rk3588-game
/
android13
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
android13/external/oss-fuzz/projects/mysql-server/fix.diff

444 lines
13 KiB
Diff
Raw Blame History

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4a4bbfa72fa..0478561e66c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -688,6 +688,7 @@ IF(WITH_JEMALLOC AND (WITH_TCMALLOC OR WITH_TCMALLOC_DEBUG))
MESSAGE(FATAL_ERROR "Specify only *one* of WITH_TCMALLOC and WITH_JEMALLOC")
ENDIF()
+OPTION(FUZZING "Fuzzing" OFF)
OPTION(ENABLED_PROFILING "Enable profiling" ON)
OPTION(WITHOUT_SERVER OFF)
@@ -1804,6 +1805,10 @@ IF(NOT WITHOUT_SERVER AND WITH_UNIT_TESTS)
ENDIF()
ENDIF()
+IF (FUZZING)
+ ADD_SUBDIRECTORY(fuzz)
+ENDIF()
+
# scripts/mysql_config depends on client and server targets loaded above.
# It is referenced by some of the directories below, so we insert it here.
ADD_SUBDIRECTORY(scripts)
diff --git a/cmake/os/Linux.cmake b/cmake/os/Linux.cmake
index 0e25e8eb..3ae74839 100644
--- a/cmake/os/Linux.cmake
+++ b/cmake/os/Linux.cmake
@@ -103,7 +103,8 @@ IF(NOT WITH_ASAN AND
NOT WITH_LSAN AND
NOT WITH_MSAN AND
NOT WITH_TSAN AND
- NOT WITH_UBSAN)
+ NOT WITH_UBSAN AND
+ NOT FUZZING)
SET(LINK_FLAG_NO_UNDEFINED "-Wl,--no-undefined")
SET(LINK_FLAG_Z_DEFS "-z,defs")
ENDIF()
diff --git a/include/mysql.h b/include/mysql.h
index 4700d74b853..bdf9b765ffb 100644
--- a/include/mysql.h
+++ b/include/mysql.h
@@ -262,7 +262,8 @@ enum mysql_protocol_type {
MYSQL_PROTOCOL_TCP,
MYSQL_PROTOCOL_SOCKET,
MYSQL_PROTOCOL_PIPE,
- MYSQL_PROTOCOL_MEMORY
+ MYSQL_PROTOCOL_MEMORY,
+ MYSQL_PROTOCOL_FUZZ
};
enum mysql_ssl_mode {
diff --git a/include/mysql.h.pp b/include/mysql.h.pp
index 39ebd0fcb93..c041cc4690f 100644
--- a/include/mysql.h.pp
+++ b/include/mysql.h.pp
@@ -486,7 +486,8 @@ enum mysql_protocol_type {
MYSQL_PROTOCOL_TCP,
MYSQL_PROTOCOL_SOCKET,
MYSQL_PROTOCOL_PIPE,
- MYSQL_PROTOCOL_MEMORY
+ MYSQL_PROTOCOL_MEMORY,
+ MYSQL_PROTOCOL_FUZZ
};
enum mysql_ssl_mode {
SSL_MODE_DISABLED = 1,
diff --git a/include/violite.h b/include/violite.h
index a6ccd1a607d..8dc0d46dd7f 100644
--- a/include/violite.h
+++ b/include/violite.h
@@ -108,12 +108,14 @@ enum enum_vio_type : int {
*/
VIO_TYPE_PLUGIN = 7,
+ VIO_TYPE_FUZZ = 8,
+
FIRST_VIO_TYPE = VIO_TYPE_TCPIP,
/*
If a new type is added, please update LAST_VIO_TYPE. In addition, please
change get_vio_type_name() in vio/vio.c to return correct name for it.
