sqlite3: Backport fix for CVE-2023-7104

Backport https://sqlite.org/src/info/0e4e7a05c4204b47 (From OE-Core rev: 2a418c0a55d0d4e9a70a41c9a7cfea97ec0edee9) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-04-23 00:32:12 +02:00 · 2024-01-19 07:55:24 +05:30
parent 3adc98348b
commit 9bf63ee197
2 changed files with 47 additions and 0 deletions
--- a/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
+++ b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
@@ -0,0 +1,46 @@
+From eab426c5fba69d2c77023939f72b4ad446834e3c Mon Sep 17 00:00:00 2001
+From: dan <Dan Kennedy>
+Date: Thu, 7 Sep 2023 13:53:09 +0000
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.
+
+Upstream-Status: Backport [https://sqlite.org/src/info/0e4e7a05c4204b47]
+CVE: CVE-2023-7104
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ sqlite3.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 972ef18..c645ac8 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -203301,15 +203301,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
+	if( (pIn->nData-pIn->iNext)<8 ){
+	  rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
+	  sqlite3_int64 v = sessionGetI64(aVal);
+	  if( eType==SQLITE_INTEGER ){
+	    sqlite3VdbeMemSetInt64(apOut[i], v);
+	  }else{
+	    double d;
+	    memcpy(&d, &v, 8);
+	    sqlite3VdbeMemSetDouble(apOut[i], d);
+	  }
+	  pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.25.1
+
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
           file://CVE-2020-35525.patch \
           file://CVE-2020-35527.patch \
           file://CVE-2021-20223.patch \
+           file://CVE-2023-7104.patch \
           "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"