packages/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
overweight 2019-09-30 11:17:27 -04:00
commit 81a5c3e471
57 changed files with 2758 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
0000-sqlite-3.6.23-lemon-system-template.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up sqlite-3.6.23/tool/lemon.c.system-template sqlite-3.6.23/tool/lemon.c
--- sqlite-3.6.23/tool/lemon.c.system-template 2010-03-10 16:40:35.000000000 +0200
+++ sqlite-3.6.23/tool/lemon.c 2010-03-10 16:40:39.000000000 +0200
@@ -3363,6 +3363,8 @@ PRIVATE FILE *tplt_open(struct lemon *le
tpltname = buf;
}else if( access(templatename,004)==0 ){
tpltname = templatename;
+ }else if( access("/usr/share/lemon/lempar.c", R_OK)==0){
+ tpltname = "/usr/share/lemon/lempar.c";
}else{
tpltname = pathsearch(lemp->argv0,templatename,0);
}
@@ -3374,7 +3376,7 @@ PRIVATE FILE *tplt_open(struct lemon *le
}
in = fopen(tpltname,"rb");
if( in==0 ){
- fprintf(stderr,"Can't open the template file \"%s\".\n",templatename);
+ fprintf(stderr,"Can't open the template file \"%s\".\n",tpltname);
lemp->errorcnt++;
return 0;
}

37
0001-sqlite-3.7.7.1-stupid-openfiles-test.patch Normal file
View File

@ -0,0 +1,37 @@
--- sqlite-src-3240000/test/oserror.test.old 2018-06-05 08:40:35.656122573 +0200
+++ sqlite-src-3240000/test/oserror.test 2018-06-05 08:40:45.614935197 +0200
@@ -51,20 +51,20 @@
# a call to getcwd() may fail if there are no free file descriptors. So
# an error may be reported for either open() or getcwd() here.
#
-if {![clang_sanitize_address]} {
- do_test 1.1.1 {
- set ::log [list]
- list [catch {
- for {set i 0} {$i < 20000} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
- } msg] $msg
- } {1 {unable to open database file}}
- do_test 1.1.2 {
- catch { for {set i 0} {$i < 20000} {incr i} { dbh_$i close } }
- } {1}
- do_re_test 1.1.3 {
- lindex $::log 0
- } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
-}
+#if {![clang_sanitize_address]} {
+# do_test 1.1.1 {
+# set ::log [list]
+# list [catch {
+# for {set i 0} {$i < 20000} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
+# } msg] $msg
+# } {1 {unable to open database file}}
+# do_test 1.1.2 {
+# catch { for {set i 0} {$i < 20000} {incr i} { dbh_$i close } }
+# } {1}
+# do_re_test 1.1.3 {
+# lindex $::log 0
+# } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
+#}
# Test a failure in open() due to the path being a directory.

24
0002-sqlite-3.12.2-no-malloc-usable-size.patch Normal file
View File

@ -0,0 +1,24 @@
diff -up sqlite-src-3120200/configure.ac.malloc_usable_size sqlite-src-3120200/configure.ac
--- sqlite-src-3120200/configure.ac.malloc_usable_size 2016-04-25 09:46:48.134690570 +0200
+++ sqlite-src-3120200/configure.ac 2016-04-25 09:48:41.622637181 +0200
@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h s
#########
# Figure out whether or not we have these functions
#
-AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
+AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
#########
# By default, we use the amalgamation (this may be changed below...)
diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/configure
--- sqlite-src-3120200/configure.malloc_usable_size 2016-04-25 09:47:12.594679063 +0200
+++ sqlite-src-3120200/configure 2016-04-25 09:49:28.684615042 +0200
@@ -10275,7 +10275,7 @@ done
#########
# Figure out whether or not we have these functions
#
-for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64
+for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

15
0003-sqlite-3.8.0-percentile-test.patch Normal file
View File

@ -0,0 +1,15 @@
# On i686 arch the removed test fails with result 2749999.50004681 instead of expected
# 2749999.5. This patch is temporary workaround and should be dropped as soon as a valid
# fix is found.
diff -up sqlite-src-3080002/test/percentile.test.broken sqlite-src-3080002/test/percentile.test
--- sqlite-src-3080002/test/percentile.test.broken 2013-09-16 13:19:53.406004041 +0200
+++ sqlite-src-3080002/test/percentile.test 2013-09-16 13:20:00.079024945 +0200
@@ -195,7 +195,6 @@ ifcapable vtab {
foreach {in out} {
0 0.0
100 9999990.0
- 50 2749999.5
10 99999.9
} {
do_test percentile-2.1.$in {

137
0004-sqlite-3.8.10.1-tcl-regress-tests.patch Normal file
View File

@ -0,0 +1,137 @@
This patch disables a test which caused failed assertion in tcl 8.6.3.
According to sqlite upstream[1], this should be fixed in tcl 8.6.5.
[1] http://mailinglists.sqlite.org/cgi-bin/mailman/private/sqlite-users/2015-May/059518.html
diff -up sqlite-src-3130000/test/shell1.test.orig sqlite-src-3130000/test/shell1.test
--- sqlite-src-3140100/test/shell1.test.orig 2016-08-12 02:17:02.000000000 +0200
+++ sqlite-src-3140100/test/shell1.test 2016-08-15 15:00:59.869664051 +0200
@@ -855,67 +855,67 @@ do_test shell1-4.6 {
# Test using arbitrary byte data with the shell via standard input/output.
#
-do_test shell1-5.0 {
- #
- # NOTE: Skip NUL byte because it appears to be incompatible with command
- # shell argument parsing.
- #
- for {set i 1} {$i < 256} {incr i} {
- #
- # NOTE: Due to how the Tcl [exec] command works (i.e. where it treats
- # command channels opened for it as textual ones), the carriage
- # return character (and on Windows, the end-of-file character)
- # cannot be used here.
- #
- if {$i==0x0D || ($tcl_platform(platform)=="windows" && $i==0x1A)} {
- continue
- }
- if {$i>=0xE0 && $tcl_platform(os)=="OpenBSD"} continue
- if {$i>=0xE0 && $i<=0xEF && $tcl_platform(os)=="Linux"} continue
- set hex [format %02X $i]
- set char [subst \\x$hex]; set oldChar $char
- set escapes [list]
- if {$tcl_platform(platform)=="windows"} {
- #
- # NOTE: On Windows, we need to escape all the whitespace characters,
- # the alarm (\a) character, and those with special meaning to
- # the SQLite shell itself.
- #
- set escapes [list \
- \a \\a \b \\b \t \\t \n \\n \v \\v \f \\f \r \\r \
- " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
- } else {
- #
- # NOTE: On Unix, we need to escape most of the whitespace characters
- # and those with special meaning to the SQLite shell itself.
- # The alarm (\a), backspace (\b), and carriage-return (\r)
- # characters do not appear to require escaping on Unix. For
- # the alarm and backspace characters, this is probably due to
- # differences in the command shell. For the carriage-return,
- # it is probably due to differences in how Tcl handles command
- # channel end-of-line translations.
- #
- set escapes [list \
- \t \\t \n \\n \v \\v \f \\f \
- " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
- }
- set char [string map $escapes $char]
- set x [catchcmdex test.db ".print $char\n"]
- set code [lindex $x 0]
- set res [lindex $x 1]
- if {$code ne "0"} {
- error "failed with error: $res"
- }
- if {$res ne "$oldChar\n"} {
- if {[llength $res] > 0} {
- set got [format %02X [scan $res %c]]
- } else {
- set got <empty>
- }
- error "failed with byte $hex mismatch, got $got"
- }
- }
-} {}
+#do_test shell1-5.0 {
+# #
+# # NOTE: Skip NUL byte because it appears to be incompatible with command
+# # shell argument parsing.
+# #
+# for {set i 1} {$i < 256} {incr i} {
+# #
+# # NOTE: Due to how the Tcl [exec] command works (i.e. where it treats
+# # command channels opened for it as textual ones), the carriage
+# # return character (and on Windows, the end-of-file character)
+# # cannot be used here.
+# #
+# if {$i==0x0D || ($tcl_platform(platform)=="windows" && $i==0x1A)} {
+# continue
+# }
+# if {$i>=0xE0 && $tcl_platform(os)=="OpenBSD"} continue
+# if {$i>=0xE0 && $i<=0xEF && $tcl_platform(os)=="Linux"} continue
+# set hex [format %02X $i]
+# set char [subst \\x$hex]; set oldChar $char
+# set escapes [list]
+# if {$tcl_platform(platform)=="windows"} {
+# #
+# # NOTE: On Windows, we need to escape all the whitespace characters,
+# # the alarm (\a) character, and those with special meaning to
+# # the SQLite shell itself.
+# #
+# set escapes [list \
+# \a \\a \b \\b \t \\t \n \\n \v \\v \f \\f \r \\r \
+# " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
+# } else {
+# #
+# # NOTE: On Unix, we need to escape most of the whitespace characters
+# # and those with special meaning to the SQLite shell itself.
+# # The alarm (\a), backspace (\b), and carriage-return (\r)
+# # characters do not appear to require escaping on Unix. For
+# # the alarm and backspace characters, this is probably due to
+# # differences in the command shell. For the carriage-return,
+# # it is probably due to differences in how Tcl handles command
+# # channel end-of-line translations.
+# #
+# set escapes [list \
+# \t \\t \n \\n \v \\v \f \\f \
+# " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
+# }
+# set char [string map $escapes $char]
+# set x [catchcmdex test.db ".print $char\n"]
+# set code [lindex $x 0]
+# set res [lindex $x 1]
+# if {$code ne "0"} {
+# error "failed with error: $res"
+# }
+# if {$res ne "$oldChar\n"} {
+# if {[llength $res] > 0} {
+# set got [format %02X [scan $res %c]]
+# } else {
+# set got <empty>
+# }
+# error "failed with byte $hex mismatch, got $got"
+# }
+# }
+#} {}
# These test cases do not work on MinGW
if 0 {

