Hello; Even Rouault privately reported to Ubuntu Launchpad a bug in sqlite3 as shipped in Ubuntu 16.04 LTS (and possibly other releases, so far I've not tested the others). Valgrind reports multiple 1 byte invalid reads.
This bug was discovered by Google's clusterfuzz project when fuzzing GDAL. The currently-closed bugs are: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405 This apparently was fixed before 3.17. How should we proceed? I feel awkwardly out of place since clusterfuzz didn't report the bug to me but I do have a database and instructions to reproduce it. I'm guessing that probably the GDAL team would need help from the sqlite3 team to address the issue anyway. I'd rather not wait 90 days for the original clusterfuzz bug to be made public. I'm not subscribed to the list so I'd appreciate Cc:s on replies. Thanks
signature.asc
Description: PGP signature
_______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
