Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: several issues in SQLite (+ catching up on several other bugs)

From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 19 Apr 2015 20:23:05 -0400
On Sun, Apr 19, 2015 at 8:08 PM, Michal Zalewski <lcamtuf () coredump cx> wrote:

Richard and the team certainly have been busy bees:
https://www.sqlite.org/src/timeline?n=152&y=ci&v=0&ym=2015-04&t=trunk


Yup. In addition to the crashes, I also sent them probably around
50-60 assert failures in debug builds, at their request. Most of them
are probably not security relevant, although it would be painful to
analyze them one by one. Nevertheless, the team is extremely
responsive (even over weekends :-).


Clang and its analyzers found a number of issues a couple of years
ago. As far as I know, the results were dismissed. See "Clang 3.3 and
Scan-Build results",
http://sqlite.1065341.n5.nabble.com/Clang-3-3-and-Scan-Build-results-td73386.html.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: