From 3b697f496303bd005ae9d1d2c974efeed259d8a3 Mon Sep 17 00:00:00 2001
From: Andy Shaw <andy.shaw@qt.io>
Date: Thu, 2 Jan 2020 09:07:08 +0100
Subject: Fix CVE-2019-19646 in SQLite

Task-number: QTBUG-81020
Change-Id: I7176db20d4a44b1fb443a6108675f719e9643343
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
---
 .../0004-Fix-CVE-2019-19646-in-SQLite.patch        | 29 ++++++++++++++++++++++
 src/3rdparty/sqlite/sqlite3.c                      |  4 ++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch

diff --git a/src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch b/src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch
new file mode 100644
index 0000000000..db436ab4f6
--- /dev/null
+++ b/src/3rdparty/sqlite/patches/0004-Fix-CVE-2019-19646-in-SQLite.patch
@@ -0,0 +1,29 @@
+From a83bbce4d6f31d93ea4d2a681aa52c148f148e26 Mon Sep 17 00:00:00 2001
+From: Andy Shaw <andy.shaw@qt.io>
+Date: Thu, 2 Jan 2020 09:07:08 +0100
+Subject: [PATCH] Fix CVE-2019-19646 in SQLite
+
+Task-number: QTBUG-81020
+Change-Id: I7176db20d4a44b1fb443a6108675f719e9643343
+---
+ src/3rdparty/sqlite/sqlite3.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
+index 57e61b8313..980a149b1a 100644
+--- a/src/3rdparty/sqlite/sqlite3.c
++++ b/src/3rdparty/sqlite/sqlite3.c
+@@ -123765,7 +123765,9 @@ SQLITE_PRIVATE void sqlite3Pragma(
+           if( j==pTab->iPKey ) continue;
+           if( pTab->aCol[j].notNull==0 ) continue;
+           sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3);
+-          sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
++          if( sqlite3VdbeGetOp(v,-1)->opcode==OP_Column ){
++            sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
++          }
+           jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v);
+           zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
+                               pTab->aCol[j].zName);
+-- 
+2.21.0 (Apple Git-122.2)
+
diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
index a430554db7..712a103ef6 100644
--- a/src/3rdparty/sqlite/sqlite3.c
+++ b/src/3rdparty/sqlite/sqlite3.c
@@ -123776,7 +123776,9 @@ SQLITE_PRIVATE void sqlite3Pragma(
           if( j==pTab->iPKey ) continue;
           if( pTab->aCol[j].notNull==0 ) continue;
           sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3);
-          sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
+          if( sqlite3VdbeGetOp(v,-1)->opcode==OP_Column ){
+            sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
+          }
           jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v);
           zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
                               pTab->aCol[j].zName);
-- 
cgit v1.2.3