diff options
author | Andy Shaw <andy.shaw@qt.io> | 2020-01-21 15:15:00 +0100 |
---|---|---|
committer | Andy Shaw <andy.shaw@qt.io> | 2020-01-24 05:54:04 +0000 |
commit | 3f31b643b16fbdb2d9859c44c917ebbab0080b72 (patch) | |
tree | aeb5ac40874930bce5dd2ef52df786f5197b89f4 | |
parent | eb192256e74ba46e719fcadcb962592d19612f6e (diff) |
Fix CVE-2019-19880 in SQLite
Fixes: QTBUG-81565
Change-Id: I6bf2364e696315e5262d1abfa2f0b6947f14a33b
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit f59ef938ce384b80819bcea660cf8626ff1789e7)
-rw-r--r-- | src/3rdparty/sqlite/patches/0006-Fix-CVE-2019-19880-in-SQLite.patch | 30 | ||||
-rw-r--r-- | src/3rdparty/sqlite/sqlite3.c | 2 |
2 files changed, 32 insertions, 0 deletions
diff --git a/src/3rdparty/sqlite/patches/0006-Fix-CVE-2019-19880-in-SQLite.patch b/src/3rdparty/sqlite/patches/0006-Fix-CVE-2019-19880-in-SQLite.patch new file mode 100644 index 0000000000..fc1c6778c3 --- /dev/null +++ b/src/3rdparty/sqlite/patches/0006-Fix-CVE-2019-19880-in-SQLite.patch @@ -0,0 +1,30 @@ +From 423d82ac8c7c545e8eac6f70a3e5e92208b7d991 Mon Sep 17 00:00:00 2001 +From: Andy Shaw <andy.shaw@qt.io> +Date: Tue, 21 Jan 2020 15:15:00 +0100 +Subject: [PATCH] Fix CVE-2019-19880 in SQLite + +Fixes: QTBUG-81565 +Change-Id: I6bf2364e696315e5262d1abfa2f0b6947f14a33b +--- + src/3rdparty/sqlite/sqlite3.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c +index d5b43857ad..cd1a4d5221 100644 +--- a/src/3rdparty/sqlite/sqlite3.c ++++ b/src/3rdparty/sqlite/sqlite3.c +@@ -147620,9 +147620,11 @@ static ExprList *exprListAppendList( + int nInit = pList ? pList->nExpr : 0; + for(i=0; i<pAppend->nExpr; i++){ + Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0); ++ assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) ); + if( bIntToNull && pDup && pDup->op==TK_INTEGER ){ + pDup->op = TK_NULL; + pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse); ++ pDup->u.zToken = 0; + } + pList = sqlite3ExprListAppend(pParse, pList, pDup); + if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags; +-- +2.21.0 (Apple Git-122.2) + diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c index d5b43857ad..cd1a4d5221 100644 --- a/src/3rdparty/sqlite/sqlite3.c +++ b/src/3rdparty/sqlite/sqlite3.c @@ -147620,9 +147620,11 @@ static ExprList *exprListAppendList( int nInit = pList ? pList->nExpr : 0; for(i=0; i<pAppend->nExpr; i++){ Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0); + assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) ); if( bIntToNull && pDup && pDup->op==TK_INTEGER ){ pDup->op = TK_NULL; pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse); + pDup->u.zToken = 0; } pList = sqlite3ExprListAppend(pParse, pList, pDup); if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags; |