sqlite3 interactive shell failed assertions and segmentation faults
I was using American Fuzzy Lop (afl-fuzz) to fuzz test stdin to the sqlite3
interactive shell. AFL found a few inputs that cause segmentation faults
(mostly due to failed assertions, I think?). Is this sort of thing worth
investigating further or a non-issue?
For those interested, all the faults found seem to concern dot commands. Here is an example command which was found to cause problems:
.m i 000\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\0000\\00000000000000\\0\\\\\\\\\\\\\\\\\\\\\\\\\\\\0\\\\\\\\\\000000"0
The next two lines constitute another example:
.m i 0""""""""""0
I think it’s worth repeating that, as Ryan himself wrote, these faults were found in the SQLite command shell tool, not in SQLite itself. SQLite does not recognise the dot commands found here so it would not crash trying to process them. Although there’s an opportunity to examine the command-line shell here, those using the SQLite API should not be alarmed purely on the basis of this report.
> Hello all,
> I was using American Fuzzy Lop (afl-fuzz) to fuzz test stdin to the sqlite3
> interactive shell. AFL found a few inputs that cause segmentation faults
> (mostly due to failed assertions, I think?). Is this sort of thing worth
> investigating further or a non-issue?
> GDB backtrace details and input files can be found here:
> Tests can be re-run via 'sqlite3 -bail < id_filename'
> These inputs were found using a tarball download of the source from
> 2017-05-31 and also reconfirmed against a download on 2017-06-23.
> Thanks for your time,
> Ryan Whitworth
> [hidden email] > _______________________________________________
> sqlite-users mailing list
> [hidden email] > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users >