*/
- LAST_VIO_TYPE = VIO_TYPE_PLUGIN
+ LAST_VIO_TYPE = VIO_TYPE_FUZZ
};
/**
@@ -444,4 +446,20 @@ struct Vio {
#define SSL_handle SSL *
+
+//Vio fuzzing
+bool vio_connect_fuzz(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len,
+ int timeout);
+int vio_socket_timeout_fuzz(Vio *vio, uint which, bool b);
+void sock_initfuzz(const uint8_t *Data, size_t Size);
+size_t vio_read_buff_fuzz(Vio *vio, uchar *buf, size_t size);
+size_t vio_write_buff_fuzz(Vio *vio, const uchar *buf, size_t size);
+bool vio_is_connected_fuzz(Vio *vio);
+bool vio_was_timeout_fuzz(Vio *vio);
+int vio_shutdown_fuzz(Vio *vio);
+int vio_keepalive_fuzz(Vio *vio, bool set_keep_alive);
+int vio_io_wait_fuzz(Vio *vio, enum enum_vio_io_event event, int timeout);
+int vio_fastsend_fuzz(Vio *vio);
+bool vio_should_retry_fuzz(Vio *vio);
+
#endif /* vio_violite_h_ */
diff --git a/libmysql/CMakeLists.txt b/libmysql/CMakeLists.txt
index 334d1b7d3ef..c37c5ad930e 100644
--- a/libmysql/CMakeLists.txt
+++ b/libmysql/CMakeLists.txt
@@ -345,11 +345,11 @@ IF(LINUX_STANDALONE AND KERBEROS_CUSTOM_LIBRARY)
ENDIF()
IF(UNIX)
- IF(LINK_FLAG_Z_DEFS)
+ IF(LINK_FLAG_Z_DEFS AND NOT FUZZING)
MY_TARGET_LINK_OPTIONS(libmysql "LINKER:${LINK_FLAG_Z_DEFS}")
ENDIF()
- IF(LINUX)
+ IF(LINUX AND NOT FUZZING)
CONFIGURE_FILE(libmysql.ver.in ${CMAKE_CURRENT_BINARY_DIR}/libmysql.ver)
MY_TARGET_LINK_OPTIONS(libmysql
"LINKER:--version-script=${CMAKE_CURRENT_BINARY_DIR}/libmysql.ver")
diff --git a/mysys/my_rnd.cc b/mysys/my_rnd.cc
index 2fc7820eaa3..248ea909db8 100644
--- a/mysys/my_rnd.cc
+++ b/mysys/my_rnd.cc
@@ -48,6 +48,9 @@
*/
double my_rnd(struct rand_struct *rand_st) {
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ return 65.43;
+#endif
rand_st->seed1 = (rand_st->seed1 * 3 + rand_st->seed2) % rand_st->max_value;
rand_st->seed2 = (rand_st->seed1 + rand_st->seed2 + 33) % rand_st->max_value;
return (((double)rand_st->seed1) / rand_st->max_value_dbl);
@@ -64,6 +67,12 @@ Fill a buffer with random bytes using the SSL library routines
*/
int my_rand_buffer(unsigned char *buffer, size_t buffer_size) {
int rc;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ for (size_t i = 0; i < buffer_size; i++)
+ buffer[i] = i;
+ return 0;
+#endif
+
rc = RAND_bytes(buffer, (int)buffer_size);
if (!rc) {
@@ -85,6 +94,9 @@ int my_rand_buffer(unsigned char *buffer, size_t buffer_size) {
double my_rnd_ssl(bool *failed) {
unsigned int res;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ return 34.56;
+#endif
if (my_rand_buffer((unsigned char *)&res, sizeof(res))) {
*failed = true;
return 0;
diff --git a/sql-common/client.cc b/sql-common/client.cc
index b8050f2b1a7..9a65178c5c4 100644
--- a/sql-common/client.cc
+++ b/sql-common/client.cc
@@ -5892,6 +5892,12 @@ static mysql_state_machine_status csm_begin_connect(mysql_async_connect *ctx) {
}
}
#endif /* _WIN32 */
+if (!net->vio &&
+ (mysql->options.protocol == MYSQL_PROTOCOL_FUZZ)) {
+ net->vio =
+ vio_new(0, VIO_TYPE_FUZZ, 0);
+ ctx->host_info = (char *)ER_CLIENT(CR_LOCALHOST_CONNECTION);
+}
#if defined(HAVE_SYS_UN_H)
if (!net->vio &&
(!mysql->options.protocol ||
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index 50b76e2fa75..871006c2d8f 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -6991,7 +6991,9 @@ int mysqld_main(int argc, char **argv)
keyring_lockable_init();
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
my_init_signals();
+#endif
size_t guardize = 0;
#ifndef _WIN32
@@ -7497,8 +7499,10 @@ int mysqld_main(int argc, char **argv)
unireg_abort(MYSQLD_ABORT_EXIT);
#ifndef _WIN32
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
// Start signal handler thread.