14
0005-sqlite-3.16-datetest-2.2c.patch Normal file
View File

@ -0,0 +1,14 @@
--- sqlite-src-3160100/test/date.test.orig 2017-01-04 14:48:46.113737093 +0100
+++ sqlite-src-3160100/test/date.test 2017-01-04 14:49:11.144833563 +0100
@@ -76,11 +76,6 @@ datetest 2.1c datetime(0,'unixepochx') N
datetest 2.1d datetime('2003-10-22','unixepoch') NULL
datetest 2.2 datetime(946684800,'unixepoch') {2000-01-01 00:00:00}
datetest 2.2b datetime('946684800','unixepoch') {2000-01-01 00:00:00}
-for {set i 0} {$i<1000} {incr i} {
- set sql [format {strftime('%%H:%%M:%%f',1237962480.%03d,'unixepoch')} $i]
- set res [format {06:28:00.%03d} $i]
- datetest 2.2c-$i $sql $res
-}
datetest 2.3 {date('2003-10-22','weekday 0')} 2003-10-26
datetest 2.4 {date('2003-10-22','weekday 1')} 2003-10-27
datetest 2.4a {date('2003-10-22','weekday 1')} 2003-10-27

90
0006-sqlite-3.18.0-sync2-dirsync.patch Normal file
View File

@ -0,0 +1,90 @@
--- sqlite-src-3180000/test/sync2.test.sync2-dirsync 2017-03-30 21:26:42.000000000 +0200
+++ sqlite-src-3180000/test/sync2.test 2017-04-03 13:16:14.422329691 +0200
@@ -44,6 +44,15 @@
uplevel [list do_test $tn [list execsql_sync $sql] [list {*}$res]]
}
+# Wrapper over the expected sync count, takes DIRSYNC into consideration
+proc expected_sync_count {sync_count} {
+ ifcapable dirsync {
+ return $sync_count
+ } else {
+ return [ incr sync_count -1 ]
+ }
+}
+
#-----------------------------------------------------------------------
# Tests for journal mode.
#
@@ -53,13 +62,13 @@
INSERT INTO t1 VALUES(1, 2);
}
-do_execsql_sync_test 1.1 { INSERT INTO t1 VALUES(3, 4) } 4
+do_execsql_sync_test 1.1 { INSERT INTO t1 VALUES(3, 4) } [ expected_sync_count 4 ]
# synchronous=normal. So, 1 sync on the directory, 1 on the journal, 1
# on the db file. 3 in total.
do_execsql_test 1.2.1 { PRAGMA main.synchronous = NORMAL }
do_execsql_test 1.2.2 { PRAGMA main.synchronous } 1
-do_execsql_sync_test 1.2.3 { INSERT INTO t1 VALUES(5, 6) } 3
+do_execsql_sync_test 1.2.3 { INSERT INTO t1 VALUES(5, 6) } [ expected_sync_count 3 ]
# synchronous=off. No syncs.
do_execsql_test 1.3.1 { PRAGMA main.synchronous = OFF }
@@ -70,7 +79,7 @@
# 2 on the journal, 1 on the db file. 4 in total.
do_execsql_test 1.4.1 { PRAGMA main.synchronous = FULL }
do_execsql_test 1.4.2 { PRAGMA main.synchronous } 2
-do_execsql_sync_test 1.4.3 { INSERT INTO t1 VALUES(9, 10) } 4
+do_execsql_sync_test 1.4.3 { INSERT INTO t1 VALUES(9, 10) } [ expected_sync_count 4 ]
#-----------------------------------------------------------------------
# Tests for wal mode.
@@ -79,7 +88,7 @@
# sync=full, journal_mode=wal. One sync on the directory, two on the
# wal file.
-do_execsql_sync_test 1.6 { INSERT INTO t1 VALUES(11, 12) } 3
+do_execsql_sync_test 1.6 { INSERT INTO t1 VALUES(11, 12) } [ expected_sync_count 3 ]
# One sync on the wal file.
do_execsql_sync_test 1.7 { INSERT INTO t1 VALUES(13, 14) } 1
@@ -112,7 +121,7 @@
# Wal mode, sync=normal. The first transaction does one sync on directory,
# one on the wal file. The second does no syncs.
- do_execsql_sync_test 1.11.1 { INSERT INTO t1 VALUES(19, 20) } 2
+ do_execsql_sync_test 1.11.1 { INSERT INTO t1 VALUES(19, 20) } [ expected_sync_count 2 ]
do_execsql_sync_test 1.11.2 { INSERT INTO t1 VALUES(21, 22) } 0
do_execsql_test 1.11.3 { PRAGMA main.synchronous } 1
@@ -129,14 +138,14 @@
# Delete mode, sync=full. The first transaction does one sync on
# directory, two on the journal file, one on the db. The second does
# the same.
- do_execsql_sync_test 1.15.1 { INSERT INTO t1 VALUES(26, 27) } 4
- do_execsql_sync_test 1.15.2 { INSERT INTO t1 VALUES(28, 29) } 4
+ do_execsql_sync_test 1.15.1 { INSERT INTO t1 VALUES(26, 27) } [ expected_sync_count 4 ]
+ do_execsql_sync_test 1.15.2 { INSERT INTO t1 VALUES(28, 29) } [ expected_sync_count 4 ]
do_execsql_test 1.15.3 { PRAGMA main.synchronous } 2
# Switch back to wal mode.
do_execsql_test 1.16 { PRAGMA journal_mode = wal } {wal}
- do_execsql_sync_test 1.17.1 { INSERT INTO t1 VALUES(30, 31) } 2
+ do_execsql_sync_test 1.17.1 { INSERT INTO t1 VALUES(30, 31) } [ expected_sync_count 2 ]
do_execsql_sync_test 1.17.2 { INSERT INTO t1 VALUES(32, 33) } 0
do_execsql_test 1.17.3 { PRAGMA main.synchronous } 1
@@ -152,8 +161,8 @@
# Close and reopen the db. Back to synchronous=normal.
db close
sqlite3 db test.db
- do_execsql_sync_test 1.20.1 { INSERT INTO t1 VALUES(38, 39) } 4
- do_execsql_sync_test 1.20.2 { INSERT INTO t1 VALUES(40, 41) } 4
+ do_execsql_sync_test 1.20.1 { INSERT INTO t1 VALUES(38, 39) } [ expected_sync_count 4 ]
+ do_execsql_sync_test 1.20.2 { INSERT INTO t1 VALUES(40, 41) } [ expected_sync_count 4 ]
do_execsql_test 1.20.3 { PRAGMA main.synchronous } 2
}

