mirror of
https://git.yoctoproject.org/poky
synced 2026-02-09 10:13:03 +01:00
577bbcd237
Description of CVE-2025-29087 and CVE-2025-3277 are very similar. There is no lonk from NVD, but [1] and [2] from Debian mark these two CVEs as duplicates with the same link for patch. [1] https://security-tracker.debian.org/tracker/CVE-2025-29087 [2] https://security-tracker.debian.org/tracker/CVE-2025-3277 (From OE-Core rev: a9386d9f3f4f5256dca2eee6355e3cc74d77af1d) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
30 lines
957 B
Diff
30 lines
957 B
Diff
From d7f45414935e4ef6e3361f02a22876f1ee7a04aa Mon Sep 17 00:00:00 2001
|
|
From: drh <>
|
|
Date: Sun, 16 Feb 2025 10:57:25 +0000
|
|
Subject: [PATCH] Add a typecast to avoid 32-bit integer overflow in the
|
|
concat_ws() function with an enormous separator values and many arguments.
|
|
|
|
FossilOrigin-Name: 498e3f1cf57f164fbd8380e92bf91b9f26d6aa05d092fcd135d754abf1e5b1b5
|
|
|
|
CVE: CVE-2025-3277
|
|
CVE: CVE-2025-29087
|
|
Upstream-Status: Backport [https://sqlite.org/src/info/498e3f1cf57f164f]
|
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
|
---
|
|
sqlite3.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/sqlite3.c b/sqlite3.c
|
|
index 08c593e55c..24d0d954d9 100644
|
|
--- a/sqlite3.c
|
|
+++ b/sqlite3.c
|
|
@@ -130954,7 +130954,7 @@ static void concatFuncCore(
|
|
for(i=0; i<argc; i++){
|
|
n += sqlite3_value_bytes(argv[i]);
|
|
}
|
|
- n += (argc-1)*nSep;
|
|
+ n += (argc-1)*(i64)nSep;
|
|
z = sqlite3_malloc64(n+1);
|
|
if( z==0 ){
|
|
sqlite3_result_error_nomem(context);
|