diff options
Diffstat (limited to 'src/3rdparty/sqlite')
-rw-r--r-- | src/3rdparty/sqlite/patches/0001-Fix-CVE-2019-16168-in-SQLite.patch | 42 | ||||
-rw-r--r-- | src/3rdparty/sqlite/sqlite3.c | 5 |
2 files changed, 46 insertions, 1 deletions
diff --git a/src/3rdparty/sqlite/patches/0001-Fix-CVE-2019-16168-in-SQLite.patch b/src/3rdparty/sqlite/patches/0001-Fix-CVE-2019-16168-in-SQLite.patch new file mode 100644 index 0000000000..e56a6a2411 --- /dev/null +++ b/src/3rdparty/sqlite/patches/0001-Fix-CVE-2019-16168-in-SQLite.patch @@ -0,0 +1,42 @@ +From 3442a3ce9c2bd366eb0bd1c18d37a6ce732a888d Mon Sep 17 00:00:00 2001 +From: Andy Shaw <andy.shaw@qt.io> +Date: Wed, 25 Sep 2019 09:17:01 +0200 +Subject: [PATCH] Fix CVE-2019-16168 in SQLite + +v3.29.0 is the latest and there is no indication as to when the next +release is so we will apply this separately for now and it can be +reverted once it is in a release that we ship with. + +This patch is taken from https://www.sqlite.org/src/info/98357d8c1263920b + +Change-Id: I82d398b093b67842a4369e3220c01e7eea30763a +--- + src/3rdparty/sqlite/sqlite3.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c +index 61bfdeb766..b3e6ae27b6 100644 +--- a/src/3rdparty/sqlite/sqlite3.c ++++ b/src/3rdparty/sqlite/sqlite3.c +@@ -105933,7 +105933,9 @@ static void decodeIntArray( + if( sqlite3_strglob("unordered*", z)==0 ){ + pIndex->bUnordered = 1; + }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){ +- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3)); ++ int sz = sqlite3Atoi(z+3); ++ if( sz<2 ) sz = 2; ++ pIndex->szIdxRow = sqlite3LogEst(sz); + }else if( sqlite3_strglob("noskipscan*", z)==0 ){ + pIndex->noSkipScan = 1; + } +@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex( + ** it to pNew->rRun, which is currently set to the cost of the index + ** seek only. Then, if this is a non-covering index, add the cost of + ** visiting the rows in the main table. */ ++ assert( pSrc->pTab->szTabRow>0 ); + rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow; + pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx); + if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){ +-- +2.20.1 (Apple Git-117) + diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c index 61bfdeb766..b3e6ae27b6 100644 --- a/src/3rdparty/sqlite/sqlite3.c +++ b/src/3rdparty/sqlite/sqlite3.c @@ -105933,7 +105933,9 @@ static void decodeIntArray( if( sqlite3_strglob("unordered*", z)==0 ){ pIndex->bUnordered = 1; }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){ - pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3)); + int sz = sqlite3Atoi(z+3); + if( sz<2 ) sz = 2; + pIndex->szIdxRow = sqlite3LogEst(sz); }else if( sqlite3_strglob("noskipscan*", z)==0 ){ pIndex->noSkipScan = 1; } @@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex( ** it to pNew->rRun, which is currently set to the cost of the index ** seek only. Then, if this is a non-covering index, add the cost of ** visiting the rows in the main table. */ + assert( pSrc->pTab->szTabRow>0 ); rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow; pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx); if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){ |