blob: 27d81d42d960d4d237e533db87a5dc9cbf05d27e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
From: drh <drh@noemail.net>
Date: Thu, 20 Feb 2020 14:08:51 +0000
Subject: [PATCH] Early-out on the INTERSECT query processing following an
error.
Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
CVE: CVE-2020-35525
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
---
Index: sqlite-autoconf-3310100/sqlite3.c
===================================================================
--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
@@ -130767,6 +130767,7 @@ static int multiSelect(
/* Generate code to take the intersection of the two temporary
** tables.
*/
+ if( rc ) break;
assert( p->pEList );
iBreak = sqlite3VdbeMakeLabel(pParse);
iCont = sqlite3VdbeMakeLabel(pParse);
|