Great! Thanks for the tip, I did get a bunch of garbage files that were written to the directory I was fuzzing from. What do you recommend doing instead? (I think I saw an sqlite_shell designed specifically for fuzzing somewhere on your site)
On Tue, Nov 17, 2015 at 3:20 PM, Richard Hipp <drh at sqlite.org> wrote: > On 11/17/15, Jonathan Metzman <jon.metzman at gmail.com> wrote: > > When fuzzing sqlite with American Fuzzy Lop, I believe I found the > > following bug in the sqlite shell: > > > > Thanks for the report. Joe has checked in a fix. > > Be careful about running AFL on the "sqlite3" command-line shell. AFL > might discover that it can run commands like: ".shell rm -rf ~" > -- > D. Richard Hipp > drh at sqlite.org > _______________________________________________ > sqlite-users mailing list > sqlite-users at mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users >
