diff options
author | ghassaneben <ghassanebb@gmail.com> | 2022-08-29 16:57:20 +0200 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2022-08-31 04:16:07 -1000 |
commit | fdc82b2314b580c0135c16b7278ebf8786311dec (patch) | |
tree | 086da13fb83e85017fd287f0d5b18965c56c9656 /meta/recipes-support | |
parent | 92f122e0c1a7589bec3b628474548aad7fe159b4 (diff) | |
download | openembedded-core-contrib-fdc82b2314b580c0135c16b7278ebf8786311dec.tar.gz |
sqlite: fix CVE-2022-35737
Increase the size of loop variables in the printf() implementation to avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737.
This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added in sqlite 3.39.2 (2022-07-21).
Signed-off-by: Ghassane Ben El Aattar <ghassaneb.aattar@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r-- | meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch b/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch new file mode 100644 index 0000000000..9e8f039ef6 --- /dev/null +++ b/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch @@ -0,0 +1,26 @@ +From ec75530b8d8268cb07d8e476d79e1b0e59492fa2 Mon Sep 17 00:00:00 2001 +From: drh +Date: Thu, 18 Aug 2022 15:10:46 +0200 +Subject: [PATCH] sqlite: Increase the size of loop variables in the printf() implementation + +Increase the size of loop variables in the printf() implementation to avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737. + +This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added in sqlite 3.39.2 (2022-07-21). + +Signed-off-by: Ghassane Ben El Aattar ghassaneb.aattar@huawei.com + +CVE: CVE-2022-35737 + +Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7] +--- + sqlite3.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index f867d62..490199a 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -30234,1 +30234,2 @@ static int vxprintf( +- int i, j, k, n, isnull; ++ i64 i, j, k, n; ++ int isnull; |