apunkt/sqlite-vec
1
0
Fork 0
mirror of https://github.com/asg017/sqlite-vec.git synced 2026-04-25 00:36:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix remaining fuzzer issues: leaks and macOS SDK headers

Browse source 
sqlite-vec.c:
- vec0_free: add loops to free partition, auxiliary, and metadata
  column names (previously leaked on error paths)
- vec0_init: update pNew->numXxxColumns incrementally in the parse
  loop so vec0_free sees correct counts on early goto-error paths
  (previously the counts were only written after the loop, so vec0_free
  would loop 0 times and leak names allocated inside the loop)

fuzz.yaml:
- macOS: pass -isysroot $(xcrun --sdk macosx --show-sdk-path) so
  Xcode clang can find system headers (stdio.h, assert.h, etc.)
- Fix artifact upload paths: libFuzzer writes crash-*/leak-* to
  the cwd (repo root), not tests/fuzz/

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Alex Garcia 2026-03-03 17:35:41 -08:00
parent e4b1e264b5
commit d04e2aeda1
2 changed files with 27 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/fuzz.yaml vendored
View file

@ -55,9 +55,9 @@ jobs:
with: with:
name: fuzz-crashes-linux name: fuzz-crashes-linux
path: | path: |
tests/fuzz/crash-* crash-*
tests/fuzz/leak-* leak-*
tests/fuzz/timeout-* timeout-*
fuzz-macos: fuzz-macos:
runs-on: macos-14 runs-on: macos-14
@ -70,9 +70,10 @@ jobs:
run: make sqlite-vec.h run: make sqlite-vec.h
- name: Build fuzz targets - name: Build fuzz targets
run: | run: |
SDK=$(xcrun --sdk macosx --show-sdk-path)
make -C tests/fuzz all \ make -C tests/fuzz all \
FUZZ_CC=$(xcrun -f clang) \ FUZZ_CC=$(xcrun -f clang) \
FUZZ_LDFLAGS="" FUZZ_LDFLAGS="-isysroot $SDK"
- name: Run fuzz targets - name: Run fuzz targets
run: | run: |
DURATION=${{ github.event.inputs.duration || '60' }} DURATION=${{ github.event.inputs.duration || '60' }}
@ -100,9 +101,9 @@ jobs:
with: with:
name: fuzz-crashes-macos name: fuzz-crashes-macos
path: | path: |
tests/fuzz/crash-* crash-*
tests/fuzz/leak-* leak-*
tests/fuzz/timeout-* timeout-*
fuzz-windows: fuzz-windows:
# Best-effort: libFuzzer works on Windows via LLVM but ASAN/UBSAN # Best-effort: libFuzzer works on Windows via LLVM but ASAN/UBSAN

19
sqlite-vec.c
View file

@ -3659,6 +3659,21 @@ void vec0_free(vec0_vtab *p) {
sqlite3_free(p->vector_columns[i].name); sqlite3_free(p->vector_columns[i].name);
p->vector_columns[i].name = NULL; p->vector_columns[i].name = NULL;
} }
for (int i = 0; i < p->numPartitionColumns; i++) {
sqlite3_free(p->paritition_columns[i].name);
p->paritition_columns[i].name = NULL;
}
for (int i = 0; i < p->numAuxiliaryColumns; i++) {
sqlite3_free(p->auxiliary_columns[i].name);
p->auxiliary_columns[i].name = NULL;
}
for (int i = 0; i < p->numMetadataColumns; i++) {
sqlite3_free(p->metadata_columns[i].name);
p->metadata_columns[i].name = NULL;
}
} }
int vec0_num_defined_user_columns(vec0_vtab *p) { int vec0_num_defined_user_columns(vec0_vtab *p) {
@ -4742,6 +4757,7 @@ static int vec0_init(sqlite3 *db, void *pAux, int argc, const char *const *argv,
pNew->user_column_idxs[user_column_idx] = numVectorColumns; pNew->user_column_idxs[user_column_idx] = numVectorColumns;
memcpy(&pNew->vector_columns[numVectorColumns], &vecColumn, sizeof(vecColumn)); memcpy(&pNew->vector_columns[numVectorColumns], &vecColumn, sizeof(vecColumn));
numVectorColumns++; numVectorColumns++;
pNew->numVectorColumns = numVectorColumns;
user_column_idx++; user_column_idx++;
continue; continue;
@ -4770,6 +4786,7 @@ static int vec0_init(sqlite3 *db, void *pAux, int argc, const char *const *argv,
pNew->user_column_idxs[user_column_idx] = numPartitionColumns; pNew->user_column_idxs[user_column_idx] = numPartitionColumns;
memcpy(&pNew->paritition_columns[numPartitionColumns], &partitionColumn, sizeof(partitionColumn)); memcpy(&pNew->paritition_columns[numPartitionColumns], &partitionColumn, sizeof(partitionColumn));
numPartitionColumns++; numPartitionColumns++;
pNew->numPartitionColumns = numPartitionColumns;
user_column_idx++; user_column_idx++;
continue; continue;
} }
@ -4815,6 +4832,7 @@ static int vec0_init(sqlite3 *db, void *pAux, int argc, const char *const *argv,
pNew->user_column_idxs[user_column_idx] = numAuxiliaryColumns; pNew->user_column_idxs[user_column_idx] = numAuxiliaryColumns;
memcpy(&pNew->auxiliary_columns[numAuxiliaryColumns], &auxColumn, sizeof(auxColumn)); memcpy(&pNew->auxiliary_columns[numAuxiliaryColumns], &auxColumn, sizeof(auxColumn));
numAuxiliaryColumns++; numAuxiliaryColumns++;
pNew->numAuxiliaryColumns = numAuxiliaryColumns;
user_column_idx++; user_column_idx++;
continue; continue;
} }
@ -4842,6 +4860,7 @@ static int vec0_init(sqlite3 *db, void *pAux, int argc, const char *const *argv,
pNew->user_column_idxs[user_column_idx] = numMetadataColumns; pNew->user_column_idxs[user_column_idx] = numMetadataColumns;
memcpy(&pNew->metadata_columns[numMetadataColumns], &metadataColumn, sizeof(metadataColumn)); memcpy(&pNew->metadata_columns[numMetadataColumns], &metadataColumn, sizeof(metadataColumn));
numMetadataColumns++; numMetadataColumns++;
pNew->numMetadataColumns = numMetadataColumns;
user_column_idx++; user_column_idx++;
continue; continue;
} }