diff options
| author | Andy Shaw <andy.shaw@qt.io> | 2019-12-11 10:51:22 +0100 |
|---|---|---|
| committer | Andy Shaw <andy.shaw@qt.io> | 2019-12-11 14:24:13 +0000 |
| commit | 277b8dde1ace28ea59f41e4f87d0291094106c74 (patch) | |
| tree | ad076338c303641504d8c4c25d69279d15a467f4 | |
| parent | 7110eb7ca14d7162d3ea4a9e00beef72473ed806 (diff) | |
Fix CVE-2019-19244 in SQLite
Fixes: QTBUG-80635
Change-Id: I718349e28ec76ea164dd50f2a985f2074dd6bdbd
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
(cherry picked from commit a7108ec6cfb6411e40a4012f3e6d3b5d5fb9631d)
| -rw-r--r-- | src/3rdparty/sqlite/patches/0001-Fix-CVE-2019-19244-in-SQLite.patch | 26 | ||||
| -rw-r--r-- | src/3rdparty/sqlite/sqlite3.c | 1 |
2 files changed, 27 insertions, 0 deletions
diff --git a/src/3rdparty/sqlite/patches/0001-Fix-CVE-2019-19244-in-SQLite.patch b/src/3rdparty/sqlite/patches/0001-Fix-CVE-2019-19244-in-SQLite.patch new file mode 100644 index 0000000000..9906292860 --- /dev/null +++ b/src/3rdparty/sqlite/patches/0001-Fix-CVE-2019-19244-in-SQLite.patch @@ -0,0 +1,26 @@ +From 676425e522e08eb0e7dfaacdac79a5de27542322 Mon Sep 17 00:00:00 2001 +From: Andy Shaw <andy.shaw@qt.io> +Date: Wed, 11 Dec 2019 10:51:22 +0100 +Subject: [PATCH 53/53] Fix CVE-2019-19244 in SQLite + +Fixes: QTBUG-80635 +Change-Id: I718349e28ec76ea164dd50f2a985f2074dd6bdbd +--- + src/3rdparty/sqlite/sqlite3.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c +index 8fd740b300..bd647ca1c2 100644 +--- a/src/3rdparty/sqlite/sqlite3.c ++++ b/src/3rdparty/sqlite/sqlite3.c +@@ -131679,6 +131679,7 @@ SQLITE_PRIVATE int sqlite3Select( + */ + if( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct + && sqlite3ExprListCompare(sSort.pOrderBy, pEList, -1)==0 ++ && p->pWin==0 + ){ + p->selFlags &= ~SF_Distinct; + pGroupBy = p->pGroupBy = sqlite3ExprListDup(db, pEList, 0); +-- +2.21.0 (Apple Git-122.2) + diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c index b3e6ae27b6..94118797bb 100644 --- a/src/3rdparty/sqlite/sqlite3.c +++ b/src/3rdparty/sqlite/sqlite3.c @@ -131143,6 +131143,7 @@ SQLITE_PRIVATE int sqlite3Select( */ if( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct && sqlite3ExprListCompare(sSort.pOrderBy, pEList, -1)==0 + && p->pWin==0 ){ p->selFlags &= ~SF_Distinct; pGroupBy = p->pGroupBy = sqlite3ExprListDup(db, pEList, 0); |