mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-20 18:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

sqlite: CVE-2022-35737 assertion failure

Browse Source 
Source: https://www.sqlite.org/
MR: 120541
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7
ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda
Description:
	 CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4.

(From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Hitendra Prajapati
2022-09-02 16:47:44 +05:30
committed by Richard Purdie
parent a884e8bdbf
commit d24759196a
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
meta/recipes-support/sqlite/files/CVE-2022-35737.patch Normal file
View File

@@ -0,0 +1,29 @@
From 2bbf4c999dbb4b520561a57e0bafc19a15562093 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Fri, 2 Sep 2022 11:22:29 +0530
Subject: [PATCH] CVE-2022-35737
Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7]
CVE: CVE-2022-35737
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
sqlite3.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sqlite3.c b/sqlite3.c
index f664217..33dfb78 100644
--- a/sqlite3.c
+++ b/sqlite3.c
@@ -28758,7 +28758,8 @@ SQLITE_API void sqlite3_str_vappendf(
case etSQLESCAPE: /* %q: Escape ' characters */
case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */
case etSQLESCAPE3: { /* %w: Escape " characters */
- int i, j, k, n, isnull;
+ i64 i, j, k, n;
+ int isnull;
int needQuote;
char ch;
char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */
--
2.25.1

1
meta/recipes-support/sqlite/sqlite3_3.31.1.bb
View File

@@ -13,6 +13,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2020-13630.patch \
file://CVE-2020-13631.patch \
file://CVE-2020-13632.patch \
file://CVE-2022-35737.patch \
"
SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"