start_signal_handler();
+#endif
#endif
/* set all persistent options */
@@ -7543,8 +7547,9 @@ int mysqld_main(int argc, char **argv)
}
start_handle_manager();
-
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
create_compress_gtid_table_thread();
+#endif
LogEvent()
.type(LOG_TYPE_ERROR)
@@ -7591,6 +7596,10 @@ int mysqld_main(int argc, char **argv)
(void)RUN_HOOK(server_state, before_handle_connection, (nullptr));
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ return 0;
+#endif
+
#if defined(_WIN32)
if (mysqld_socket_acceptor != nullptr)
mysqld_socket_acceptor->check_and_spawn_admin_connection_handler_thread();
@@ -10500,6 +10509,9 @@ static int get_options(int *argc_ptr, char ***argv_ptr) {
if (opt_short_log_format) opt_specialflag |= SPECIAL_SHORT_LOG_FORMAT;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ Connection_handler_manager::thread_handling = Connection_handler_manager::SCHEDULER_NO_THREADS;
+#endif
if (Connection_handler_manager::init()) {
LogErr(ERROR_LEVEL, ER_CONNECTION_HANDLING_OOM);
return 1;
diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc
index 7ecc10961ac..5f13f94eb02 100644
--- a/storage/innobase/buf/buf0buf.cc
+++ b/storage/innobase/buf/buf0buf.cc
@@ -1476,18 +1476,14 @@ dberr_t buf_pool_init(ulint total_size, ulint n_instances) {
n = n_instances;
}
- std::vector<std::thread> threads;
-
std::mutex m;
for (ulint id = i; id < n; ++id) {
- threads.emplace_back(std::thread(buf_pool_create, &buf_pool_ptr[id], size,
- id, &m, std::ref(errs[id])));
+ buf_pool_create(&buf_pool_ptr[id], size,
+ id, &m, std::ref(errs[id]));
}
for (ulint id = i; id < n; ++id) {
- threads[id - i].join();
-
if (errs[id] != DB_SUCCESS) {
err = errs[id];
}
diff --git a/vio/CMakeLists.txt b/vio/CMakeLists.txt
index 35ab5f17f15..9b39bfdbdbf 100644
--- a/vio/CMakeLists.txt
+++ b/vio/CMakeLists.txt
@@ -27,6 +27,7 @@ SET(VIO_SOURCES
viosocket.cc
viossl.cc
viosslfactories.cc
+ viofuzz.cc
)
IF(WIN32)
diff --git a/vio/vio.cc b/vio/vio.cc
index 368c8d7b581..50c3231a8b0 100644
--- a/vio/vio.cc
+++ b/vio/vio.cc
@@ -284,6 +284,26 @@ static bool vio_init(Vio *vio, enum enum_vio_type type, my_socket sd,
vio->is_blocking_flag = true;
break;
+ case VIO_TYPE_FUZZ:
+ vio->viodelete = vio_delete;
+ vio->vioerrno = vio_errno;
+ vio->read = vio_read_buff_fuzz;
+ vio->write = vio_write_buff_fuzz;
+ vio->fastsend = vio_fastsend_fuzz;
+ vio->viokeepalive = vio_keepalive_fuzz;
+ vio->should_retry = vio_should_retry_fuzz;
+ vio->was_timeout = vio_was_timeout_fuzz;
+ vio->vioshutdown = vio_shutdown_fuzz;
+ vio->peer_addr = vio_peer_addr;
+ vio->timeout = vio_socket_timeout_fuzz;
+ vio->io_wait = vio_io_wait_fuzz;
+ vio->is_connected = vio_is_connected_fuzz;
+ vio->has_data = vio->read_buffer ? vio_buff_has_data : has_no_data;
+ vio->is_blocking = vio_is_blocking;
+ vio->set_blocking = vio_set_blocking;
+ vio->set_blocking_flag = vio_set_blocking_flag;
+ vio->is_blocking_flag = false;
+
default:
vio->viodelete = vio_delete;
vio->vioerrno = vio_errno;
@@ -568,7 +588,8 @@ static const vio_string vio_type_names[] = {{"", 0},
