summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLi Wang <li.wang@windriver.com>2020-11-19 10:20:40 +0000
committerAnuj Mittal <anuj.mittal@intel.com>2020-11-23 14:11:58 +0800
commitf7ee7cda57fdf17fdc92c528f6960daca0b7ce37 (patch)
tree66ffe9579d1f0fac963a437f833bf85806ef0bfa
parent60b61942c34e1db237d466c406e25d0f36f5066d (diff)
downloadopenembedded-core-contrib-f7ee7cda57fdf17fdc92c528f6960daca0b7ce37.tar.gz
sqlite3: CVE-2020-13632
backport patch from: https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730 Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat
-rw-r--r--meta/recipes-support/sqlite/sqlite3/CVE-2020-13632.patch32
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.29.0.bb1
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2020-13632.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2020-13632.patch
new file mode 100644
index 0000000000..7af5e91c4c
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2020-13632.patch
@@ -0,0 +1,32 @@
+From 219b8e7e7587df8669d96ce867cdd61ca1c05730 Mon Sep 17 00:00:00 2001
+From: drh <drh@noemail.net>
+Date: Thu, 14 May 2020 23:59:24 +0000
+Subject: [PATCH] Fix a null pointer deference that can occur on a strange
+ matchinfo() query.
+
+FossilOrigin-Name: a4dd148928ea65bd4e1654dfacc3d8057d1f85b8c9939416991d50722e5a720e
+
+Upstream-Status: Backport
+CVE: CVE-2020-13632
+[https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730]
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ sqlite3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index fd28360..ee455e5 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -177622,7 +177622,7 @@ static int fts3ExprLHits(
+ iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
+ }
+
+- while( 1 ){
++ if( pIter ) while( 1 ){
+ int nHit = fts3ColumnlistCount(&pIter);
+ if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){
+ if( p->flag==FTS3_MATCHINFO_LHITS ){
+--
+2.17.1
+
diff --git a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
index 95e1174b07..425612bf12 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2019-19959.patch \
file://CVE-2019-20218.patch \
file://CVE-2020-11655.patch \
+ file://CVE-2020-13632.patch \
"
SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc"
SRC_URI[sha256sum] = "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-19 09:03:32 +0000