From 138a4ab65126342ce61a6546b3f4329d029530e5 Mon Sep 17 00:00:00 2001 From: eulerstorage Date: Fri, 3 Jan 2020 23:16:52 +0800 Subject: [PATCH] fix CVE-2019-9936 and CVE-2019-9937 --- 6048-Fix-CVE-2019-9937.patch | 176 +---------------------------------- 1 file changed, 1 insertion(+), 175 deletions(-) diff --git a/6048-Fix-CVE-2019-9937.patch b/6048-Fix-CVE-2019-9937.patch index e8e32d0..e45f1ee 100644 --- a/6048-Fix-CVE-2019-9937.patch +++ b/6048-Fix-CVE-2019-9937.patch @@ -1,179 +1,5 @@ From cc12b9c512451199cacf89a999977886ba4f183e Mon Sep 17 00:00:00 2001 -From: guiyao -Date: Tue, 31 Dec 2019 21:45:30 -0500 -Subject: [PATCH] backport-fix-CVE-2019-9937 - ---- - ext/fts5/fts5Int.h | 3 ++- - ext/fts5/fts5_hash.c | 55 ++++++++++++++++++++++++++++++++--------------- - ext/fts5/fts5_index.c | 25 ++++++++++++++------- - ext/fts5/test/fts5aa.test | 21 +++++++++++++++++- - 4 files changed, 77 insertions(+), 27 deletions(-) - -diff --git a/ext/fts5/fts5Int.h b/ext/fts5/fts5Int.h -index 1f8a297..984d625 100644 ---- a/ext/fts5/fts5Int.h -+++ b/ext/fts5/fts5Int.h -@@ -565,8 +565,9 @@ void sqlite3Fts5HashClear(Fts5Hash*); - - int sqlite3Fts5HashQuery( - Fts5Hash*, /* Hash table to query */ -+ int nPre, - const char *pTerm, int nTerm, /* Query term */ -- const u8 **ppDoclist, /* OUT: Pointer to doclist for pTerm */ -+ void **ppObj, /* OUT: Pointer to doclist for pTerm */ - int *pnDoclist /* OUT: Size of doclist in bytes */ - ); - -diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c -index c35b5d5..eae785a 100644 ---- a/ext/fts5/fts5_hash.c -+++ b/ext/fts5/fts5_hash.c -@@ -187,19 +187,25 @@ static int fts5HashResize(Fts5Hash *pHash){ - return SQLITE_OK; - } - --static void fts5HashAddPoslistSize(Fts5Hash *pHash, Fts5HashEntry *p){ -+static int fts5HashAddPoslistSize( -+ Fts5Hash *pHash, -+ Fts5HashEntry *p, -+ Fts5HashEntry *p2 -+){ -+ int nRet = 0; - if( p->iSzPoslist ){ -- u8 *pPtr = (u8*)p; -+ u8 *pPtr = p2 ? (u8*)p2 : (u8*)p; -+ int nData = p->nData; - if( pHash->eDetail==FTS5_DETAIL_NONE ){ -- assert( p->nData==p->iSzPoslist ); -+ assert( nData==p->iSzPoslist ); - if( p->bDel ){ -- pPtr[p->nData++] = 0x00; -+ pPtr[nData++] = 0x00; - if( p->bContent ){ -- pPtr[p->nData++] = 0x00; -+ pPtr[nData++] = 0x00; - } - } - }else{ -- int nSz = (p->nData - p->iSzPoslist - 1); /* Size in bytes From cc12b9c512451199cacf89a999977886ba4f183e Mon Sep 17 00:00:00 2001 -From: guiyao -Date: Tue, 31 Dec 2019 21:45:30 -0500 -Subject: [PATCH] backport-fix-CVE-2019-9937 - ---- - ext/fts5/fts5Int.h | 3 ++- - ext/fts5/fts5_hash.c | 55 ++++++++++++++++++++++++++++++++--------------- - ext/fts5/fts5_index.c | 25 ++++++++++++++------- - ext/fts5/test/fts5aa.test | 21 +++++++++++++++++- - 4 files changed, 77 insertions(+), 27 deletions(-) - -diff --git a/ext/fts5/fts5Int.h b/ext/fts5/fts5Int.h -index 1f8a297..984d625 100644 ---- a/ext/fts5/fts5Int.h -+++ b/ext/fts5/fts5Int.h -@@ -565,8 +565,9 @@ void sqlite3Fts5HashClear(Fts5Hash*); - - int sqlite3Fts5HashQuery( - Fts5Hash*, /* Hash table to query */ -+ int nPre, - const char *pTerm, int nTerm, /* Query term */ -- const u8 **ppDoclist, /* OUT: Pointer to doclist for pTerm */ -+ void **ppObj, /* OUT: Pointer to doclist for pTerm */ - int *pnDoclist /* OUT: Size of doclist in bytes */ - ); - -diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c -index c35b5d5..eae785a 100644 ---- a/ext/fts5/fts5_hash.c -+++ b/ext/fts5/fts5_hash.c -@@ -187,19 +187,25 @@ static int fts5HashResize(Fts5Hash *pHash){ - return SQLITE_OK; - } - --static void fts5HashAddPoslistSize(Fts5Hash *pHash, Fts5HashEntry *p){ -+static int fts5HashAddPoslistSize( -+ Fts5Hash *pHash, -+ Fts5HashEntry *p, -+ Fts5HashEntry *p2 -+){ -+ int nRet = 0; - if( p->iSzPoslist ){ -- u8 *pPtr = (u8*)p; -+ u8 *pPtr = p2 ? (u8*)p2 : (u8*)p; -+ int nData = p->nData; - if( pHash->eDetail==FTS5_DETAIL_NONE ){ -- assert( p->nData==p->iSzPoslist ); -+ assert( nData==p->iSzPoslist ); - if( p->bDel ){ -- pPtr[p->nData++] = 0x00; -+ pPtr[nData++] = 0x00; - if( p->bContent ){ -- pPtr[p->nData++] = 0x00; -+ pPtr[nData++] = 0x00; - } - } - }else{ -- int nSz = (p->nData - p->iSzPoslist - 1); /* Size in bytes vFrom cc12b9c512451199cacf89a999977886ba4f183e Mon Sep 17 00:00:00 2001 -From: guiyao -Date: Tue, 31 Dec 2019 21:45:30 -0500 -Subject: [PATCH] backport-fix-CVE-2019-9937 - ---- - ext/fts5/fts5Int.h | 3 ++- - ext/fts5/fts5_hash.c | 55 ++++++++++++++++++++++++++++++++--------------- - ext/fts5/fts5_index.c | 25 ++++++++++++++------- - ext/fts5/test/fts5aa.test | 21 +++++++++++++++++- - 4 files changed, 77 insertions(+), 27 deletions(-) - -diff --git a/ext/fts5/fts5Int.h b/ext/fts5/fts5Int.h -index 1f8a297..984d625 100644 ---- a/ext/fts5/fts5Int.h -+++ b/ext/fts5/fts5Int.h -@@ -565,8 +565,9 @@ void sqlite3Fts5HashClear(Fts5Hash*); - - int sqlite3Fts5HashQuery( - Fts5Hash*, /* Hash table to query */ -+ int nPre, - const char *pTerm, int nTerm, /* Query term */ -- const u8 **ppDoclist, /* OUT: Pointer to doclist for pTerm */ -+ void **ppObj, /* OUT: Pointer to doclist for pTerm */ - int *pnDoclist /* OUT: Size of doclist in bytes */ - ); - -diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c -index c35b5d5..eae785a 100644 ---- a/ext/fts5/fts5_hash.c -+++ b/ext/fts5/fts5_hash.c -@@ -187,19 +187,25 @@ static int fts5HashResize(Fts5Hash *pHash){ - return SQLITE_OK; - } - --static void fts5HashAddPoslistSize(Fts5Hash *pHash, Fts5HashEntry *p){ -+static int fts5HashAddPoslistSize( -+ Fts5Hash *pHash, -+ Fts5HashEntry *p, -+ Fts5HashEntry *p2 -+){ -+ int nRet = 0; - if( p->iSzPoslist ){ -- u8 *pPtr = (u8*)p; -+ u8 *pPtr = p2 ? (u8*)p2 : (u8*)p; -+ int nData = p->nData; - if( pHash->eDetail==FTS5_DETAIL_NONE ){ -- assert( p->nData==p->iSzPoslist ); -+ assert( nData==p->iSzPoslist ); - if( p->bDel ){ -- pPtr[p->nData++] = 0x00; -+ pPtr[nData++] = 0x00; - if( p->bContent ){ -- pPtr[p->nData++] = 0x00; -+ pPtr[nData++] = 0x00; - } - } - }else{ -- int nSz = (p->nData - p->iSzPoslist - 1); /* Size in bytes From cc12b9c512451199cacf89a999977886ba4f183e Mon Sep 17 00:00:00 2001 -From: guiyao +From: openEuler Buildteam Date: Tue, 31 Dec 2019 21:45:30 -0500 Subject: [PATCH] backport-fix-CVE-2019-9937