blob: fc1c6778c3ab70695dd93544e7d9b812cce6e4e4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From 423d82ac8c7c545e8eac6f70a3e5e92208b7d991 Mon Sep 17 00:00:00 2001
From: Andy Shaw <andy.shaw@qt.io>
Date: Tue, 21 Jan 2020 15:15:00 +0100
Subject: [PATCH] Fix CVE-2019-19880 in SQLite
Fixes: QTBUG-81565
Change-Id: I6bf2364e696315e5262d1abfa2f0b6947f14a33b
---
src/3rdparty/sqlite/sqlite3.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
index d5b43857ad..cd1a4d5221 100644
--- a/src/3rdparty/sqlite/sqlite3.c
+++ b/src/3rdparty/sqlite/sqlite3.c
@@ -147620,9 +147620,11 @@ static ExprList *exprListAppendList(
int nInit = pList ? pList->nExpr : 0;
for(i=0; i<pAppend->nExpr; i++){
Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
+ assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
pDup->op = TK_NULL;
pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
+ pDup->u.zToken = 0;
}
pList = sqlite3ExprListAppend(pParse, pList, pDup);
if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
--
2.21.0 (Apple Git-122.2)
|
