1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2023-7104.patch b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
new file mode 100644
index 0000000000..01ff29ff5e
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
@@ -0,0 +1,46 @@
+From eab426c5fba69d2c77023939f72b4ad446834e3c Mon Sep 17 00:00:00 2001
+From: dan <Dan Kennedy>
+Date: Thu, 7 Sep 2023 13:53:09 +0000
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.
+Upstream-Status: Backport [https://sqlite.org/src/info/0e4e7a05c4204b47]
+CVE: CVE-2023-7104
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ sqlite3.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+diff --git a/sqlite3.c b/sqlite3.c
+index 972ef18..c645ac8 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -203301,15 +203301,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
+       if( (pIn->nData-pIn->iNext)<8 ){
+         rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
+         sqlite3_int64 v = sessionGetI64(aVal);
+         if( eType==SQLITE_INTEGER ){
+           sqlite3VdbeMemSetInt64(apOut[i], v);
+         }else{
+           double d;
+           memcpy(&d, &v, 8);
+           sqlite3VdbeMemSetDouble(apOut[i], d);
+         }
+         pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.25.1

diff --git a/meta/recipes-support/sqlite/files/CVE-2023-7104.patch b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch new file mode 100644 index 0000000000..01ff29ff5e --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
@@ -0,0 +1,46 @@
	1	From eab426c5fba69d2c77023939f72b4ad446834e3c Mon Sep 17 00:00:00 2001
	2	From: dan <Dan Kennedy>
	3	Date: Thu, 7 Sep 2023 13:53:09 +0000
	4	Subject: [PATCH] Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.
	5
	6	Upstream-Status: Backport [https://sqlite.org/src/info/0e4e7a05c4204b47]
	7	CVE: CVE-2023-7104
	8	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	9	---
	10	sqlite3.c \| 18 +++++++++++-------
	11	1 file changed, 11 insertions(+), 7 deletions(-)
	12
	13	diff --git a/sqlite3.c b/sqlite3.c
	14	index 972ef18..c645ac8 100644
	15	--- a/sqlite3.c
	16	+++ b/sqlite3.c
	17	@@ -203301,15 +203301,19 @@ static int sessionReadRecord(
	18	}
	19	}
	20	if( eType==SQLITE_INTEGER \|\| eType==SQLITE_FLOAT ){
	21	- sqlite3_int64 v = sessionGetI64(aVal);
	22	- if( eType==SQLITE_INTEGER ){
	23	- sqlite3VdbeMemSetInt64(apOut[i], v);
	24	+ if( (pIn->nData-pIn->iNext)<8 ){
	25	+ rc = SQLITE_CORRUPT_BKPT;
	26	}else{
	27	- double d;
	28	- memcpy(&d, &v, 8);
	29	- sqlite3VdbeMemSetDouble(apOut[i], d);
	30	+ sqlite3_int64 v = sessionGetI64(aVal);
	31	+ if( eType==SQLITE_INTEGER ){
	32	+ sqlite3VdbeMemSetInt64(apOut[i], v);
	33	+ }else{
	34	+ double d;
	35	+ memcpy(&d, &v, 8);
	36	+ sqlite3VdbeMemSetDouble(apOut[i], d);
	37	+ }
	38	+ pIn->iNext += 8;
	39	}
	40	- pIn->iNext += 8;
	41	}
	42	}
	43	}
	44	--
	45	2.25.1
	46