On 11/19/19, Yongheng Chen <changoch...@gmail.com> wrote:
> Hi,
>
> This is Yongheng Chen from Gatech and Rui Zhong from PSU. We found 7 crashes
> for sqlite of the newest commit 3842e8f166e23a1ed6e6094105e7a23502d414da.
> We have attached the samples that crash sqlite in the email. FYI, we have
> also reported the bugs for CVE at cve.mitre.org <http://cve.mitre.org/>.
There were just two bugs, both related to the new (unreleased)
generated column feature. Both have now been fixed on trunk. Thank
you for the bug reports.
In as much as these problems have never appeared in a released version
of SQLite, I think a CVE would be inappropriate. But I don't really
understand CVEs so perhaps I am wrong.
Please consider following SQLite development on the official
source-code repository. You can see the latest changes here:
https://sqlite.org/src/timeline
If you click on any of the check-in hashes, that will take you to a
page that contains links to download tarballs and/or ZIP archives of
the latest code. Or you can use Fossil to clone the repository. See
https://www.sqlite.org/getthecode.html for additional information
about how to get the official SQLite source code.
The filenames of your test cases suggest that they were generated by
AFL. How did you find these issues? Do you have new and enhanced AFL
fuzzer, perhaps one in which you have replaced the default mutator
with an SQL-language generator? Can you tell us more about your new
fuzzer?
--
D. Richard Hipp
d...@sqlite.org
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
