diff options
| author | Andy Shaw <andy.shaw@qt.io> | 2019-12-19 21:59:09 +0100 |
|---|---|---|
| committer | Andy Shaw <andy.shaw@qt.io> | 2020-01-10 08:03:46 +0100 |
| commit | 440a6ac65fb8fc01df9cab472ef0e8ee0ebfa07b (patch) | |
| tree | 6cec4f1b5f9d0572884a89f875cc7f151a8fc914 /src | |
| parent | ed54545d0db2eb69fbbbce2e60b9a9c0f9e87e29 (diff) | |
Fix CVE-2019-19242 in SQLite
Task-number: QTBUG-80903
Change-Id: I78a72a574da5cf3503950afe47146ae6424f00c6
Reviewed-by: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit dcef0b96eef04c4e17c2e51ea71aea1f78625864)
Diffstat (limited to 'src')
| -rw-r--r-- | src/3rdparty/sqlite/patches/0002-Fix-CVE-2019-19242-in-SQLite.patch | 31 | ||||
| -rw-r--r-- | src/3rdparty/sqlite/sqlite3.c | 7 |
2 files changed, 37 insertions, 1 deletions
diff --git a/src/3rdparty/sqlite/patches/0002-Fix-CVE-2019-19242-in-SQLite.patch b/src/3rdparty/sqlite/patches/0002-Fix-CVE-2019-19242-in-SQLite.patch new file mode 100644 index 0000000000..92739192e4 --- /dev/null +++ b/src/3rdparty/sqlite/patches/0002-Fix-CVE-2019-19242-in-SQLite.patch @@ -0,0 +1,31 @@ +From 7905740b8e79479298e83d8e559fc49b46cf980e Mon Sep 17 00:00:00 2001 +From: Andy Shaw <andy.shaw@qt.io> +Date: Thu, 19 Dec 2019 21:59:09 +0100 +Subject: [PATCH] Fix CVE-2019-19242 in SQLite + +Change-Id: I78a72a574da5cf3503950afe47146ae6424f00c6 +--- + src/3rdparty/sqlite/sqlite3.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c +index bd647ca1c2..d3e0c065b6 100644 +--- a/src/3rdparty/sqlite/sqlite3.c ++++ b/src/3rdparty/sqlite/sqlite3.c +@@ -101055,7 +101055,12 @@ expr_code_doover: + ** constant. + */ + int iReg = sqlite3ExprCodeTarget(pParse, pExpr->pLeft,target); +- int aff = sqlite3TableColumnAffinity(pExpr->y.pTab, pExpr->iColumn); ++ int aff; ++ if( pExpr->y.pTab ){ ++ aff = sqlite3TableColumnAffinity(pExpr->y.pTab, pExpr->iColumn); ++ }else{ ++ aff = pExpr->affExpr; ++ } + if( aff>SQLITE_AFF_BLOB ){ + static const char zAff[] = "B\000C\000D\000E"; + assert( SQLITE_AFF_BLOB=='A' ); +-- +2.21.0 (Apple Git-122.2) + diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c index bd647ca1c2..d3e0c065b6 100644 --- a/src/3rdparty/sqlite/sqlite3.c +++ b/src/3rdparty/sqlite/sqlite3.c @@ -101055,7 +101055,12 @@ expr_code_doover: ** constant. */ int iReg = sqlite3ExprCodeTarget(pParse, pExpr->pLeft,target); - int aff = sqlite3TableColumnAffinity(pExpr->y.pTab, pExpr->iColumn); + int aff; + if( pExpr->y.pTab ){ + aff = sqlite3TableColumnAffinity(pExpr->y.pTab, pExpr->iColumn); + }else{ + aff = pExpr->affExpr; + } if( aff>SQLITE_AFF_BLOB ){ static const char zAff[] = "B\000C\000D\000E"; assert( SQLITE_AFF_BLOB=='A' ); |