Fuzz testing would be extremely unlikely to have caught the original attack. Nor would fuzz testing on input be likely to hit all corrupt database attacks. Fuzz testing using fuzzed corrupted databases might.
On Thu., 20 Dec. 2018, 11:26 Jens Alfke <[email protected] wrote: > > > > On Dec 19, 2018, at 4:03 PM, Peter da Silva <[email protected]> wrote: > > > > sqlite is not immune to wandering through bad pointers, because code > > coverage tests don't test for malicious data.. > > Fuzz testing does, though [implicitly]. > > https://www.sqlite.org/testing.html#sql_fuzz_using_the_american_fuzzy_lop_fuzzer > > —Jens > _______________________________________________ > sqlite-users mailing list > [email protected] > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
