Thanks for the report. Thanks to Simon for verifying that these are all associated with the command-line shell only and not with the SQLite core.
Note to Ryan: Please make sure your fuzzer is running inside a sandbox, in case the fuzzer discovers pernicious dot-commands like ".sy rm -rf ~" On 6/23/17, Ryan Whitworth <m...@ryanwhitworth.com> wrote: > Hello all, > > I was using American Fuzzy Lop (afl-fuzz) to fuzz test stdin to the sqlite3 > interactive shell. AFL found a few inputs that cause segmentation faults > (mostly due to failed assertions, I think?). Is this sort of thing worth > investigating further or a non-issue? > > GDB backtrace details and input files can be found here: > https://github.com/rwhitworth/sqlite-fuzz/tree/master/2017-06-23-sqlite3. > Tests can be re-run via 'sqlite3 -bail < id_filename' > > These inputs were found using a tarball download of the source from > 2017-05-31 and also reconfirmed against a download on 2017-06-23. > > Thanks for your time, > Ryan Whitworth > m...@ryanwhitworth.com > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
