diff options
| author | Andy Shaw <andy.shaw@qt.io> | 2020-01-02 09:07:08 +0100 |
|---|---|---|
| committer | Andy Shaw <andy.shaw@qt.io> | 2020-01-21 05:49:37 +0000 |
| commit | 5e32c51b7acea2df72f573e7ba6b11643ada280a (patch) | |
| tree | def6022d3142085723004dce87f9c7ecd7d52229 /src | |
| parent | b84e1f05260e1349c8ef7af457fbeb3c64b521be (diff) | |
Fix CVE-2019-19646 in SQLite
Task-number: QTBUG-81020
Change-Id: I7176db20d4a44b1fb443a6108675f719e9643343
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 3b697f496303bd005ae9d1d2c974efeed259d8a3)
Diffstat (limited to 'src')
| -rw-r--r-- | src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch | 29 | ||||
| -rw-r--r-- | src/3rdparty/sqlite/sqlite3.c | 4 |
2 files changed, 32 insertions, 1 deletions
diff --git a/src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch b/src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch new file mode 100644 index 0000000000..db436ab4f6 --- /dev/null +++ b/src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch @@ -0,0 +1,29 @@ +From a83bbce4d6f31d93ea4d2a681aa52c148f148e26 Mon Sep 17 00:00:00 2001 +From: Andy Shaw <andy.shaw@qt.io> +Date: Thu, 2 Jan 2020 09:07:08 +0100 +Subject: [PATCH] Fix CVE-2019-19646 in SQLite + +Task-number: QTBUG-81020 +Change-Id: I7176db20d4a44b1fb443a6108675f719e9643343 +--- + src/3rdparty/sqlite/sqlite3.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c +index 57e61b8313..980a149b1a 100644 +--- a/src/3rdparty/sqlite/sqlite3.c ++++ b/src/3rdparty/sqlite/sqlite3.c +@@ -123765,7 +123765,9 @@ SQLITE_PRIVATE void sqlite3Pragma( + if( j==pTab->iPKey ) continue; + if( pTab->aCol[j].notNull==0 ) continue; + sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3); +- sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG); ++ if( sqlite3VdbeGetOp(v,-1)->opcode==OP_Column ){ ++ sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG); ++ } + jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v); + zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName, + pTab->aCol[j].zName); +-- +2.21.0 (Apple Git-122.2) + diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c index d392320ba4..d5b43857ad 100644 --- a/src/3rdparty/sqlite/sqlite3.c +++ b/src/3rdparty/sqlite/sqlite3.c @@ -123785,7 +123785,9 @@ SQLITE_PRIVATE void sqlite3Pragma( if( j==pTab->iPKey ) continue; if( pTab->aCol[j].notNull==0 ) continue; sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3); - sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG); + if( sqlite3VdbeGetOp(v,-1)->opcode==OP_Column ){ + sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG); + } jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v); zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName, pTab->aCol[j].zName); |