diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch')
-rw-r--r-- | external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch | 126 |
1 files changed, 0 insertions, 126 deletions
diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch deleted file mode 100644 index 5883774e..00000000 --- a/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch +++ /dev/null @@ -1,126 +0,0 @@ -From fbf2392644f0ae4282fa4583c9bb67260995d983 Mon Sep 17 00:00:00 2001 -From: Shubham Agrawal <shuagr@microsoft.com> -Date: Mon, 23 Sep 2019 20:58:47 +0000 -Subject: [PATCH] sqlite: fix for CVE-2019-8457 - -Upstream-Status: Backport -CVE: CVE-2019-8457 -Signed-off-by: Shubham Agrawal <shuagr@microsoft.com> ---- - sqlite3.c | 50 +++++++++++++++++++++++++++++++------------------- - 1 file changed, 31 insertions(+), 19 deletions(-) - -diff --git a/sqlite3.c b/sqlite3.c -index 00513d4..5c8c7f4 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -172325,6 +172325,33 @@ - } - - -+/* Allocate and initialize a new dynamic string object */ -+StrAccum *sqlite3_str_new(sqlite3 *db){ -+ StrAccum *p = sqlite3DbMallocRaw(db, sizeof(*p)); -+ if( p ){ -+ sqlite3StrAccumInit(p, db, 0, 0, SQLITE_MAX_LENGTH); -+ } -+ return p; -+} -+ -+/* Finalize a string created using sqlite3_str_new(). -+*/ -+ -+char *sqlite3_str_finish(StrAccum *p){ -+ char *z; -+ if( p ){ -+ z = sqlite3StrAccumFinish(p); -+ sqlite3DbFree(p->db, p); -+ }else{ -+ z = 0; -+ } -+ return z; -+} -+/* Return any error code associated with p */ -+int sqlite3_str_errcode(StrAccum *p){ -+ return p ? p->accError : SQLITE_NOMEM; -+} -+ - /* - ** Implementation of a scalar function that decodes r-tree nodes to - ** human readable strings. This can be used for debugging and analysis. -@@ -172342,49 +172369,53 @@ - ** <num-dimension>*2 coordinates. - */ - static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){ -- char *zText = 0; -+ - RtreeNode node; - Rtree tree; - int ii; -+ int nData; -+ int errCode; -+ StrAccum *pOut; - - UNUSED_PARAMETER(nArg); - memset(&node, 0, sizeof(RtreeNode)); - memset(&tree, 0, sizeof(Rtree)); - tree.nDim = (u8)sqlite3_value_int(apArg[0]); -+ if( tree.nDim<1 || tree.nDim>5 ) return; - tree.nDim2 = tree.nDim*2; - tree.nBytesPerCell = 8 + 8 * tree.nDim; - node.zData = (u8 *)sqlite3_value_blob(apArg[1]); -+ nData = sqlite3_value_bytes(apArg[1]); -+ if( nData<4 ) return; -+ if( nData<NCELL(&node)*tree.nBytesPerCell ) return; - -+ pOut = sqlite3_str_new(0); - for(ii=0; ii<NCELL(&node); ii++){ -- char zCell[512]; -- int nCell = 0; -+ -+ - RtreeCell cell; - int jj; - - nodeGetCell(&tree, &node, ii, &cell); -- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid); -- nCell = (int)strlen(zCell); -+ if( ii>0 ) sqlite3StrAccumAppend(pOut, " ", 1); -+ sqlite3XPrintf(pOut, "{%lld", cell.iRowid); -+ - for(jj=0; jj<tree.nDim2; jj++){ - #ifndef SQLITE_RTREE_INT_ONLY -- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g", -- (double)cell.aCoord[jj].f); -+ -+ sqlite3XPrintf(pOut, " %g", (double)cell.aCoord[jj].f); - #else -- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d", -- cell.aCoord[jj].i); -+ -+ sqlite3XPrintf(pOut, " %d", cell.aCoord[jj].i); - #endif -- nCell = (int)strlen(zCell); -- } - -- if( zText ){ -- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell); -- sqlite3_free(zText); -- zText = zTextNew; -- }else{ -- zText = sqlite3_mprintf("{%s}", zCell); - } -+ sqlite3StrAccumAppend(pOut, "}", 1); - } -- -- sqlite3_result_text(ctx, zText, -1, sqlite3_free); -+ -+ errCode = sqlite3_str_errcode(pOut); -+ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free); -+ sqlite3_result_error_code(ctx, errCode); - } - - /* This routine implements an SQL function that returns the "depth" parameter --- -2.7.4 - |