meta/recipes-support/sqlite/files/CVE-2020-35525.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

From: drh <drh@noemail.net>
Date: Thu, 20 Feb 2020 14:08:51 +0000
Subject: [PATCH] Early-out on the INTERSECT query processing following an
 error.

Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
CVE: CVE-2020-35525
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
---
Index: sqlite-autoconf-3310100/sqlite3.c
===================================================================
--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
@@ -130767,6 +130767,7 @@ static int multiSelect(
         /* Generate code to take the intersection of the two temporary
         ** tables.
         */
+        if( rc ) break;
         assert( p->pEList );
         iBreak = sqlite3VdbeMakeLabel(pParse);
         iCont = sqlite3VdbeMakeLabel(pParse);