diff options
| author |   Qi.Chen@windriver.com <Qi.Chen@windriver.com> | 2020-02-21 23:56:23 +0200 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2020-03-08 09:17:58 -0700 |
| commit | 8d663da7e5fad8dd936fbefeba67db6e0e356975 (patch) | |
| tree | 10c8b8f88d3df0baff61efa5584bc20da1cbf18d | |
| parent | 5aa78e651ddef8a19768fa713993568cd3cc2a13 (diff) | |
| download | openembedded-core-contrib-8d663da7e5fad8dd936fbefeba67db6e0e356975.tar.gz | |
sqlite3: fix CVE-2019-16168
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch | 40 | ||||
| -rw-r--r-- | meta/recipes-support/sqlite/sqlite3_3.27.2.bb | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch new file mode 100644 index 0000000000..7c4a65b3cd --- /dev/null +++ b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch @@ -0,0 +1,40 @@ +From fcf06b0b426e6c243d6ca2d6c6a02830717ab6a3 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Tue, 15 Oct 2019 13:22:52 +0800 +Subject: [PATCH] Fix CVE-2019-16168 + +CVE: CVE-2019-16168 + +Upstream-Status: Backport [https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + sqlite3.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 61bfdeb..b3e6ae2 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -105933,7 +105933,9 @@ static void decodeIntArray( + if( sqlite3_strglob("unordered*", z)==0 ){ + pIndex->bUnordered = 1; + }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){ +- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3)); ++ int sz = sqlite3Atoi(z+3); ++ if( sz<2 ) sz = 2; ++ pIndex->szIdxRow = sqlite3LogEst(sz); + }else if( sqlite3_strglob("noskipscan*", z)==0 ){ + pIndex->noSkipScan = 1; + } +@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex( + ** it to pNew->rRun, which is currently set to the cost of the index + ** seek only. Then, if this is a non-covering index, add the cost of + ** visiting the rows in the main table. */ ++ assert( pSrc->pTab->szTabRow>0 ); + rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow; + pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx); + if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){ +-- +2.17.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb index 4bdb04f4d1..2888a56ee9 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb @@ -7,6 +7,7 @@ SRC_URI = "\ http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2019-9936.patch \ file://CVE-2019-9937.patch \ + file://0001-Fix-CVE-2019-16168.patch \ " SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0" |