291
0007-sqlite-CVE-2018-20346.patch Normal file
View File

@ -0,0 +1,291 @@
Index: ext/fts3/fts3.c
==================================================================
--- ext/fts3/fts3.c
+++ ext/fts3/fts3.c
@@ -1819,11 +1819,11 @@
){
int rc = SQLITE_OK; /* Return code */
const char *zCsr = zNode; /* Cursor to iterate through node */
const char *zEnd = &zCsr[nNode];/* End of interior node buffer */
char *zBuffer = 0; /* Buffer to load terms into */
- int nAlloc = 0; /* Size of allocated buffer */
+ i64 nAlloc = 0; /* Size of allocated buffer */
int isFirstTerm = 1; /* True when processing first term on page */
sqlite3_int64 iChild; /* Block id of child node to descend to */
/* Skip over the 'height' varint that occurs at the start of every
** interior node. Then load the blockid of the left-child of the b-tree
@@ -1857,18 +1857,18 @@
}
isFirstTerm = 0;
zCsr += fts3GetVarint32(zCsr, &nSuffix);
assert( nPrefix>=0 && nSuffix>=0 );
- if( &zCsr[nSuffix]>zEnd ){
+ if( nPrefix>zCsr-zNode || nSuffix>zEnd-zCsr ){
rc = FTS_CORRUPT_VTAB;
goto finish_scan;
}
- if( nPrefix+nSuffix>nAlloc ){
+ if( (i64)nPrefix+nSuffix>nAlloc ){
char *zNew;
- nAlloc = (nPrefix+nSuffix) * 2;
- zNew = (char *)sqlite3_realloc(zBuffer, nAlloc);
+ nAlloc = ((i64)nPrefix+nSuffix) * 2;
+ zNew = (char *)sqlite3_realloc64(zBuffer, nAlloc);
if( !zNew ){
rc = SQLITE_NOMEM;
goto finish_scan;
}
zBuffer = zNew;
Index: ext/fts3/fts3_write.c
==================================================================
--- ext/fts3/fts3_write.c
+++ ext/fts3/fts3_write.c
@@ -1372,19 +1372,23 @@
/* Because of the FTS3_NODE_PADDING bytes of padding, the following is
** safe (no risk of overread) even if the node data is corrupted. */
pNext += fts3GetVarint32(pNext, &nPrefix);
pNext += fts3GetVarint32(pNext, &nSuffix);
- if( nPrefix<0 || nSuffix<=0
- || &pNext[nSuffix]>&pReader->aNode[pReader->nNode]
+ if( nSuffix<=0
+ || (&pReader->aNode[pReader->nNode] - pNext)<nSuffix
+ || nPrefix>pReader->nTermAlloc
){
return FTS_CORRUPT_VTAB;
}
- if( nPrefix+nSuffix>pReader->nTermAlloc ){
- int nNew = (nPrefix+nSuffix)*2;
- char *zNew = sqlite3_realloc(pReader->zTerm, nNew);
+ /* Both nPrefix and nSuffix were read by fts3GetVarint32() and so are
+ ** between 0 and 0x7FFFFFFF. But the sum of the two may cause integer
+ ** overflow - hence the (i64) casts. */
+ if( (i64)nPrefix+nSuffix>(i64)pReader->nTermAlloc ){
+ i64 nNew = ((i64)nPrefix+nSuffix)*2;
+ char *zNew = sqlite3_realloc64(pReader->zTerm, nNew);
if( !zNew ){
return SQLITE_NOMEM;
}
pReader->zTerm = zNew;
pReader->nTermAlloc = nNew;
@@ -1402,11 +1406,11 @@
/* Check that the doclist does not appear to extend past the end of the
** b-tree node. And that the final byte of the doclist is 0x00. If either
** of these statements is untrue, then the data structure is corrupt.
*/
- if( &pReader->aDoclist[pReader->nDoclist]>&pReader->aNode[pReader->nNode]
+ if( (&pReader->aNode[pReader->nNode] - pReader->aDoclist)<pReader->nDoclist
|| (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1])
){
return FTS_CORRUPT_VTAB;
}
return SQLITE_OK;
@@ -3728,25 +3732,30 @@
if( bFirst==0 ){
p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nPrefix);
}
p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nSuffix);
+ if( nPrefix>p->iOff || nSuffix>p->nNode-p->iOff ){
+ return SQLITE_CORRUPT_VTAB;
+ }
blobGrowBuffer(&p->term, nPrefix+nSuffix, &rc);
if( rc==SQLITE_OK ){
memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix);
p->term.n = nPrefix+nSuffix;
p->iOff += nSuffix;
if( p->iChild==0 ){
p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &p->nDoclist);
+ if( (p->nNode-p->iOff)<p->nDoclist ){
+ return SQLITE_CORRUPT_VTAB;
+ }
p->aDoclist = &p->aNode[p->iOff];
p->iOff += p->nDoclist;
}
}
}
assert( p->iOff<=p->nNode );
-
return rc;
}
/*
** Release all dynamic resources held by node-reader object *p.
ADDED test/fts3corrupt4.test
Index: test/fts3corrupt4.test
==================================================================
--- test/fts3corrupt4.test
+++ test/fts3corrupt4.test
@@ -0,0 +1,147 @@
+# 2006 September 9
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#*************************************************************************
+# This file implements regression tests for SQLite library. The
+# focus of this script is testing the FTS3 module.
+#
+# $Id: fts3aa.test,v 1.1 2007/08/20 17:38:42 shess Exp $
+#
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+set testprefix fts3corrupt4
+
+# If SQLITE_ENABLE_FTS3 is defined, omit this file.
+ifcapable !fts3 {
+ finish_test
+ return
+}
+
+do_execsql_test 1.0 {
+ BEGIN;
+ CREATE VIRTUAL TABLE ft USING fts3;
+ INSERT INTO ft VALUES('aback');
+ INSERT INTO ft VALUES('abaft');
+ INSERT INTO ft VALUES('abandon');
+ COMMIT;
+}
+
+proc blob {a} { binary decode hex $a }
+db func blob blob
+
+do_execsql_test 1.1 {
+ SELECT quote(root) FROM ft_segdir;
+} {X'0005616261636B03010200030266740302020003046E646F6E03030200'}
+
+do_execsql_test 1.2 {
+ UPDATE ft_segdir SET root = blob(
+ '0005616261636B03010200 FFFFFFFF0702 66740302020003046E646F6E03030200'
+ );
+}
+
+do_catchsql_test 1.3 {
+ SELECT * FROM ft WHERE ft MATCH 'abandon';
+} {1 {database disk image is malformed}}
+
+#-------------------------------------------------------------------------
+reset_db
+do_execsql_test 2.0.0 {
+ CREATE VIRTUAL TABLE ft USING fts3;
+ INSERT INTO ft(ft) VALUES('nodesize=32');
+}
+do_test 2.0.1 {
+ for {set i 0} {$i < 12} {incr i} {
+ execsql {
+ BEGIN;
+ INSERT INTO ft VALUES('abc' || $i);
+ INSERT INTO ft VALUES('abc' || $i || 'x' );
+ INSERT INTO ft VALUES('abc' || $i || 'xx' );
+ COMMIT
+ }
+ }
+ execsql {
+ SELECT count(*) FROM ft_segdir;
+ SELECT count(*) FROM ft_segments;
+ }
+} {12 0}
+
+do_execsql_test 2.1 {
+ INSERT INTO ft(ft) VALUES('merge=1,4');
+ SELECT count(*) FROM ft_segdir;
+ SELECT count(*) FROM ft_segments;
+} {12 3}
+
+do_execsql_test 2.2 {
+ SELECT quote(block) FROM ft_segments WHERE blockid=2
+} {X'00056162633130031F0200'}
+
+db func blob blob
+do_execsql_test 2.3.1 {
+ UPDATE ft_segments SET block =
+ blob('00056162633130031F0200 FFFFFFFF07FF55 66740302020003046E646F6E03030200')
+ WHERE blockid=2;
+} {}
+do_catchsql_test 2.3.2 {
+ INSERT INTO ft(ft) VALUES('merge=1,4');
+} {1 {database disk image is malformed}}
+
+do_execsql_test 2.4.1 {
+ UPDATE ft_segments SET block =
+ blob('00056162633130031F0200 02FFFFFFFF07 66740302020003046E646F6E03030200')
+ WHERE blockid=2;
+} {}
+do_catchsql_test 2.4.2 {
+ INSERT INTO ft(ft) VALUES('merge=1,4');
+} {1 {database disk image is malformed}}
+
+do_execsql_test 2.5.1 {
+ UPDATE ft_segments SET block =
+ blob('00056162633130031F0200 0202 6674 FFFFFF070302020003046E646F6E030200')
+ WHERE blockid=2;
+} {}
+do_catchsql_test 2.5.2 {
+ INSERT INTO ft(ft) VALUES('merge=1,4');
+} {1 {database disk image is malformed}}
+
+#-------------------------------------------------------------------------
+reset_db
+do_execsql_test 3.0.0 {
+ CREATE VIRTUAL TABLE ft USING fts3;
+ INSERT INTO ft(ft) VALUES('nodesize=32');
+}
+do_test 3.0.1 {
+ execsql BEGIN
+ for {set i 0} {$i < 20} {incr i} {
+ execsql { INSERT INTO ft VALUES('abc' || $i) }
+ }
+ execsql {
+ COMMIT;
+ SELECT count(*) FROM ft_segdir;
+ SELECT count(*) FROM ft_segments;
+ }
+} {1 5}
+
+do_execsql_test 3.1 {
+ SELECT quote(root) FROM ft_segdir
+} {X'0101056162633132040136030132030136'}
+
+db func blob blob
+do_execsql_test 3.2 {
+ UPDATE ft_segdir
+ SET root = blob('0101056162633132FFFFFFFF070236030132030136');
+}
+
+do_catchsql_test 3.1 {
+ SELECT * FROM ft WHERE ft MATCH 'abc20'
+} {1 {database disk image is malformed}}
+
+finish_test
+
+
Index: test/permutations.test
==================================================================
--- test/permutations.test
+++ test/permutations.test
@@ -253,10 +253,11 @@
fts3ae.test fts3af.test fts3ag.test fts3ah.test
fts3ai.test fts3aj.test fts3ak.test fts3al.test
fts3am.test fts3an.test fts3ao.test fts3atoken.test
fts3auto.test fts3aux1.test fts3aux2.test fts3b.test
fts3comp1.test fts3conf.test fts3corrupt2.test fts3corrupt.test
+ fts3corrupt4.test
fts3cov.test fts3c.test fts3defer2.test fts3defer3.test
fts3defer.test fts3drop.test fts3d.test fts3e.test
fts3expr2.test fts3expr3.test fts3expr4.test fts3expr5.test
fts3expr.test fts3fault2.test fts3fault.test fts3first.test
fts3join.test fts3malloc.test fts3matchinfo.test fts3near.test

46
6000-Fix-the-sqlite3BeginTrans-calls-within-the-snapshot-.patch Normal file
View File

@ -0,0 +1,46 @@
From 8b729f3011e608c73624ce823a3f8d811f4684cb Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Wed, 6 Jun 2018 18:50:50 +0000
Subject: [PATCH 0037/1009] Fix the sqlite3BeginTrans() calls within the
snapshot extension.
From https://github.com/mackyle/sqlite/commit/8b729f3011e608c73624ce823a3f8d811f4684cb
---
src/main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/main.c b/src/main.c
index 8e89cc5..a2b994f 100644
--- a/src/main.c
+++ b/src/main.c
@@ -4115,7 +4115,7 @@ int sqlite3_snapshot_get(
if( iDb==0 || iDb>1 ){
Btree *pBt = db->aDb[iDb].pBt;
if( 0==sqlite3BtreeIsInTrans(pBt) ){
- rc = sqlite3BtreeBeginTrans(pBt, 0);
+ rc = sqlite3BtreeBeginTrans(pBt, 0, 0);
if( rc==SQLITE_OK ){
rc = sqlite3PagerSnapshotGet(sqlite3BtreePager(pBt), ppSnapshot);
}
@@ -4153,7 +4153,7 @@ int sqlite3_snapshot_open(
if( 0==sqlite3BtreeIsInReadTrans(pBt) ){
rc = sqlite3PagerSnapshotOpen(sqlite3BtreePager(pBt), pSnapshot);
if( rc==SQLITE_OK ){
- rc = sqlite3BtreeBeginTrans(pBt, 0);
+ rc = sqlite3BtreeBeginTrans(pBt, 0, 0);
sqlite3PagerSnapshotOpen(sqlite3BtreePager(pBt), 0);
}
}
@@ -4185,7 +4185,7 @@ int sqlite3_snapshot_recover(sqlite3 *db, const char *zDb){
if( iDb==0 || iDb>1 ){
Btree *pBt = db->aDb[iDb].pBt;
if( 0==sqlite3BtreeIsInReadTrans(pBt) ){
- rc = sqlite3BtreeBeginTrans(pBt, 0);
+ rc = sqlite3BtreeBeginTrans(pBt, 0, 0);
if( rc==SQLITE_OK ){
rc = sqlite3PagerSnapshotRecover(sqlite3BtreePager(pBt));
sqlite3BtreeCommit(pBt);
--
1.8.3.1

28
6001-Change-a-comma-into-a-logically-equivalent-but-seman.patch Normal file
View File

@ -0,0 +1,28 @@
From 06a87a928ee3f272e1a25f15a8a55ad55da636f3 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Wed, 6 Jun 2018 23:31:26 +0000
Subject: [PATCH 0042/1009] Change a comma into a logically equivalent but
semantically clearer semicolon.
From https://github.com/mackyle/sqlite/commit/06a87a928ee3f272e1a25f15a8a55ad55da636f3
---
src/alter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/alter.c b/src/alter.c
index 51d4a40..f338e8b 100644
--- a/src/alter.c
+++ b/src/alter.c
@@ -142,7 +142,7 @@ static void renameParentFunc(
}
}
- zResult = sqlite3MPrintf(db, "%s%s", (zOutput?zOutput:""), zInput),
+ zResult = sqlite3MPrintf(db, "%s%s", (zOutput?zOutput:""), zInput);
sqlite3_result_text(context, zResult, -1, SQLITE_DYNAMIC);
sqlite3DbFree(db, zOutput);
}
--
1.8.3.1

