On 21 Dec 2018, at 12:40am, Jens Alfke <j...@mooseyard.com> wrote: > From what I’ve read, it sounds like any code using FTS3 was vulnerable to > maliciously crafted SQL statements messing with the shadow tables.
Which would make it do what ? I can imagine "crash with a memory fault". I find it much harder to believe "execute code stored in the database". You would have to know a lot about a program to make it do that, and an attack aimed at one program/library (e.g. Chromium) wouldn't work on another with a different memory layout. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users