From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001
From: takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>
Date: Mon, 2 Nov 2020 11:07:33 +0900
Subject: basesystem-jj recipes

---
 .../sqlite/files/CVE-2018-20506.patch              | 103 ---------------------
 1 file changed, 103 deletions(-)
 delete mode 100644 external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch

(limited to 'external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch')

diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch
deleted file mode 100644
index 7919f9b5..00000000
--- a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Sat, 3 Nov 2018 16:51:30 +0000 (+0000)
-Subject: Add extra defenses against strategically corrupt databases to fts3/4.
-X-Git-Tag: version-3.26.0~58
-X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/19816852d4e82e115338b1997540c26a1b794d18
-
-Add extra defenses against strategically corrupt databases to fts3/4.
-
-https://sqlite.org/src/info/940f2adc8541a838
-
-Upstream-Status: Backport
-CVE: CVE-2018-20506
-Affects <= 3.26.0
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: sqlite-autoconf-3230100/sqlite3.c
-===================================================================
---- sqlite-autoconf-3230100.orig/sqlite3.c
-+++ sqlite-autoconf-3230100/sqlite3.c
-@@ -152368,7 +152368,7 @@ static int fts3ScanInteriorNode(
-   const char *zCsr = zNode;       /* Cursor to iterate through node */
-   const char *zEnd = &zCsr[nNode];/* End of interior node buffer */
-   char *zBuffer = 0;              /* Buffer to load terms into */
--  int nAlloc = 0;                 /* Size of allocated buffer */
-+  i64 nAlloc = 0;                 /* Size of allocated buffer */
-   int isFirstTerm = 1;            /* True when processing first term on page */
-   sqlite3_int64 iChild;           /* Block id of child node to descend to */
- 
-@@ -152406,14 +152406,14 @@ static int fts3ScanInteriorNode(
-     zCsr += fts3GetVarint32(zCsr, &nSuffix);
-     
-     assert( nPrefix>=0 && nSuffix>=0 );
--    if( &zCsr[nSuffix]>zEnd ){
-+    if( nPrefix>zCsr-zNode || nSuffix>zEnd-zCsr ){
-       rc = FTS_CORRUPT_VTAB;
-       goto finish_scan;
-     }
--    if( nPrefix+nSuffix>nAlloc ){
-+    if( (i64)nPrefix+nSuffix>nAlloc ){
-       char *zNew;
--      nAlloc = (nPrefix+nSuffix) * 2;
--      zNew = (char *)sqlite3_realloc(zBuffer, nAlloc);
-+      nAlloc = ((i64)nPrefix+nSuffix) * 2;
-+      zNew = (char *)sqlite3_realloc64(zBuffer, nAlloc);
-       if( !zNew ){
-         rc = SQLITE_NOMEM;
-         goto finish_scan;
-@@ -162012,15 +162012,19 @@ static int fts3SegReaderNext(
-   ** safe (no risk of overread) even if the node data is corrupted. */
-   pNext += fts3GetVarint32(pNext, &nPrefix);
-   pNext += fts3GetVarint32(pNext, &nSuffix);
--  if( nPrefix<0 || nSuffix<=0 
--   || &pNext[nSuffix]>&pReader->aNode[pReader->nNode] 
-+  if( nSuffix<=0 
-+   || (&pReader->aNode[pReader->nNode] - pNext)<nSuffix
-+   || nPrefix>pReader->nTermAlloc
-   ){
-     return FTS_CORRUPT_VTAB;
-   }
- 
--  if( nPrefix+nSuffix>pReader->nTermAlloc ){
--    int nNew = (nPrefix+nSuffix)*2;
--    char *zNew = sqlite3_realloc(pReader->zTerm, nNew);
-+  /* Both nPrefix and nSuffix were read by fts3GetVarint32() and so are
-+  ** between 0 and 0x7FFFFFFF. But the sum of the two may cause integer
-+  ** overflow - hence the (i64) casts.  */
-+  if( (i64)nPrefix+nSuffix>(i64)pReader->nTermAlloc ){
-+    i64 nNew = ((i64)nPrefix+nSuffix)*2;
-+    char *zNew = sqlite3_realloc64(pReader->zTerm, nNew);
-     if( !zNew ){
-       return SQLITE_NOMEM;
-     }
-@@ -162042,7 +162046,7 @@ static int fts3SegReaderNext(
-   ** b-tree node. And that the final byte of the doclist is 0x00. If either 
-   ** of these statements is untrue, then the data structure is corrupt.
-   */
--  if( &pReader->aDoclist[pReader->nDoclist]>&pReader->aNode[pReader->nNode] 
-+  if( (&pReader->aNode[pReader->nNode] - pReader->aDoclist)<pReader->nDoclist
-    || (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1])
-   ){
-     return FTS_CORRUPT_VTAB;
-@@ -164367,7 +164371,9 @@ static int nodeReaderNext(NodeReader *p)
-       p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nPrefix);
-     }
-     p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nSuffix);
--
-+    if( nPrefix>p->iOff || nSuffix>p->nNode-p->iOff ){
-+      return SQLITE_CORRUPT_VTAB;
-+    }
-     blobGrowBuffer(&p->term, nPrefix+nSuffix, &rc);
-     if( rc==SQLITE_OK ){
-       memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix);
-@@ -164375,6 +164381,9 @@ static int nodeReaderNext(NodeReader *p)
-       p->iOff += nSuffix;
-       if( p->iChild==0 ){
-         p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &p->nDoclist);
-+        if( (p->nNode-p->iOff)<p->nDoclist ){
-+          return SQLITE_CORRUPT_VTAB;
-+        }
-         p->aDoclist = &p->aNode[p->iOff];
-         p->iOff += p->nDoclist;
-       }
-- 
cgit 1.2.3-korg