On 1/22/15, Michal Zalewski <[email protected]> wrote: > Hey, > > Another afl-fuzz crash, looks like a straightforward NULL ptr deref, > 3.8.8.1: > > -- snip! -- > select e.*,0 from(s,(L))e; > -- snip! --
Thanks for the bug report. The fix is at https://www.sqlite.org/src/info/9e6eae660a0230 and the trouble-ticket is at https://www.sqlite.org/src/info/32b63d542433ca67 > > #0 sqlite3MatchSpanName (zSpan=0x0, zCol=0x0, zTab=0x6dce30 "e", > zDb=0x0) at sqlite3.c:80494 > #1 0x000000000047413c in selectExpander (pWalker=0x0, p=0x0) at > sqlite3.c:109581 > #2 0x000000000041d28d in sqlite3WalkSelect (pWalker=0x7fffffffc230, > p=<optimized out>) at sqlite3.c:80307 > #3 0x0000000000424405 in sqlite3SelectExpand (pSelect=<optimized > out>, pParse=<optimized out>) at sqlite3.c:109707 > #4 sqlite3SelectPrep (pParse=0x0, p=0x0, pOuterNC=0x6dce30) at > sqlite3.c:44257 > #5 0x000000000045afcd in sqlite3Select (pParse=0x0, p=0x0, > pDest=0x6dce30) at sqlite3.c:110036 > #6 0x000000000048344d in yy_reduce (yyruleno=<optimized out>, > yypParser=<optimized out>) at sqlite3.c:124023 > #7 sqlite3Parser (yyp=0x6dd318, yymajor=0, yyminor=..., > pParse=0x6dbbe8, pParse@entry=0x6dd078) at sqlite3.c:59579 > ... > > /mz > _______________________________________________ > sqlite-users mailing list > [email protected] > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > -- D. Richard Hipp [email protected] _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
