[sqlite] fuzzer-generated apparent ASAN violation (oob read)

One more find. Tested on 64-bit x86 Linux box, version 3.8.8.1. printf "create table t0(\211 DEFAULT(0=0)NOT/**/NULL);REPLACE into t0 select'';" >test.sql ./sqlite_asan http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] fuzzer-generated apparent ASAN violation (oob read)

> printf "create table t0(\211 DEFAULT(0=0)NOT/**/NULL);REPLACE into t0 > select'';" >test.sql Argh, line breaks. You can just grab this: wget http://lcamtuf.coredump.cx/afl/vulns/sqlite-oob-read.sql /mz ___ sqlite-users mailing list

[sqlite] crash in sqlite3MatchSpanName

Hey, Another afl-fuzz crash, looks like a straightforward NULL ptr deref, 3.8.8.1: -- snip! -- select e.*,0 from(s,(L))e; -- snip! -- #0 sqlite3MatchSpanName (zSpan=0x0, zCol=0x0, zTab=0x6dce30 "e", zDb=0x0) at sqlite3.c:80494 #1 0x0047413c in selectExpander (pWalker=0x0, p=0x0) at

[sqlite] a couple of crashing bugs from a fuzzer

Hey folks, I have been running afl-fuzz against sqlite and bumped in a bunch of bugs that seem to crash the sqlite3 binary (but do not seem to be a security problem, other than in the denial-of-service sense). There are four seemingly distinct patterns, with test cases included inline: --