On 21 Dec 2018, at 12:40am, Jens Alfke <[email protected]> wrote: > From what I’ve read, it sounds like any code using FTS3 was vulnerable to > maliciously crafted SQL statements messing with the shadow tables.
Which would make it do what ? I can imagine "crash with a memory fault". I find it much harder to believe "execute code stored in the database". You would have to know a lot about a program to make it do that, and an attack aimed at one program/library (e.g. Chromium) wouldn't work on another with a different memory layout. Simon. _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
