mirror of
https://git.yoctoproject.org/poky
synced 2026-04-22 15:32:14 +02:00
sqlite3: fix CVE-2020-13632
CVE: CVE-2020-13632 Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13632 (From OE-Core rev: 8d54034bb8e522f9827ec6422b32cbd4e5bf1346) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Steve Sakoman
committed by
Richard Purdie
Richard Purdie
parent
1a057dcc73
commit
9bf3399388
34
meta/recipes-support/sqlite/files/CVE-2020-13632.patch
Normal file
34
meta/recipes-support/sqlite/files/CVE-2020-13632.patch
Normal file
@@ -0,0 +1,34 @@
|
||||
From 219b8e7e7587df8669d96ce867cdd61ca1c05730 Mon Sep 17 00:00:00 2001
|
||||
From: drh <drh@noemail.net>
|
||||
Date: Thu, 14 May 2020 23:59:24 +0000
|
||||
Subject: [PATCH] Fix a null pointer deference that can occur on a strange
|
||||
matchinfo() query.
|
||||
|
||||
FossilOrigin-Name: a4dd148928ea65bd4e1654dfacc3d8057d1f85b8c9939416991d50722e5a720e
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2020-13632
|
||||
|
||||
Reference to upstream patch:
|
||||
https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730
|
||||
|
||||
Patch converted to amalgamation format
|
||||
|
||||
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
||||
---
|
||||
sqlite3.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sqlite3.c b/sqlite3.c
|
||||
index 282e106..5ae8c8b 100644
|
||||
--- a/sqlite3.c
|
||||
+++ b/sqlite3.c
|
||||
@@ -181820,7 +181820,7 @@ static int fts3ExprLHits(
|
||||
iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
|
||||
}
|
||||
|
||||
- while( 1 ){
|
||||
+ if( pIter ) while( 1 ){
|
||||
int nHit = fts3ColumnlistCount(&pIter);
|
||||
if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){
|
||||
if( p->flag==FTS3_MATCHINFO_LHITS ){
|
||||
@@ -12,6 +12,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
|
||||
file://CVE-2020-13435.patch \
|
||||
file://CVE-2020-13630.patch \
|
||||
file://CVE-2020-13631.patch \
|
||||
file://CVE-2020-13632.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
|
||||
SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
|
||||
|
||||
Reference in New Issue
Block a user