27
6002-Fix-a-typo-in-the-amalgamation-autoconf-file.patch Normal file
View File

@ -0,0 +1,27 @@
From 41e8f704c9afd4b9601ac3da2c5c1d6387346806 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Sat, 9 Jun 2018 20:52:45 +0000
Subject: [PATCH 0064/1009] Fix a typo in the amalgamation autoconf file.
From https://github.com/mackyle/sqlite/commit/41e8f704c9afd4b9601ac3da2c5c1d6387346806
---
autoconf/configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/autoconf/configure.ac b/autoconf/configure.ac
index 8ba2218..76579c0 100644
--- a/autoconf/configure.ac
+++ b/autoconf/configure.ac
@@ -153,7 +153,7 @@ AC_SUBST(SESSION_FLAGS)
#
AC_ARG_ENABLE(debug, [AS_HELP_STRING(
[--enable-debug], [build with debugging features enabled [default=no]])],
- [], [enable_session=no])
+ [], [enable_debug=no])
if test x"$enable_debug" = "xyes"; then
DEBUG_FLAGS="-DSQLITE_DEBUG -DSQLITE_ENABLE_SELECTTRACE -DSQLITE_ENABLE_WHERETRACE"
fi
--
1.8.3.1

27
6003-Fix-typo-in-the-normalize-extension.patch Normal file
View File

@ -0,0 +1,27 @@
From c0506beeac8e92586d1dcdaa0aceeed366c8b62d Mon Sep 17 00:00:00 2001
From: Joe Mistachkin <sqlite@mistachkin.com>
Date: Mon, 18 Jun 2018 19:09:30 +0000
Subject: [PATCH 0096/1009] Fix typo in the 'normalize' extension.
From https://github.com/mackyle/sqlite/commit/c0506beeac8e92586d1dcdaa0aceeed366c8b62d
---
ext/misc/normalize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/misc/normalize.c b/ext/misc/normalize.c
index fd656f1..5997ec1 100644
--- a/ext/misc/normalize.c
+++ b/ext/misc/normalize.c
@@ -593,7 +593,7 @@ char *sqlite3_normalize(const char *zSql){
}
}
while( j>0 && z[j-1]==' ' ){ j--; }
- if( i>0 && z[j-1]!=';' ){ z[j++] = ';'; }
+ if( j>0 && z[j-1]!=';' ){ z[j++] = ';'; }
z[j] = 0;
/* Make a second pass converting "in(...)" where the "..." is not a
--
1.8.3.1

67
6004-Fix-a-minor-problem-in-the-code-for-determining-whet.patch Normal file
View File

@ -0,0 +1,67 @@
From 9627c47a03bfa5aa59fa59b1ef37d8fa524fd9f2 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Sat, 30 Jun 2018 20:00:35 +0000
Subject: [PATCH 0121/1009] Fix a minor problem in the code for determining
whether or not an SQL statement is SQLITE_TOOBIG.
From https://github.com/mackyle/sqlite/commit/9627c47a03bfa5aa59fa59b1ef37d8fa524fd9f2
---
src/alter.c | 4 ++--
src/tokenize.c | 7 ++++++-
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/alter.c b/src/alter.c
index f338e8b..2d7a5d6 100644
--- a/src/alter.c
+++ b/src/alter.c
@@ -74,7 +74,7 @@ static void renameTableFunc(
zCsr += len;
len = sqlite3GetToken(zCsr, &token);
} while( token==TK_SPACE );
- assert( len>0 );
+ assert( len>0 || !*zCsr );
} while( token!=TK_LP && token!=TK_USING );
zRet = sqlite3MPrintf(db, "%.*s\"%w\"%s", (int)(((u8*)tname.z) - zSql),
@@ -198,7 +198,7 @@ static void renameTriggerFunc(
zCsr += len;
len = sqlite3GetToken(zCsr, &token);
}while( token==TK_SPACE );
- assert( len>0 );
+ assert( len>0 || !*zCsr );
/* Variable 'dist' stores the number of tokens read since the most
** recent TK_DOT or TK_ON. This means that when a WHEN, FOR or BEGIN
diff --git a/src/tokenize.c b/src/tokenize.c
index 15678ed..fc5989c 100644
--- a/src/tokenize.c
+++ b/src/tokenize.c
@@ -54,11 +54,12 @@
#define CC_TILDA 25 /* '~' */
#define CC_DOT 26 /* '.' */
#define CC_ILLEGAL 27 /* Illegal character */
+#define CC_NUL 28 /* 0x00 */
static const unsigned char aiClass[] = {
#ifdef SQLITE_ASCII
/* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */
-/* 0x */ 27, 27, 27, 27, 27, 27, 27, 27, 27, 7, 7, 27, 7, 7, 27, 27,
+/* 0x */ 28, 27, 27, 27, 27, 27, 27, 27, 27, 7, 7, 27, 7, 7, 27, 27,
/* 1x */ 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
/* 2x */ 7, 15, 8, 5, 4, 22, 24, 8, 17, 18, 21, 20, 23, 11, 26, 16,
/* 3x */ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 5, 19, 12, 14, 13, 6,
@@ -532,6 +533,10 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){
i = 1;
break;
}
+ case CC_NUL: {
+ *tokenType = TK_ILLEGAL;
+ return 0;
+ }
default: {
*tokenType = TK_ILLEGAL;
return 1;
--
1.8.3.1

29
6005-Quick-patch-to-the-Lemon-parser-template-to-avoid-an.patch Normal file
View File

@ -0,0 +1,29 @@
From 7173baee93fed1c0a20bb02350c22ab219e4654b Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Sun, 1 Jul 2018 16:05:40 +0000
Subject: [PATCH 0123/1009] Quick patch to the Lemon parser template to avoid
an array overread reported by OSSFuzz. A proper fix involves enhancements to
the table generators in Lemon to make the overread impossible. That fix will
take longer to implement. The current check-in is a stop-gap.
From https://github.com/mackyle/sqlite/commit/7173baee93fed1c0a20bb02350c22ab219e4654b
---
tool/lempar.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tool/lempar.c b/tool/lempar.c
index 450dcde..e19aba4 100644
--- a/tool/lempar.c
+++ b/tool/lempar.c
@@ -550,6 +550,7 @@ static YYACTIONTYPE yy_find_shift_action(
#if YY_SHIFT_MAX+YYWILDCARD>=YY_ACTTAB_COUNT
j<YY_ACTTAB_COUNT &&
#endif
+ j<sizeof(yy_lookahead)/sizeof(yy_lookahead[0]) &&
yy_lookahead[j]==YYWILDCARD && iLookAhead>0
){
#ifndef NDEBUG
--
1.8.3.1

28
6006-Fix-typo-in-the-Win32-specific-code-for-the-fileio-e.patch Normal file
View File

@ -0,0 +1,28 @@
From 8a6d814cd2574e878ab45c8bbf209212bd705e47 Mon Sep 17 00:00:00 2001
From: Joe Mistachkin <sqlite@mistachkin.com>
Date: Sat, 8 Sep 2018 16:53:47 +0000
Subject: [PATCH 0352/1009] Fix typo in the Win32-specific code for the fileio
extension.
https://github.com/mackyle/sqlite/commit/8a6d814cd2574e878ab45c8bbf209212bd705e47
---
ext/misc/fileio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/misc/fileio.c b/ext/misc/fileio.c
index b734ca0..816a353 100644
--- a/ext/misc/fileio.c
+++ b/ext/misc/fileio.c
@@ -204,7 +204,7 @@ static void statTimesToUtc(
extern LPWSTR sqlite3_win32_utf8_to_unicode(const char*);
zUnicodeName = sqlite3_win32_utf8_to_unicode(zPath);
if( zUnicodeName ){
- memset(&fd, 0, sizeof(WIN32_FIND_DATA));
+ memset(&fd, 0, sizeof(WIN32_FIND_DATAW));
hFindFile = FindFirstFileW(zUnicodeName, &fd);
if( hFindFile!=NULL ){
pStatBuf->st_ctime = (time_t)fileTimeToUnixTime(&fd.ftCreationTime);
--
1.8.3.1

55
6007-Fix-a-problem-causing-ENABLE_CURSOR_HINTS-builds-to-.patch Normal file
View File

@ -0,0 +1,55 @@
From 8bc9e8b38de805a0c02db12c6afe796a47b22747 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Tue, 11 Sep 2018 13:38:35 +0000
Subject: [PATCH 0363/1009] Fix a problem causing ENABLE_CURSOR_HINTS builds to
segfault.
https://github.com/mackyle/sqlite/commit/8bc9e8b38de805a0c02db12c6afe796a47b22747
---
src/wherecode.c | 4 +---
test/cursorhint2.test | 15 +++++++++++++++
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/src/wherecode.c b/src/wherecode.c
index 8251923..07de2c6 100644
--- a/src/wherecode.c
+++ b/src/wherecode.c
@@ -886,9 +886,7 @@ static int codeCursorHintFixExpr(Walker *pWalker, Expr *pExpr){
if( pExpr->iTable!=pHint->iTabCur ){
Vdbe *v = pWalker->pParse->pVdbe;
int reg = ++pWalker->pParse->nMem; /* Register for column value */
- sqlite3ExprCodeGetColumnOfTable(
- v, pExpr->pTab, pExpr->iTable, pExpr->iColumn, reg
- );
+ sqlite3ExprCode(pWalker->pParse, pExpr, reg);
pExpr->op = TK_REGISTER;
pExpr->iTable = reg;
}else if( pHint->pIdx!=0 ){
diff --git a/test/cursorhint2.test b/test/cursorhint2.test
index 0175568..a78d151 100644
--- a/test/cursorhint2.test
+++ b/test/cursorhint2.test
@@ -186,4 +186,19 @@ do_extract_hints_test 2.12 {
x2 {EQ(c0,r[2])}
}
+reset_db
+do_execsql_test 3.0 {
+ CREATE TABLE t1 (i1 TEXT);
+ CREATE TABLE t2 (i2 TEXT UNIQUE);
+ INSERT INTO t1 VALUES('0');
+ INSERT INTO t2 VALUES('0');
+}
+
+do_extract_hints_test 3.1 {
+ SELECT * FROM t1 CROSS JOIN t2 WHERE (t1.i1 = t2.i2) AND t2.i2 = 1;
+} {
+ t1 {EQ(c0,r[1])} t2 EQ(c0,1)
+}
+
+
finish_test
--
1.8.3.1

33
6008-Fix-a-potential-crash-that-can-occur-while-reading-a.patch Normal file
View File

@ -0,0 +1,33 @@
From 2b256aaaae3c32e69a5a4c24d7bb22bbc7232f88 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Mon, 1 Oct 2018 13:54:30 +0000
Subject: [PATCH 0435/1009] Fix a potential crash that can occur while reading
an index from a corrupt database file. The corruption is a
record-header-size that is larger than 0x7fffffff. Problem detected by
OSSFuzz against GDAL and reported to us (with a suggested fix) by Even
Rouault. The test case is in TH3.
https://github.com/mackyle/sqlite/commit/2b256aaaae3c32e69a5a4c24d7bb22bbc7232f88
---
src/vdbeaux.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index 5ec3d13..99df435 100644
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -4557,7 +4557,9 @@ int sqlite3VdbeIdxRowid(sqlite3 *db, BtCursor *pCur, i64 *rowid){
(void)getVarint32((u8*)m.z, szHdr);
testcase( szHdr==3 );
testcase( szHdr==m.n );
- if( unlikely(szHdr<3 || (int)szHdr>m.n) ){
+ testcase( szHdr>0x7fffffff );
+ assert( m.n>=0 );
+ if( unlikely(szHdr<3 || szHdr>(unsigned)m.n) ){
goto idx_rowid_corruption;
}
--
1.8.3.1

34
6009-In-the-CLI-fix-a-file-descriptor-leak-following-OOM-.patch Normal file
View File

@ -0,0 +1,34 @@
From c0ead185cc44359ecb406e9f7e21b964393f96d8 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Thu, 11 Oct 2018 10:37:24 +0000
Subject: [PATCH 0453/1009] In the CLI, fix a file descriptor leak following
OOM and a missing va_end() call.
---
src/shell.c.in | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/shell.c.in b/src/shell.c.in
index a5ab143..c1db72c 100644
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -3592,7 +3592,7 @@ static char *readFile(const char *zName, int *pnByte){
nIn = ftell(in);
rewind(in);
pBuf = sqlite3_malloc64( nIn+1 );
- if( pBuf==0 ) return 0;
+ if( pBuf==0 ){ fclose(in); return 0; }
nRead = fread(pBuf, nIn, 1, in);
fclose(in);
if( nRead!=1 ){
@@ -4976,6 +4976,7 @@ static void shellPreparePrintf(
char *z;
va_start(ap, zFmt);
z = sqlite3_vmprintf(zFmt, ap);
+ va_end(ap);
if( z==0 ){
*pRc = SQLITE_NOMEM;
}else{
--
1.8.3.1

35
6010-Take-steps-to-avoid-a-potential-integer-overflow-in-.patch Normal file
View File

@ -0,0 +1,35 @@
From 8dba5edb332d9bdf8b856c26404c8043bdfd4192 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 18 Oct 2018 15:17:18 +0000
Subject: [PATCH 0460/1009] Take steps to avoid a potential integer overflow in
sessionBufferGrow().
https://github.com/mackyle/sqlite/commit/8dba5edb332d9bdf8b856c26404c8043bdfd4192
---
ext/session/sqlite3session.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
index 20810ee..a1ca9a7 100644
--- a/ext/session/sqlite3session.c
+++ b/ext/session/sqlite3session.c
@@ -1794,12 +1794,12 @@ int sqlite3session_attach(
static int sessionBufferGrow(SessionBuffer *p, int nByte, int *pRc){
if( *pRc==SQLITE_OK && p->nAlloc-p->nBuf<nByte ){
u8 *aNew;
- int nNew = p->nAlloc ? p->nAlloc : 128;
+ i64 nNew = p->nAlloc ? p->nAlloc : 128;
do {
nNew = nNew*2;
- }while( nNew<(p->nBuf+nByte) );
+ }while( (nNew-p->nBuf)<nByte );
- aNew = (u8 *)sqlite3_realloc(p->aBuf, nNew);
+ aNew = (u8 *)sqlite3_realloc64(p->aBuf, nNew);
if( 0==aNew ){
*pRc = SQLITE_NOMEM;
}else{
--
1.8.3.1

40
6011-Fix-minor-memory-leak-in-the-dbstat-extension-that-c.patch Normal file
View File

@ -0,0 +1,40 @@
From 259c8907624a568bd0faa10687f659c9321f9a05 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Mon, 29 Oct 2018 18:33:42 +0000
Subject: [PATCH 0473/1009] Fix minor memory leak in the dbstat extension that
can occur following an attempt to analyze a corrupt database file.
From https://github.com/mackyle/sqlite/commit/259c8907624a568bd0faa10687f659c9321f9a05
---
src/dbstat.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/dbstat.c b/src/dbstat.c
index 432cfae..b746fa0 100644
--- a/src/dbstat.c
+++ b/src/dbstat.c
@@ -254,7 +254,7 @@ static int statOpen(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor){
return SQLITE_OK;
}
-static void statClearPage(StatPage *p){
+static void statClearCells(StatPage *p){
int i;
if( p->aCell ){
for(i=0; i<p->nCell; i++){
@@ -262,6 +262,11 @@ static void statClearPage(StatPage *p){
}
sqlite3_free(p->aCell);
}
+ p->nCell = 0;
+ p->aCell = 0;
+}
+static void statClearPage(StatPage *p){
+ statClearCells(p);
sqlite3PagerUnref(p->pPg);
sqlite3_free(p->zPath);
memset(p, 0, sizeof(StatPage));
--
1.8.3.1

85
6012-Fix-a-failing-assert-in-sqlite3ResetAllSchemasOfConn.patch Normal file
View File

@ -0,0 +1,85 @@
From 54e058c2c503364cd316bf9c73e253dffa5285a4 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Tue, 27 Nov 2018 19:47:55 +0000
Subject: [PATCH 0548/1009] Fix a failing assert() in
sqlite3ResetAllSchemasOfConnection().
https://github.com/mackyle/sqlite/commit/54e058c2c503364cd316bf9c73e253dffa5285a4
---
src/build.c | 11 ++++++++---
test/vtab_err.test | 23 ++++++++++++++++++++++-
2 files changed, 30 insertions(+), 4 deletions(-)
diff --git a/src/build.c b/src/build.c
index fca5a92..bed8295 100644
--- a/src/build.c
+++ b/src/build.c
@@ -544,17 +544,22 @@ void sqlite3ResetOneSchema(sqlite3 *db, int iDb){
void sqlite3ResetAllSchemasOfConnection(sqlite3 *db){
int i;
sqlite3BtreeEnterAll(db);
- assert( db->nSchemaLock==0 );
for(i=0; i<db->nDb; i++){
Db *pDb = &db->aDb[i];
if( pDb->pSchema ){
- sqlite3SchemaClear(pDb->pSchema);
+ if( db->nSchemaLock==0 ){
+ sqlite3SchemaClear(pDb->pSchema);
+ }else{
+ DbSetProperty(db, i, DB_ResetWanted);
+ }
}
}
db->mDbFlags &= ~(DBFLAG_SchemaChange|DBFLAG_SchemaKnownOk);
sqlite3VtabUnlockList(db);
sqlite3BtreeLeaveAll(db);
- sqlite3CollapseDatabaseArray(db);
+ if( db->nSchemaLock==0 ){
+ sqlite3CollapseDatabaseArray(db);
+ }
}
/*
diff --git a/test/vtab_err.test b/test/vtab_err.test
index cb40acd..cfc5fc3 100644
--- a/test/vtab_err.test
+++ b/test/vtab_err.test
@@ -20,7 +20,6 @@ ifcapable !vtab {
}
-
unset -nocomplain echo_module_begin_fail
do_ioerr_test vtab_err-1 -tclprep {
register_echo_module [sqlite3_connection_pointer db]
@@ -63,4 +62,26 @@ do_malloc_test vtab_err-2 -tclprep {
sqlite3_memdebug_fail -1
+reset_db
+register_echo_module [sqlite3_connection_pointer db]
+do_execsql_test vtab_err-3.0 {
+ CREATE TABLE r(a PRIMARY KEY, b, c);
+ CREATE VIRTUAL TABLE e USING echo(r);
+}
+faultsim_save_and_close
+
+do_faultsim_test vtab_err-3 -faults oom-t* -prep {
+ faultsim_restore_and_reopen
+ register_echo_module [sqlite3_connection_pointer db]
+} -body {
+ execsql {
+ BEGIN;
+ CREATE TABLE xyz(x);
+ SELECT a FROM e;
+ COMMIT;
+ }
+} -test {
+ faultsim_test_result {0 {}}
+}
+
finish_test
--
1.8.3.1

32
6013-Fix-a-parser-bug-in-the-use-of-parentheses-around-ta.patch Normal file
View File

@ -0,0 +1,32 @@
From f75ff65c0027041b95647acdb86abf0dc1158f55 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Mon, 3 Dec 2018 01:47:41 +0000
Subject: [PATCH 0562/1009] Fix a parser bug in the use of parentheses around
table-valued functions.
https://github.com/mackyle/sqlite/commit/f75ff65c0027041b95647acdb86abf0dc1158f55
---
src/parse.y | 6 ++++++
1 files changed, 6 insertions(+), 0 deletion(-)
diff --git a/src/parse.y b/src/parse.y
index b150c73..3bb28ab 100644
--- a/src/parse.y
+++ b/src/parse.y
@@ -664,6 +664,12 @@ seltablist(A) ::= stl_prefix(A) nm(Y) dbnm(D) LP exprlist(E) RP as(Z)
pNew->zName = pOld->zName;
pNew->zDatabase = pOld->zDatabase;
pNew->pSelect = pOld->pSelect;
+ if( pOld->fg.isTabFunc ){
+ pNew->u1.pFuncArg = pOld->u1.pFuncArg;
+ pOld->u1.pFuncArg = 0;
+ pOld->fg.isTabFunc = 0;
+ pNew->fg.isTabFunc = 1;
+ }
pOld->zName = pOld->zDatabase = 0;
pOld->pSelect = 0;
}
--
1.8.3.1

41
6014-Fix-possible-integer-overflow-while-running-PRAGMA-i.patch Normal file
View File

@ -0,0 +1,41 @@
From 3bb789ba44d04e5c7d02abdfce6ff2e51f566db2 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Fri, 14 Dec 2018 17:57:01 +0000
Subject: [PATCH 0626/1009] Fix possible integer overflow while running PRAGMA
integrity_check on a database file with a badly corrupted freelist.
https://github.com/mackyle/sqlite/commit/3bb789ba44d04e5c7d02abdfce6ff2e51f566db2
---
src/btree.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/btree.c b/src/btree.c
index 8b3375e..24a274c 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -9414,18 +9414,18 @@ static void checkList(
}
pOvflData = (unsigned char *)sqlite3PagerGetData(pOvflPage);
if( isFreeList ){
- int n = get4byte(&pOvflData[4]);
+ u32 n = (u32)get4byte(&pOvflData[4]);
#ifndef SQLITE_OMIT_AUTOVACUUM
if( pCheck->pBt->autoVacuum ){
checkPtrmap(pCheck, iPage, PTRMAP_FREEPAGE, 0);
}
#endif
- if( n>(int)pCheck->pBt->usableSize/4-2 ){
+ if( n>pCheck->pBt->usableSize/4-2 ){
checkAppendMsg(pCheck,
"freelist leaf count too big on page %d", iPage);
N--;
}else{
- for(i=0; i<n; i++){
+ for(i=0; i<(int)n; i++){
Pgno iFreePage = get4byte(&pOvflData[8+i*4]);
#ifndef SQLITE_OMIT_AUTOVACUUM
if( pCheck->pBt->autoVacuum ){
--
1.8.3.1

54
6015-Fix-a-segfault-caused-by-using-the-RAISE-function-in.patch Normal file
View File

@ -0,0 +1,54 @@
From af72ceaf22e73fd78e32ef439c1869292b94aaa1 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 20 Dec 2018 15:04:38 +0000
Subject: [PATCH 0631/1009] Fix a segfault caused by using the RAISE function
incorrectly (library now returns an error instead of crashing).
https://github.com/mackyle/sqlite/commit/af72ceaf22e73fd78e32ef439c1869292b94aaa1
---
src/expr.c | 2 +-
test/triggerC.test | 16 ++++++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/src/expr.c b/src/expr.c
index 5d36502..b1a06bd 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -4745,7 +4745,7 @@ int sqlite3ExprCompare(Parse *pParse, Expr *pA, Expr *pB, int iTab){
}
return 2;
}
- if( pA->op!=pB->op ){
+ if( pA->op!=pB->op || pA->op==TK_RAISE ){
if( pA->op==TK_COLLATE && sqlite3ExprCompare(pParse, pA->pLeft,pB,iTab)<2 ){
return 1;
}
diff --git a/test/triggerC.test b/test/triggerC.test
index 3e47521..49d4eca 100644
--- a/test/triggerC.test
+++ b/test/triggerC.test
@@ -1042,4 +1042,20 @@ do_execsql_test 15.2.1 {
do_execsql_test 15.2.2 { SELECT * FROM x2; } {1 2 3 4}
do_execsql_test 15.2.3 { SELECT * FROM """x2"""; } {3 11 x y}
+#-------------------------------------------------------------------------
+# At one point queries such as the following were causing segfaults.
+#
+do_catchsql_test 16.1 {
+ SELECT raise(ABORT, 'msg') FROM sqlite_master
+ UNION SELECT 1
+ ORDER BY raise(IGNORE);
+} {1 {1st ORDER BY term does not match any column in the result set}}
+
+do_catchsql_test 16.2 {
+ SELECT count(*) FROM sqlite_master
+ GROUP BY raise(IGNORE)
+ HAVING raise(ABORT, 'msg');
+} {1 {RAISE() may only be used within a trigger-program}}
+
finish_test
+
--
1.8.3.1

34
6016-Fix-another-problem-with-corrupt-database-handling-i.patch Normal file
View File

@ -0,0 +1,34 @@
From 16f6aeb0a017f8406ca9de7224f8c8fe6d5ee30e Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 27 Dec 2018 20:12:02 +0000
Subject: [PATCH 0684/1009] Fix another problem with corrupt database handling
in fts5.
https://github.com/mackyle/sqlite/commit/16f6aeb0a017f8406ca9de7224f8c8fe6d5ee30e
---
ext/fts5/fts5_index.c | 3 +-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index acf2db2..c5fe01b 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -1649,12 +1649,13 @@ static void fts5SegIterLoadTerm(Fts5Index *p, Fts5SegIter *pIter, int nKeep){
int nNew; /* Bytes of new data */
iOff += fts5GetVarint32(&a[iOff], nNew);
- if( iOff+nNew>pIter->pLeaf->nn ){
+ if( iOff+nNew>pIter->pLeaf->nn || nKeep>pIter->term.n ){
p->rc = FTS5_CORRUPT;
return;
}
pIter->term.n = nKeep;
fts5BufferAppendBlob(&p->rc, &pIter->term, nNew, &a[iOff]);
+ assert( pIter->term.n<=pIter->term.nSpace );
iOff += nNew;
pIter->iTermLeafOffset = iOff;
pIter->iTermLeafPgno = pIter->iLeafPgno;
--
1.8.3.1

43
6017-Fix-a-buffer-overwrite-in-fts5-triggered-by-a-corrup.patch Normal file
View File

@ -0,0 +1,43 @@
From 1d41f8f6d718cd93b0bd55e72f0a919b1c6e1388 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Fri, 28 Dec 2018 13:57:30 +0000
Subject: [PATCH 0686/1009] Fix a buffer overwrite in fts5 triggered by a
corrupt database.
https://github.com/mackyle/sqlite/commit/1d41f8f6d718cd93b0bd55e72f0a919b1c6e1388
---
ext/fts5/fts5_index.c | 5 +-
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 6bd18c5..3361b19 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -3902,6 +3902,7 @@ static void fts5WriteAppendTerm(
int nPrefix; /* Bytes of prefix compression for term */
Fts5PageWriter *pPage = &pWriter->writer;
Fts5Buffer *pPgidx = &pWriter->writer.pgidx;
+ int nMin = MIN(pPage->term.n, nTerm);
assert( p->rc==SQLITE_OK );
assert( pPage->buf.n>=4 );
@@ -3943,13 +3944,13 @@ static void fts5WriteAppendTerm(
** inefficient, but still correct. */
int n = nTerm;
if( pPage->term.n ){
- n = 1 + fts5PrefixCompress(pPage->term.n, pPage->term.p, pTerm);
+ n = 1 + fts5PrefixCompress(nMin, pPage->term.p, pTerm);
}
fts5WriteBtreeTerm(p, pWriter, n, pTerm);
pPage = &pWriter->writer;
}
}else{
- nPrefix = fts5PrefixCompress(pPage->term.n, pPage->term.p, pTerm);
+ nPrefix = fts5PrefixCompress(nMin, pPage->term.p, pTerm);
fts5BufferAppendVarint(&p->rc, &pPage->buf, nPrefix);
}
--
1.8.3.1

40
6018-Fix-another-case-in-fts5-where-a-corrupt-database-co.patch Normal file
View File

@ -0,0 +1,40 @@
From 3af43610d9406dfc859f7aca5a3c6441c852911b Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Tue, 1 Jan 2019 13:59:34 +0000
Subject: [PATCH 0698/1009] Fix another case in fts5 where a corrupt database
could cause a buffer overread.
https://github.com/mackyle/sqlite/commit/3af43610d9406dfc859f7aca5a3c6441c852911b
---
ext/fts5/fts5_index.c | 6 +-
1 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index f786e8d..6ce9844 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -2311,6 +2311,7 @@ static void fts5LeafSeek(
iPgidx += fts5GetVarint32(&pIter->pLeaf->p[iPgidx], iOff);
if( iOff<4 || iOff>=pIter->pLeaf->szLeaf ){
p->rc = FTS5_CORRUPT;
+ return;
}else{
nKeep = 0;
iTermOff = iOff;
@@ -2323,8 +2324,11 @@ static void fts5LeafSeek(
}
search_success:
-
pIter->iLeafOffset = iOff + nNew;
+ if( pIter->iLeafOffset>n ){
+ p->rc = FTS5_CORRUPT;
+ return;
+ }
pIter->iTermLeafOffset = pIter->iLeafOffset;
pIter->iTermLeafPgno = pIter->iLeafPgno;
--
1.8.3.1

28
6019-Fix-another-potential-buffer-overread-in-fts5.patch Normal file
View File

@ -0,0 +1,28 @@
From 3ad151ae6c0d1c8158c2df9fd11fab0cd0075d6f Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Mon, 7 Jan 2019 16:52:00 +0000
Subject: [PATCH 0721/1009] Fix another potential buffer overread in fts5.
https://github.com/mackyle/sqlite/commit/3ad151ae6c0d1c8158c2df9fd11fab0cd0075d6f
---
ext/fts5/fts5_hash.c | 3 +-
1 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c
index 1757061..7e404a8 100644
--- a/ext/fts5/fts5_hash.c
+++ b/ext/fts5/fts5_hash.c
@@ -483,7 +483,8 @@ int sqlite3Fts5HashQuery(
for(p=pHash->aSlot[iHash]; p; p=p->pHashNext){
zKey = fts5EntryKey(p);
- if( memcmp(zKey, pTerm, nTerm)==0 && zKey[nTerm]==0 ) break;
+ assert( p->nKey+1==(int)strlen(zKey) );
+ if( nTerm==p->nKey+1 && memcmp(zKey, pTerm, nTerm)==0 ) break;
}
if( p ){
--
1.8.3.1

35
6020-Fix-a-possible-memory-leak-when-trying-to-UPDATE-a-c.patch Normal file
View File

@ -0,0 +1,35 @@
From dc9d6ce103251a827eacde12399418b8dd55ca47 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Tue, 8 Jan 2019 14:28:02 +0000
Subject: [PATCH 0723/1009] Fix a possible memory leak when trying to UPDATE a
corrupt RTREE index.
https://github.com/mackyle/sqlite/commit/dc9d6ce103251a827eacde12399418b8dd55ca47
---
ext/rtree/rtree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c
index ea44ffe..83d1b82 100644
--- a/ext/rtree/rtree.c
+++ b/ext/rtree/rtree.c
@@ -717,7 +717,6 @@ static int nodeAcquire(
pNode->pNext = 0;
rc = sqlite3_blob_read(pRtree->pNodeBlob, pNode->zData,
pRtree->iNodeSize, 0);
- nodeReference(pParent);
}
}
@@ -748,6 +747,7 @@ static int nodeAcquire(
if( rc==SQLITE_OK ){
if( pNode!=0 ){
+ nodeReference(pParent);
nodeHashInsert(pRtree, pNode);
}else{
rc = SQLITE_CORRUPT_VTAB;
--
1.8.3.1

39
6021-Fix-an-out-of-bounds-read-in-SQL-function-fts5_decod.patch Normal file
View File

@ -0,0 +1,39 @@
From 525fdb146b15ef6c42886fccf1b892388c2011d6 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Wed, 9 Jan 2019 21:12:23 +0000
Subject: [PATCH 0730/1009] Fix an out-of-bounds read in SQL function
fts5_decode() that could occur if it was passed a corrupt record.
https://github.com/mackyle/sqlite/commit/525fdb146b15ef6c42886fccf1b892388c2011d6
---
ext/fts5/fts5_index.c | 6 +-
1 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 268af5e..90dc0a5 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -6409,7 +6409,7 @@ static void fts5DecodeFunction(
nDoclist = (iTermOff ? iTermOff : szLeaf) - iOff;
fts5DecodeDoclist(&rc, &s, &a[iOff], nDoclist);
- while( iPgidxOff<n ){
+ while( iPgidxOff<n && rc==SQLITE_OK ){
int bFirst = (iPgidxOff==szLeaf); /* True for first term on page */
int nByte; /* Bytes of data */
int iEnd;
@@ -6427,6 +6427,10 @@ static void fts5DecodeFunction(
if( bFirst==0 ){
iOff += fts5GetVarint32(&a[iOff], nByte);
+ if( nByte>term.n ){
+ rc = FTS5_CORRUPT;
+ goto decode_out;
+ }
term.n = nByte;
}
iOff += fts5GetVarint32(&a[iOff], nByte);
--
1.8.3.1

28
6022-Fix-a-segfault-in-fts3-prompted-by-a-corrupted-datab.patch Normal file
View File

@ -0,0 +1,28 @@
From 2fbabe31a19e10c68357884846454753ee2b4cc3 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Fri, 11 Jan 2019 21:34:25 +0000
Subject: [PATCH 0748/1009] Fix a segfault in fts3 prompted by a corrupted
database.
https://github.com/mackyle/sqlite/commit/2fbabe31a19e10c68357884846454753ee2b4cc3
---
ext/fts3/fts3.c | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index e168fae..5266749 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -2899,7 +2899,7 @@ static int fts3SegReaderCursor(
/* If zTerm is not NULL, and this segment is not stored entirely on its
** root node, the range of leaves scanned can be reduced. Do this. */
- if( iStartBlock && zTerm ){
+ if( iStartBlock && zTerm && zRoot ){
sqlite3_int64 *pi = (isPrefix ? &iLeavesEndBlock : 0);
rc = fts3SelectLeaf(p, zTerm, nTerm, zRoot, nRoot, &iStartBlock, pi);
if( rc!=SQLITE_OK ) goto finished;
--
1.8.3.1

31
6023-Prevent-unsigned-32-bit-integer-overflow-from-leadin.patch Normal file
View File

@ -0,0 +1,31 @@
From 95a3db8dcf8622a8db12059abe1befca418d9440 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Sat, 12 Jan 2019 21:30:26 +0000
Subject: [PATCH 0756/1009] Prevent unsigned 32-bit integer overflow from
leading to a buffer overread inside of an assert(). The problem fixed here
is no reachable in production code.
https://github.com/mackyle/sqlite/commit/95a3db8dcf8622a8db12059abe1befca418d9440
---
src/vdbeaux.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index 1125cfd..1af8a6f 100644
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -3883,8 +3883,8 @@ static int vdbeRecordCompareDebug(
** Use that approximation to avoid the more expensive call to
** sqlite3VdbeSerialTypeLen() in the common case.
*/
- if( d1+serial_type1+2>(u32)nKey1
- && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1
+ if( d1+(u64)serial_type1+2>(u64)nKey1
+ && d1+(u64)sqlite3VdbeSerialTypeLen(serial_type1)>(u64)nKey1
){
break;
}
--
1.8.3.1

39
6024-Fix-a-problem-causing-a-crash-if-an-fts5vocab-table-.patch Normal file
View File

@ -0,0 +1,39 @@
From 5b01e4f591862a943728f1abe1cf44ac0844dbf1 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Mon, 14 Jan 2019 15:35:15 +0000
Subject: [PATCH 0765/1009] Fix a problem causing a crash if an fts5vocab table
was created to query an fts3/4 FTS index.
https://github.com/mackyle/sqlite/commit/5b01e4f591862a943728f1abe1cf44ac0844dbf1
---
ext/fts5/fts5_main.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/ext/fts5/fts5_main.c b/ext/fts5/fts5_main.c
index 6fc5a90..07934eb 100644
--- a/ext/fts5/fts5_main.c
+++ b/ext/fts5/fts5_main.c
@@ -2244,13 +2244,13 @@ Fts5Index *sqlite3Fts5IndexFromCsrid(
Fts5Config **ppConfig /* OUT: Configuration object */
){
Fts5Cursor *pCsr;
- Fts5Table *pTab;
-
pCsr = fts5CursorFromCsrid(pGlobal, iCsrId);
- pTab = (Fts5Table*)pCsr->base.pVtab;
- *ppConfig = pTab->pConfig;
-
- return pTab->pIndex;
+ if( pCsr ){
+ Fts5Table *pTab = (Fts5Table*)pCsr->base.pVtab;
+ *ppConfig = pTab->pConfig;
+ return pTab->pIndex;
+ }
+ return 0;
}
/*
--
1.8.3.1

27
6025-Fix-a-harmless-memory-leak-in-the-Lemon-parser-gener.patch Normal file
View File

@ -0,0 +1,27 @@
From 5dfe84921758b84e698b4f3429e56f3f292f8de5 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Tue, 15 Jan 2019 14:44:23 +0000
Subject: [PATCH 0770/1009] Fix a harmless memory leak in the Lemon parser
generator utility program.
https://github.com/mackyle/sqlite/commit/5dfe84921758b84e698b4f3429e56f3f292f8de5
---
tool/lemon.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tool/lemon.c b/tool/lemon.c
index 7f0e557..7ef99fd 100644
--- a/tool/lemon.c
+++ b/tool/lemon.c
@@ -4674,6 +4674,7 @@ void ReportTable(
/* Append any addition code the user desires */
tplt_print(out,lemp,lemp->extracode,&lineno);
+ acttab_free(pActtab);
fclose(in);
fclose(out);
return;
--
1.8.3.1

48
6026-Handle-SQL-NULL-values-without-crashing-in-the-fts5-.patch Normal file
View File

@ -0,0 +1,48 @@
From 88ea6ea1ee2b7c93120857c65c882144c9f4ce71 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Tue, 15 Jan 2019 18:14:27 +0000
Subject: [PATCH 0773/1009] Handle SQL NULL values without crashing in the fts5
snippet() and highlight() functions.
https://github.com/mackyle/sqlite/commit/88ea6ea1ee2b7c93120857c65c882144c9f4ce71
---
ext/fts5/fts5_aux.c | 2 +-
ext/fts5/test/fts5ak.test | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/ext/fts5/fts5_aux.c b/ext/fts5/fts5_aux.c
index f884ddb..7d4f3e6 100644
--- a/ext/fts5/fts5_aux.c
+++ b/ext/fts5/fts5_aux.c
@@ -136,7 +136,7 @@ static void fts5HighlightAppend(
HighlightContext *p,
const char *z, int n
){
- if( *pRc==SQLITE_OK ){
+ if( *pRc==SQLITE_OK && z ){
if( n<0 ) n = (int)strlen(z);
p->zOut = sqlite3_mprintf("%z%.*s", p->zOut, n, z);
if( p->zOut==0 ) *pRc = SQLITE_NOMEM;
diff --git a/ext/fts5/test/fts5ak.test b/ext/fts5/test/fts5ak.test
index cab0ae2..0a3cd6a78 100644
--- a/ext/fts5/test/fts5ak.test
+++ b/ext/fts5/test/fts5ak.test
@@ -144,6 +144,14 @@ do_execsql_test 3.1 {
{[a b c d e]}
}
+do_execsql_test 3.2 {
+ SELECT highlight(ft, 0, NULL, NULL) FROM ft WHERE ft MATCH 'a+b+c AND c+d+e';
+} {
+ {a b c x c d e}
+ {a b c c d e}
+ {a b c d e}
+}
+
}
finish_test
--
1.8.3.1

27
6027-Fix-a-memory-leak-that-could-occur-in-fts3-when-hand.patch Normal file
View File

@ -0,0 +1,27 @@
From 5dc52d357ad41bcbd945f360df2d49a7701f8776 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Wed, 16 Jan 2019 11:38:06 +0000
Subject: [PATCH 0775/1009] Fix a memory leak that could occur in fts3 when
handling a corrupt database.
https://github.com/mackyle/sqlite/commit/5dc52d357ad41bcbd945f360df2d49a7701f8776
---
ext/fts3/fts3_write.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index 0baf82b..096eafc 100644
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -1606,6 +1606,7 @@ int sqlite3Fts3SegReaderNew(
assert( iStartLeaf<=iEndLeaf );
if( iStartLeaf==0 ){
+ if( iEndLeaf!=0 ) return FTS_CORRUPT_VTAB;
nExtra = nRoot + FTS3_NODE_PADDING;
}
--
1.8.3.1

47
6028-Fix-a-buffer-overwrite-that-could-occur-when-running.patch Normal file
View File

@ -0,0 +1,47 @@
From 1634068a27a93898908802f514ae41c1a3aa3bf9 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 17 Jan 2019 19:11:10 +0000
Subject: [PATCH 0787/1009] Fix a buffer overwrite that could occur when
running an fts5 prefix query against a corrupt database.
https://github.com/mackyle/sqlite/commit/1634068a27a93898908802f514ae41c1a3aa3bf9
---
ext/fts5/fts5_index.c | 11 +-
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 426cf61..259ae35 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -4959,6 +4959,8 @@ static void fts5MergePrefixLists(
int iOff2 = 0;
u8 *a1 = &i1.aPoslist[i1.nSize];
u8 *a2 = &i2.aPoslist[i2.nSize];
+ int nCopy;
+ u8 *aCopy;
i64 iPrev = 0;
Fts5PoslistWriter writer;
@@ -5002,11 +5004,16 @@ static void fts5MergePrefixLists(
if( iPos1!=iPrev ){
sqlite3Fts5PoslistSafeAppend(&tmp, &iPrev, iPos1);
}
- fts5BufferSafeAppendBlob(&tmp, &a1[iOff1], i1.nPoslist-iOff1);
+ aCopy = &a1[iOff1];
+ nCopy = i1.nPoslist - iOff1;
}else{
assert( iPos2>=0 && iPos2!=iPrev );
sqlite3Fts5PoslistSafeAppend(&tmp, &iPrev, iPos2);
- fts5BufferSafeAppendBlob(&tmp, &a2[iOff2], i2.nPoslist-iOff2);
+ aCopy = &a2[iOff2];
+ nCopy = i2.nPoslist - iOff2;
+ }
+ if( nCopy>0 ){
+ fts5BufferSafeAppendBlob(&tmp, aCopy, nCopy);
}
/* WRITEPOSLISTSIZE */
--
1.8.3.1

