mysql_close(&mysql);
    return 0;
}