sqlite3: Heap-use-after-free in exprAnalyze

2016-11-20T07:57:42
ID OSSFUZZ-199
Type ossfuzz
Reporter Google
Modified 2019-03-04T16:56:33

Description

Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936

Target: sqlite3 Fuzzer: libFuzzer_sqlite3_ossfuzz Fuzzer binary: ossfuzz Job Type: libfuzzer_asan_sqlite3 Platform Id: linux

Crash Type: Heap-use-after-free READ 8 Crash Address: 0x619000000e30 Crash State: exprAnalyze sqlite3WhereExprAnalyze sqlite3WhereBegin

Recommended Security Severity: High

Regressed: https://clusterfuzz-external.appspot.com/revisions?job=libfuzzer_asan_sqlite3&range=201611111323:201611111330

Minimized Testcase (3.12 Kb): https://clusterfuzz-external.appspot.com/download/AMIfv97n6xNXaKvCT0MtnPQ6t_1HwR_8XiXMdKzSQeWFYtTAW67xqhG6lNWlmhTr4ZHU2EcLa08dnz4L-qDbCLQgDNH_Hnm9mJdtPLKREt0ZpRrZcE6dSPDIlfLNdiVnVbWDaxO2X8HicEq2yRAfiVkVsf0Bvi2NXzVuhorYjO1bUQPqIgyjph4?testcase_id=4603622180519936

Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.