summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch29
-rw-r--r--src/3rdparty/sqlite/sqlite3.c4
2 files changed, 32 insertions, 1 deletions
diff --git a/src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch b/src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch
new file mode 100644
index 0000000000..db436ab4f6
--- /dev/null
+++ b/src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch
@@ -0,0 +1,29 @@
+From a83bbce4d6f31d93ea4d2a681aa52c148f148e26 Mon Sep 17 00:00:00 2001
+From: Andy Shaw <andy.shaw@qt.io>
+Date: Thu, 2 Jan 2020 09:07:08 +0100
+Subject: [PATCH] Fix CVE-2019-19646 in SQLite
+
+Task-number: QTBUG-81020
+Change-Id: I7176db20d4a44b1fb443a6108675f719e9643343
+---
+ src/3rdparty/sqlite/sqlite3.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
+index 57e61b8313..980a149b1a 100644
+--- a/src/3rdparty/sqlite/sqlite3.c
++++ b/src/3rdparty/sqlite/sqlite3.c
+@@ -123765,7 +123765,9 @@ SQLITE_PRIVATE void sqlite3Pragma(
+ if( j==pTab->iPKey ) continue;
+ if( pTab->aCol[j].notNull==0 ) continue;
+ sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3);
+- sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
++ if( sqlite3VdbeGetOp(v,-1)->opcode==OP_Column ){
++ sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
++ }
+ jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v);
+ zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
+ pTab->aCol[j].zName);
+--
+2.21.0 (Apple Git-122.2)
+
diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
index a430554db7..712a103ef6 100644
--- a/src/3rdparty/sqlite/sqlite3.c
+++ b/src/3rdparty/sqlite/sqlite3.c
@@ -123776,7 +123776,9 @@ SQLITE_PRIVATE void sqlite3Pragma(
if( j==pTab->iPKey ) continue;
if( pTab->aCol[j].notNull==0 ) continue;
sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3);
- sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
+ if( sqlite3VdbeGetOp(v,-1)->opcode==OP_Column ){
+ sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
+ }
jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v);
zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
pTab->aCol[j].zName);