Re: [sqlite] sqlite3 interactive shell failed assertions and segmentation faults

2017-06-24 Thread Richard Hipp
Thanks for the report. Thanks to Simon for verifying that these are all associated with the command-line shell only and not with the SQLite core. Note to Ryan: Please make sure your fuzzer is running inside a sandbox, in case the fuzzer discovers pernicious dot-commands like ".sy rm -rf ~" On

Re: [sqlite] sqlite3 interactive shell failed assertions and segmentation faults

2017-06-23 Thread Simon Slavin
On 24 Jun 2017, at 2:29am, Ryan Whitworth wrote: > GDB backtrace details and input files can be found here: > https://github.com/rwhitworth/sqlite-fuzz/tree/master/2017-06-23-sqlite3. For those interested, all the faults found seem to concern dot commands. Here is an example command which wa

[sqlite] sqlite3 interactive shell failed assertions and segmentation faults

2017-06-23 Thread Ryan Whitworth
Hello all, I was using American Fuzzy Lop (afl-fuzz) to fuzz test stdin to the sqlite3 interactive shell. AFL found a few inputs that cause segmentation faults (mostly due to failed assertions, I think?). Is this sort of thing worth investigating further or a non-issue? GDB backtrace details an