summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch')
-rw-r--r--meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch28
1 files changed, 0 insertions, 28 deletions
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch
deleted file mode 100644
index 1b907b9d4d..0000000000
--- a/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Running fts5 prefix queries inside a transaction could trigger a heap-based
-buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an
-information leak.
-
-CVE: CVE-2019-9936
-Upstream-Status: Backport [https://sqlite.org/src/vpatch?from=45c73deb440496e8&to=b3fa58dd7403dbd4]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
----
- sqlite3.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/sqlite3.c b/sqlite3.c
-index 4729f45..65527d8 100644
---- a/sqlite3.c
-+++ b/sqlite3.c
-@@ -207759,7 +207759,9 @@ static int fts5HashEntrySort(
- for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
- Fts5HashEntry *pIter;
- for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
-- if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){
-+ if( pTerm==0
-+ || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm))
-+ ){
- Fts5HashEntry *pEntry = pIter;
- pEntry->pScanNext = 0;
- for(i=0; ap[i]; i++){
---
-2.20.1
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-11 14:17:37 +0000