[sqlite] crash in sqlite3MatchSpanName

Michal Zalewski Thu, 22 Jan 2015 03:12:08 -0800

Hey,

Another afl-fuzz crash, looks like a straightforward NULL ptr deref, 3.8.8.1:


-- snip! --
select e.*,0 from(s,(L))e;
-- snip! --

#0  sqlite3MatchSpanName (zSpan=0x0, zCol=0x0, zTab=0x6dce30 "e",
zDb=0x0) at sqlite3.c:80494
#1  0x000000000047413c in selectExpander (pWalker=0x0, p=0x0) at
sqlite3.c:109581
#2  0x000000000041d28d in sqlite3WalkSelect (pWalker=0x7fffffffc230,
p=<optimized out>) at sqlite3.c:80307
#3  0x0000000000424405 in sqlite3SelectExpand (pSelect=<optimized
out>, pParse=<optimized out>) at sqlite3.c:109707
#4  sqlite3SelectPrep (pParse=0x0, p=0x0, pOuterNC=0x6dce30) at sqlite3.c:44257
#5  0x000000000045afcd in sqlite3Select (pParse=0x0, p=0x0,
pDest=0x6dce30) at sqlite3.c:110036
#6  0x000000000048344d in yy_reduce (yyruleno=<optimized out>,
yypParser=<optimized out>) at sqlite3.c:124023
#7  sqlite3Parser (yyp=0x6dd318, yymajor=0, yyminor=...,
pParse=0x6dbbe8, pParse@entry=0x6dd078) at sqlite3.c:59579
...

/mz
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] crash in sqlite3MatchSpanName

Reply via email to