diff options
Diffstat (limited to 'meta/recipes-support/sqlite/files/CVE-2022-35737.patch')
| -rw-r--r-- | meta/recipes-support/sqlite/files/CVE-2022-35737.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2022-35737.patch b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch new file mode 100644 index 0000000000..9e8f039ef6 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | From ec75530b8d8268cb07d8e476d79e1b0e59492fa2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: drh | ||
| 3 | Date: Thu, 18 Aug 2022 15:10:46 +0200 | ||
| 4 | Subject: [PATCH] sqlite: Increase the size of loop variables in the printf() implementation | ||
| 5 | |||
| 6 | Increase the size of loop variables in the printf() implementation to avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737. | ||
| 7 | |||
| 8 | This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added in sqlite 3.39.2 (2022-07-21). | ||
| 9 | |||
| 10 | Signed-off-by: Ghassane Ben El Aattar ghassaneb.aattar@huawei.com | ||
| 11 | |||
| 12 | CVE: CVE-2022-35737 | ||
| 13 | |||
| 14 | Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7] | ||
| 15 | --- | ||
| 16 | sqlite3.c | 3 ++- | ||
| 17 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
| 18 | |||
| 19 | diff --git a/sqlite3.c b/sqlite3.c | ||
| 20 | index f867d62..490199a 100644 | ||
| 21 | --- a/sqlite3.c | ||
| 22 | +++ b/sqlite3.c | ||
| 23 | @@ -30234,1 +30234,2 @@ static int vxprintf( | ||
| 24 | - int i, j, k, n, isnull; | ||
| 25 | + i64 i, j, k, n; | ||
| 26 | + int isnull; | ||