diff options
Diffstat (limited to 'external/poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch')
| -rw-r--r-- | external/poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch new file mode 100644 index 00000000..086f6ef9 --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch @@ -0,0 +1,47 @@ +Fix a defect in the query-flattener optimization identified by ticket [8f157e8010b22af0]. + +Upstream-Status: Backport +https://www.sqlite.org/src/info/10fa79d00f8091e5 +CVE: CVE-2020-15358 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: sqlite-autoconf-3310100/sqlite3.c +=================================================================== +--- sqlite-autoconf-3310100.orig/sqlite3.c ++++ sqlite-autoconf-3310100/sqlite3.c +@@ -18349,6 +18349,7 @@ struct Select { + #define SF_WhereBegin 0x0080000 /* Really a WhereBegin() call. Debug Only */ + #define SF_WinRewrite 0x0100000 /* Window function rewrite accomplished */ + #define SF_View 0x0200000 /* SELECT statement is a view */ ++#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */ + + /* + ** The results of a SELECT can be distributed in several ways, as defined +@@ -130607,9 +130608,7 @@ static int multiSelect( + selectOpName(p->op))); + rc = sqlite3Select(pParse, p, &uniondest); + testcase( rc!=SQLITE_OK ); +- /* Query flattening in sqlite3Select() might refill p->pOrderBy. +- ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */ +- sqlite3ExprListDelete(db, p->pOrderBy); ++ assert( p->pOrderBy==0 ); + pDelete = p->pPrior; + p->pPrior = pPrior; + p->pOrderBy = 0; +@@ -131958,7 +131957,7 @@ static int flattenSubquery( + ** We look at every expression in the outer query and every place we see + ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10". + */ +- if( pSub->pOrderBy ){ ++ if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){ + /* At this point, any non-zero iOrderByCol values indicate that the + ** ORDER BY column expression is identical to the iOrderByCol'th + ** expression returned by SELECT statement pSub. Since these values +@@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select( + sqlite3ExprListDelete(db, p->pOrderBy); + p->pOrderBy = 0; + p->selFlags &= ~SF_Distinct; ++ p->selFlags |= SF_NoopOrderBy; + } + sqlite3SelectPrep(pParse, p, 0); + if( pParse->nErr || db->mallocFailed ){ |