summaryrefslogtreecommitdiffstats
path: root/external/poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch
blob: 086f6ef913b86357b1aed377b6b1bb6f74371459 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

Fix a defect in the query-flattener optimization identified by ticket [8f157e8010b22af0]. 

Upstream-Status: Backport
https://www.sqlite.org/src/info/10fa79d00f8091e5
CVE: CVE-2020-15358
Signed-off-by: Armin Kuster <akuster@mvista.com>

Index: sqlite-autoconf-3310100/sqlite3.c
===================================================================
--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
@@ -18349,6 +18349,7 @@ struct Select {
 #define SF_WhereBegin    0x0080000 /* Really a WhereBegin() call.  Debug Only */
 #define SF_WinRewrite    0x0100000 /* Window function rewrite accomplished */
 #define SF_View          0x0200000 /* SELECT statement is a view */
+#define SF_NoopOrderBy   0x0400000 /* ORDER BY is ignored for this query */
 
 /*
 ** The results of a SELECT can be distributed in several ways, as defined
@@ -130607,9 +130608,7 @@ static int multiSelect(
                           selectOpName(p->op)));
         rc = sqlite3Select(pParse, p, &uniondest);
         testcase( rc!=SQLITE_OK );
-        /* Query flattening in sqlite3Select() might refill p->pOrderBy.
-        ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */
-        sqlite3ExprListDelete(db, p->pOrderBy);
+        assert( p->pOrderBy==0 );
         pDelete = p->pPrior;
         p->pPrior = pPrior;
         p->pOrderBy = 0;
@@ -131958,7 +131957,7 @@ static int flattenSubquery(
     ** We look at every expression in the outer query and every place we see
     ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".
     */
-    if( pSub->pOrderBy ){
+    if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
       /* At this point, any non-zero iOrderByCol values indicate that the
       ** ORDER BY column expression is identical to the iOrderByCol'th
       ** expression returned by SELECT statement pSub. Since these values
@@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select(
     sqlite3ExprListDelete(db, p->pOrderBy);
     p->pOrderBy = 0;
     p->selFlags &= ~SF_Distinct;
+    p->selFlags |= SF_NoopOrderBy;
   }
   sqlite3SelectPrep(pParse, p, 0);
   if( pParse->nErr || db->mallocFailed ){