Fuzz testing would be extremely unlikely to have caught the original attack. Nor would fuzz testing on input be likely to hit all corrupt database attacks. Fuzz testing using fuzzed corrupted databases might.
On Thu., 20 Dec. 2018, 11:26 Jens Alfke <j...@mooseyard.com wrote: > > > > On Dec 19, 2018, at 4:03 PM, Peter da Silva <res...@gmail.com> wrote: > > > > sqlite is not immune to wandering through bad pointers, because code > > coverage tests don't test for malicious data.. > > Fuzz testing does, though [implicitly]. > > https://www.sqlite.org/testing.html#sql_fuzz_using_the_american_fuzzy_lop_fuzzer > > —Jens > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users