On samedi 1 juillet 2017 06:07:30 CEST Richard Hipp wrote: > I'm confused... > > Are you reporting that clusterfuzz found a bug in SQLite that was > fixed in version 3.17.0?
Seth, I can turn the Launchpad bug report as public if you wish. I marked it privately if Ubuntu felt it was better. I don't care that much about disclosing it publicly. Richard, yes. I bisected the issue (heap buffer overfow read on corrupted database, on a SELECT on a RTree) to a commit that appeared first in 3.17.0, but the commit doesn't explictly mention fixing a corruption issue. It looks like more a side effect. Ubuntu 16.04 ship with sqlite 3.11.0 . I managed to apply the patch corresponding to the commit on top of 3.11.0, and it fixed the issue in 3.11.0 as well, but I don't have the expertise to know if it is a safe backport. Even > > On 6/30/17, Seth Arnold <seth.arn...@canonical.com> wrote: > > Hello; Even Rouault privately reported to Ubuntu Launchpad a bug in > > sqlite3 as shipped in Ubuntu 16.04 LTS (and possibly other releases, > > so far I've not tested the others). Valgrind reports multiple 1 byte > > invalid reads. > > > > This bug was discovered by Google's clusterfuzz project when fuzzing GDAL. > > > > The currently-closed bugs are: > > https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 > > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405 > > > > This apparently was fixed before 3.17. > > > > How should we proceed? I feel awkwardly out of place since clusterfuzz > > didn't report the bug to me but I do have a database and instructions > > to reproduce it. I'm guessing that probably the GDAL team would need > > help from the sqlite3 team to address the issue anyway. I'd rather not > > wait 90 days for the original clusterfuzz bug to be made public. > > > > I'm not subscribed to the list so I'd appreciate Cc:s on replies. > > > > Thanks -- Spatialys - Geospatial professional services http://www.spatialys.com _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
