]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 582f253)
sqlite3: fix CVE-2020-13632
authorSteve Sakoman <steve@sakoman.com>
Wed, 4 Nov 2020 17:00:34 +0000 (07:00 -1000)
committerSteve Sakoman <steve@sakoman.com>
Thu, 5 Nov 2020 14:07:15 +0000 (04:07 -1000)
CVE: CVE-2020-13632

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13632

Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-support/sqlite/files/CVE-2020-13632.patch [new file with mode: 0644] patch | blob
meta/recipes-support/sqlite/sqlite3_3.31.1.bb patch | blob | history

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13632.patch b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch
new file mode 100644 (file)
index 0000000..c28bf10
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch
@@ -0,0 +1,34 @@
+From 219b8e7e7587df8669d96ce867cdd61ca1c05730 Mon Sep 17 00:00:00 2001
+From: drh <drh@noemail.net>
+Date: Thu, 14 May 2020 23:59:24 +0000
+Subject: [PATCH] Fix a null pointer deference that can occur on a strange
+ matchinfo() query.
+
+FossilOrigin-Name: a4dd148928ea65bd4e1654dfacc3d8057d1f85b8c9939416991d50722e5a720e
+
+Upstream-Status: Backport
+CVE: CVE-2020-13632
+
+Reference to upstream patch:
+https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730
+
+Patch converted to amalgamation format
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ sqlite3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 282e106..5ae8c8b 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -181820,7 +181820,7 @@ static int fts3ExprLHits(
+     iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
+   }
+-  while( 1 ){
++  if( pIter ) while( 1 ){
+     int nHit = fts3ColumnlistCount(&pIter);
+     if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){
+       if( p->flag==FTS3_MATCHINFO_LHITS ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index 5d45d1f1ab8042aeef5d6dab5fb94f0340d23762..c289affd6081e95c47ed770e2c6c6d1e7f3ede79 100644 (file)
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
            file://CVE-2020-13435.patch \
            file://CVE-2020-13630.patch \
            file://CVE-2020-13631.patch \
+           file://CVE-2020-13632.patch \
            "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
Mirror of the official openembedded-core repository