Fix CVE-2019-19880 in SQLite

Fixes: QTBUG-81565 Change-Id: I6bf2364e696315e5262d1abfa2f0b6947f14a33b Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit f59ef938ce384b80819bcea660cf8626ff1789e7)
author: Andy Shaw <andy.shaw@qt.io> 2020-01-21 15:15:00 +0100
committer: Andy Shaw <andy.shaw@qt.io> 2020-01-24 05:54:04 +0000
commit: 3f31b643b16fbdb2d9859c44c917ebbab0080b72 (patch)
tree: aeb5ac40874930bce5dd2ef52df786f5197b89f4
parent: eb192256e74ba46e719fcadcb962592d19612f6e (diff)
2 files changed, 32 insertions, 0 deletions
diff --git a/src/3rdparty/sqlite/patches/0006-Fix-CVE-2019-19880-in-SQLite.patch b/src/3rdparty/sqlite/patches/0006-Fix-CVE-2019-19880-in-SQLite.patch
new file mode 100644
index 0000000000..fc1c6778c3
--- /dev/null
+++ b/src/3rdparty/sqlite/patches/0006-Fix-CVE-2019-19880-in-SQLite.patch
@@ -0,0 +1,30 @@
+From 423d82ac8c7c545e8eac6f70a3e5e92208b7d991 Mon Sep 17 00:00:00 2001
+From: Andy Shaw <andy.shaw@qt.io>
+Date: Tue, 21 Jan 2020 15:15:00 +0100
+Subject: [PATCH] Fix CVE-2019-19880 in SQLite
+
+Fixes: QTBUG-81565
+Change-Id: I6bf2364e696315e5262d1abfa2f0b6947f14a33b
+---
+ src/3rdparty/sqlite/sqlite3.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
+index d5b43857ad..cd1a4d5221 100644
+--- a/src/3rdparty/sqlite/sqlite3.c
++++ b/src/3rdparty/sqlite/sqlite3.c
+@@ -147620,9 +147620,11 @@ static ExprList *exprListAppendList(
+     int nInit = pList ? pList->nExpr : 0;
+     for(i=0; i<pAppend->nExpr; i++){
+       Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
++      assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
+       if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
+         pDup->op = TK_NULL;
+         pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
++        pDup->u.zToken = 0;
+       }
+       pList = sqlite3ExprListAppend(pParse, pList, pDup);
+       if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
+-- 
+2.21.0 (Apple Git-122.2)
+
diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
index d5b43857ad..cd1a4d5221 100644
--- a/src/3rdparty/sqlite/sqlite3.c
+++ b/src/3rdparty/sqlite/sqlite3.c
@@ -147620,9 +147620,11 @@ static ExprList *exprListAppendList(
     int nInit = pList ? pList->nExpr : 0;
     for(i=0; i<pAppend->nExpr; i++){
       Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
+      assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
       if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
         pDup->op = TK_NULL;
         pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
+        pDup->u.zToken = 0;
       }
       pList = sqlite3ExprListAppend(pParse, pList, pDup);
       if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
author	Andy Shaw <andy.shaw@qt.io>	2020-01-21 15:15:00 +0100
committer	Andy Shaw <andy.shaw@qt.io>	2020-01-24 05:54:04 +0000
commit	3f31b643b16fbdb2d9859c44c917ebbab0080b72 (patch)
tree	aeb5ac40874930bce5dd2ef52df786f5197b89f4
parent	eb192256e74ba46e719fcadcb962592d19612f6e (diff)