Hi, Nice work. I took the latest release and ran the fuzzer again (without all the dictionary and special testcase stuff, may re-do that later). Uncovered two more issues, one in the statement parser causing an off-by-one read with the 2 byte input ".\": https://www.sqlite.org/cgi/src/info/e018f4bf1f27f783 And one in the parser of the database binary format itself: https://www.sqlite.org/cgi/src/info/f71053cf658b3260 (not sure if there is any plausible attack scenario) Both "only" invalid memory reads, so likely nothing to worry. Just a motivation for others to fuzz again, there may be more to find. Thanks also to Richard for fixing both issues very quickly. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@xxxxxxxxx GPG: BBB51E42
Attachment:
pgphBz3kOmQJN.pgp
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/