See also https://www.sqlite.org/src/info/db8d9af4d04ee862 where they are actively trying to improve afl's results by helping it a bit. :-)
On Sunday, April 19, 2015, jungle Boogie <[email protected]> wrote: > On 14 April 2015 at 11:33, Michal Zalewski <[email protected] > <javascript:;>> wrote: > > Because of its versatility, SQLite sometimes finds use as the > > mechanism behind SQL-style query APIs that are exposed between > > privileged execution contexts and less-trusted code. One example of > > this is the WebDB / WebSQL mechanism available in some browsers; in > > this setting, vulnerabilities in the SQLite parser can open up the > > platform to attacks. > > > > Anyway, long story short, I recently reported around 22 bugs in the > > query parser, including the use of uninitialized memory when parsing > > collation sequences: > > > Richard and the team certainly have been busy bees: > https://www.sqlite.org/src/timeline?n=152&y=ci&v=0&ym=2015-04&t=trunk > > And all commits by month: > https://www.sqlite.org/src/reports?view=bymonth&type=ci > > > > > > -- > ------- > inum: 883510009027723 > sip: [email protected] <javascript:;> > xmpp: [email protected] <javascript:;> > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
