blob: ffc2c6afffaa9e8b524b00bdc66c426dc869e637 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
CVE: CVE-2019-19925
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>
From e92580434d2cdca228649d32f76167492de4f512 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Thu, 19 Dec 2019 15:15:40 +0000
Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the
pathname of the file being inserted is a NULL. Bug discovered by the
Yongheng and Rui fuzzer.
FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06
---
shell.c | 1 +
sqlite3.c | 4 ++--
sqlite3.h | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/shell.c b/shell.c
index 053180c..404a8d4 100644
--- a/shell.c
+++ b/shell.c
@@ -5827,6 +5827,7 @@ static int zipfileUpdate(
if( rc==SQLITE_OK ){
zPath = (const char*)sqlite3_value_text(apVal[2]);
+ if( zPath==0 ) zPath = "";
nPath = (int)strlen(zPath);
mTime = zipfileGetTime(apVal[4]);
}
--
2.24.1
|