diff options
Diffstat (limited to 'meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch')
-rw-r--r-- | meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch new file mode 100644 index 0000000000..ffc2c6afff --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | CVE: CVE-2019-19925 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
4 | |||
5 | From e92580434d2cdca228649d32f76167492de4f512 Mon Sep 17 00:00:00 2001 | ||
6 | From: "D. Richard Hipp" <drh@hwaci.com> | ||
7 | Date: Thu, 19 Dec 2019 15:15:40 +0000 | ||
8 | Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the | ||
9 | pathname of the file being inserted is a NULL. Bug discovered by the | ||
10 | Yongheng and Rui fuzzer. | ||
11 | |||
12 | FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06 | ||
13 | --- | ||
14 | shell.c | 1 + | ||
15 | sqlite3.c | 4 ++-- | ||
16 | sqlite3.h | 2 +- | ||
17 | 3 files changed, 4 insertions(+), 3 deletions(-) | ||
18 | |||
19 | diff --git a/shell.c b/shell.c | ||
20 | index 053180c..404a8d4 100644 | ||
21 | --- a/shell.c | ||
22 | +++ b/shell.c | ||
23 | @@ -5827,6 +5827,7 @@ static int zipfileUpdate( | ||
24 | |||
25 | if( rc==SQLITE_OK ){ | ||
26 | zPath = (const char*)sqlite3_value_text(apVal[2]); | ||
27 | + if( zPath==0 ) zPath = ""; | ||
28 | nPath = (int)strlen(zPath); | ||
29 | mTime = zipfileGetTime(apVal[4]); | ||
30 | } | ||
31 | -- | ||
32 | 2.24.1 | ||
33 | |||