Fix CVE-2019-19242 in SQLite

Task-number: QTBUG-80903
Change-Id: I78a72a574da5cf3503950afe47146ae6424f00c6
Reviewed-by: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>

1 files changed, 31 insertions, 0 deletions

diff --git a/src/3rdparty/sqlite/patches/0002-Fix-CVE-2019-19242-in-SQLite.patch b/src/3rdparty/sqlite/patches/0002-Fix-CVE-2019-19242-in-SQLite.patch
new file mode 100644
index 0000000000..92739192e4
--- /dev/null
+++ b/src/3rdparty/sqlite/patches/0002-Fix-CVE-2019-19242-in-SQLite.patch
@@ -0,0 +1,31 @@
+From 7905740b8e79479298e83d8e559fc49b46cf980e Mon Sep 17 00:00:00 2001
+From: Andy Shaw <andy.shaw@qt.io>
+Date: Thu, 19 Dec 2019 21:59:09 +0100
+Subject: [PATCH] Fix CVE-2019-19242 in SQLite
+
+Change-Id: I78a72a574da5cf3503950afe47146ae6424f00c6
+---
+ src/3rdparty/sqlite/sqlite3.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
+index bd647ca1c2..d3e0c065b6 100644
+--- a/src/3rdparty/sqlite/sqlite3.c
++++ b/src/3rdparty/sqlite/sqlite3.c
+@@ -101055,7 +101055,12 @@ expr_code_doover:
+         ** constant.
+         */
+         int iReg = sqlite3ExprCodeTarget(pParse, pExpr->pLeft,target);
+-        int aff = sqlite3TableColumnAffinity(pExpr->y.pTab, pExpr->iColumn);
++        int aff;
++        if( pExpr->y.pTab ){
++          aff = sqlite3TableColumnAffinity(pExpr->y.pTab, pExpr->iColumn);
++        }else{
++          aff = pExpr->affExpr;
++        }
+         if( aff>SQLITE_AFF_BLOB ){
+           static const char zAff[] = "B\000C\000D\000E";
+           assert( SQLITE_AFF_BLOB=='A' );
+-- 
+2.21.0 (Apple Git-122.2)
+