{STRING_WITH_LEN("SSL/TLS")},
{STRING_WITH_LEN("Shared Memory")},
{STRING_WITH_LEN("Internal")},
- {STRING_WITH_LEN("Plugin")}};
+ {STRING_WITH_LEN("Plugin")},
+ {STRING_WITH_LEN("Fuzz")}};
void get_vio_type_name(enum enum_vio_type vio_type, const char **str,
int *len) {
diff --git a/vio/viofuzz.cc b/vio/viofuzz.cc
new file mode 100644
index 00000000000..5b368d685cb
--- /dev/null
+++ b/vio/viofuzz.cc
@@ -0,0 +1,124 @@
+
+#include "my_config.h"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <time.h>
+#ifndef _WIN32
+#include <netdb.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "my_compiler.h"
+#include "my_dbug.h"
+#include "my_inttypes.h"
+#include "my_io.h"
+#include "my_macros.h"
+#include "vio/vio_priv.h"
+
+#ifdef FIONREAD_IN_SYS_FILIO
+#include <sys/filio.h>
+#endif
+#ifndef _WIN32
+#include <netinet/tcp.h>
+#endif
+#ifdef HAVE_POLL_H
+#include <poll.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+static const uint8_t *fuzzBuffer;
+static size_t fuzzSize;
+static size_t fuzzPos;
+
+
+void sock_initfuzz(const uint8_t *Data, size_t Size) {
+ fuzzPos = 0;
+ fuzzSize = Size;
+ fuzzBuffer = Data;
+}
+
+bool vio_connect_fuzz(Vio *vio, struct sockaddr *addr, socklen_t len,
+ int timeout) {
+ DBUG_ENTER("vio_socket_connect");
+
+ /* Only for socket-based transport types. */
+ //DBUG_ASSERT(vio->type == VIO_TYPE_SOCKET || vio->type == VIO_TYPE_TCPIP);
+
+ /* Initiate the connection. */
+ return 0;
+}
+
+
+int vio_socket_timeout_fuzz(Vio *vio, uint which, bool b) {
+ DBUG_ENTER("vio_socket_timeout_fuzz\n");
+ return 0;
+}
+
+
+size_t vio_read_buff_fuzz(Vio *vio, uchar *bufp, size_t size) {
+ DBUG_ENTER("vio_read_buff_fuzz.\n");
+ if (size > fuzzSize - fuzzPos) {
+ size = fuzzSize - fuzzPos;
+ }
+ if (fuzzPos < fuzzSize) {
+ memcpy(bufp, fuzzBuffer + fuzzPos, size);
+ }
+ fuzzPos += size;
+#ifdef FUZZ_DEBUG
+ printf("net cli %zu ", size);
+ for (size_t i=0; i<size; i++)
+ printf("%02x ", bufp[i]);
+ printf("\n");
+#endif //FUZZ_DEBUG
+ return size;
+}
+
+size_t vio_write_buff_fuzz(Vio *vio, const uchar *bufp, size_t size) {
+ DBUG_ENTER("vio_write_buff_fuzz\n");
+#ifdef FUZZ_DEBUG
+ printf("net srv %zu ", size);
+ for (size_t i=0; i<size; i++)
+ printf("%02x ", bufp[i]);
+ printf("\n");
+#endif //FUZZ_DEBUG
+ return size;
+}
+
+bool vio_is_connected_fuzz(Vio *vio) {
+ DBUG_ENTER("vio_is_connected_fuzz\n");
+ return (fuzzPos < fuzzSize);
+}
+
+bool vio_was_timeout_fuzz(Vio *vio) {
+ DBUG_ENTER("vio_was_timeout_fuzz\n");
+ return false;
+}
+
+int vio_shutdown_fuzz(Vio *vio) {
+ DBUG_ENTER("vio_shutdown_fuzz");
+ return 0;
+}
+
+int vio_keepalive_fuzz(Vio *vio, bool set_keep_alive) {
+ DBUG_ENTER("vio_keepalive_fuzz\n");
+ return 0;
+}
+int vio_io_wait_fuzz(Vio *vio, enum enum_vio_io_event event, int timeout) {
+ DBUG_ENTER("vio_io_wait_fuzz");
+ return 1;
+}
+
+int vio_fastsend_fuzz(Vio *vio) {
+ DBUG_ENTER("vio_fastsend_fuzz\n");
+ return 0;
+}
+
+bool vio_should_retry_fuzz(Vio *vio) {
+ DBUG_ENTER("vio_should_retry_fuzz\n");
+ return (fuzzPos < fuzzSize);
+}
Reference in New Issue View Git Blame Copy Permalink