27
6029-Fix-another-corruption-related-crash-in-fts5.patch Normal file
View File

@ -0,0 +1,27 @@
From 80b709ea4c758f5f8fcb125082a17ceb5b9f5c76 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 17 Jan 2019 20:06:56 +0000
Subject: [PATCH 0789/1009] Fix another corruption related crash in fts5.
https://github.com/mackyle/sqlite/commit/80b709ea4c758f5f8fcb125082a17ceb5b9f5c76
---
ext/fts5/fts5_index.c | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 259ae35..66ab9be 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -1652,7 +1652,7 @@ static void fts5SegIterLoadTerm(Fts5Index *p, Fts5SegIter *pIter, int nKeep){
int nNew; /* Bytes of new data */
iOff += fts5GetVarint32(&a[iOff], nNew);
- if( iOff+nNew>pIter->pLeaf->nn || nKeep>pIter->term.n ){
+ if( iOff+nNew>pIter->pLeaf->szLeaf || nKeep>pIter->term.n ){
p->rc = FTS5_CORRUPT;
return;
}
--
1.8.3.1

36
6030-Avoid-integer-overflow-when-computing-the-array-of-a.patch Normal file
View File

@ -0,0 +1,36 @@
From a47d7130bcbf6dbf2c3d0cb33555a68e288cc407 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Fri, 18 Jan 2019 18:52:17 +0000
Subject: [PATCH 0794/1009] Avoid integer overflow when computing the array of
a bounding box with the rtree_i32 virtual table.
https://github.com/mackyle/sqlite/commit/a47d7130bcbf6dbf2c3d0cb33555a68e288cc407
---
ext/rtree/rtree.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c
index c998d95..73d0661 100644
--- a/ext/rtree/rtree.c
+++ b/ext/rtree/rtree.c
@@ -1999,11 +1999,11 @@ static RtreeDValue cellArea(Rtree *pRtree, RtreeCell *p){
#endif
{
switch( pRtree->nDim ){
- case 5: area = p->aCoord[9].i - p->aCoord[8].i;
- case 4: area *= p->aCoord[7].i - p->aCoord[6].i;
- case 3: area *= p->aCoord[5].i - p->aCoord[4].i;
- case 2: area *= p->aCoord[3].i - p->aCoord[2].i;
- default: area *= p->aCoord[1].i - p->aCoord[0].i;
+ case 5: area = (i64)p->aCoord[9].i - (i64)p->aCoord[8].i;
+ case 4: area *= (i64)p->aCoord[7].i - (i64)p->aCoord[6].i;
+ case 3: area *= (i64)p->aCoord[5].i - (i64)p->aCoord[4].i;
+ case 2: area *= (i64)p->aCoord[3].i - (i64)p->aCoord[2].i;
+ default: area *= (i64)p->aCoord[1].i - (i64)p->aCoord[0].i;
}
}
return area;
--
1.8.3.1

31
6031-Fix-another-segfault-caused-by-a-corrupt-fts3-databa.patch Normal file
View File

@ -0,0 +1,31 @@
From 7c66bd37c346c0bbf92502edec140b488e4af6e2 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Tue, 22 Jan 2019 12:21:28 +0000
Subject: [PATCH 0813/1009] Fix another segfault caused by a corrupt fts3
database.
https://github.com/mackyle/sqlite/commit/7c66bd37c346c0bbf92502edec140b488e4af6e2
---
ext/fts3/fts3_write.c | 5 ++
1 files changed, 5 insertions(+), 0 deletion(-)
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index df3c07e..3e195c3 100644
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -2255,6 +2255,11 @@ static int fts3SegWriterAdd(
nPrefix = fts3PrefixCompress(pWriter->zTerm, pWriter->nTerm, zTerm, nTerm);
nSuffix = nTerm-nPrefix;
+ /* If nSuffix is zero or less, then zTerm/nTerm must be a prefix of
+ ** pWriter->zTerm/pWriter->nTerm. i.e. must be equal to or less than when
+ ** compared with BINARY collation. This indicates corruption. */
+ if( nSuffix<=0 ) return FTS_CORRUPT_VTAB;
+
/* Figure out how many bytes are required by this new entry */
nReq = sqlite3Fts3VarintLen(nPrefix) + /* varint containing prefix size */
sqlite3Fts3VarintLen(nSuffix) + /* varint containing suffix size */
--
1.8.3.1

87
6032-Fix-a-buffer-overrun-that-could-occur-in-fts5-if-a-p.patch Normal file
View File

@ -0,0 +1,87 @@
From ec2409b34e42389034ecf6ae616a85de97c0fd8c Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Tue, 22 Jan 2019 21:17:40 +0000
Subject: [PATCH 0820/1009] Fix a buffer overrun that could occur in fts5 if a
prefix query is made on a corrupt database.
https://github.com/mackyle/sqlite/commit/ec2409b34e42389034ecf6ae616a85de97c0fd8c
---
ext/fts5/fts5.h | 8 +-
ext/fts5/fts5Int.h | 2 +-
ext/fts5/fts5_index.c | 2 +-
ext/fts5/fts5_main.c | 5 +
ext/fts5/test/fts5corrupt3.test | 217 ++++++++++++++++++++++++++++++++++++++++
5 files changed, 226 insertions(+), 8 deletions(-)
diff --git a/ext/fts5/fts5.h b/ext/fts5/fts5.h
index 8273785..f0b7d55 100644
--- a/ext/fts5/fts5.h
+++ b/ext/fts5/fts5.h
@@ -120,12 +120,8 @@ struct Fts5PhraseIter {
**
** Usually, output parameter *piPhrase is set to the phrase number, *piCol
** to the column in which it occurs and *piOff the token offset of the
-** first token of the phrase. The exception is if the table was created
-** with the offsets=0 option specified. In this case *piOff is always
-** set to -1.
-**
-** Returns SQLITE_OK if successful, or an error code (i.e. SQLITE_NOMEM)
-** if an error occurs.
+** first token of the phrase. Returns SQLITE_OK if successful, or an error
+** code (i.e. SQLITE_NOMEM) if an error occurs.
**
** This API can be quite slow if used with an FTS5 table created with the
** "detail=none" or "detail=column" option.
diff --git a/ext/fts5/fts5Int.h b/ext/fts5/fts5Int.h
index 4855abe..629bcf0 100644
--- a/ext/fts5/fts5Int.h
+++ b/ext/fts5/fts5Int.h
@@ -274,7 +274,7 @@ void sqlite3Fts5Put32(u8*, int);
int sqlite3Fts5Get32(const u8*);
#define FTS5_POS2COLUMN(iPos) (int)(iPos >> 32)
-#define FTS5_POS2OFFSET(iPos) (int)(iPos & 0xFFFFFFFF)
+#define FTS5_POS2OFFSET(iPos) (int)(iPos & 0x7FFFFFFF)
typedef struct Fts5PoslistReader Fts5PoslistReader;
struct Fts5PoslistReader {
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 66ab9be..165d094 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -5122,7 +5122,7 @@ static void fts5SetupPrefixIter(
}
fts5MultiIterFree(p1);
- pData = fts5IdxMalloc(p, sizeof(Fts5Data) + doclist.n);
+ pData = fts5IdxMalloc(p, sizeof(Fts5Data)+doclist.n+FTS5_DATA_ZERO_PADDING);
if( pData ){
pData->p = (u8*)&pData[1];
pData->nn = pData->szLeaf = doclist.n;
diff --git a/ext/fts5/fts5_main.c b/ext/fts5/fts5_main.c
index bb34234..c98df4f 100644
--- a/ext/fts5/fts5_main.c
+++ b/ext/fts5/fts5_main.c
@@ -1777,6 +1777,7 @@ static int fts5CacheInstArray(Fts5Cursor *pCsr){
int rc = SQLITE_OK;
Fts5PoslistReader *aIter; /* One iterator for each phrase */
int nIter; /* Number of iterators/phrases */
+ int nCol = ((Fts5Table*)pCsr->base.pVtab)->pConfig->nCol;
nIter = sqlite3Fts5ExprPhraseCount(pCsr->pExpr);
if( pCsr->aInstIter==0 ){
@@ -1830,6 +1831,10 @@ static int fts5CacheInstArray(Fts5Cursor *pCsr){
aInst[0] = iBest;
aInst[1] = FTS5_POS2COLUMN(aIter[iBest].iPos);
aInst[2] = FTS5_POS2OFFSET(aIter[iBest].iPos);
+ if( aInst[1]<0 || aInst[1]>=nCol ){
+ rc = FTS5_CORRUPT;
+ break;
+ }
sqlite3Fts5PoslistReaderNext(&aIter[iBest]);
}
}
--
1.8.3.1

94
6033-Fix-another-fts5-crash-that-can-occur-if-the-databas.patch Normal file
View File

@ -0,0 +1,94 @@
From 64a2e3704ddeecff5abcf7729345e1e0bd2f6dbd Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Wed, 23 Jan 2019 19:17:05 +0000
Subject: [PATCH 0823/1009] Fix another fts5 crash that can occur if the
database is corrupted.
https://github.com/mackyle/sqlite/commit/64a2e3704ddeecff5abcf7729345e1e0bd2f6dbd
---
ext/fts5/fts5_index.c | 58 ++++++-----
1 files changed, 23 insertions(+), 25 deletions(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 57fce0a..eced245 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -4127,7 +4127,7 @@ static void fts5TrimSegments(Fts5Index *p, Fts5Iter *pIter){
int i;
Fts5Buffer buf;
memset(&buf, 0, sizeof(Fts5Buffer));
- for(i=0; i<pIter->nSeg; i++){
+ for(i=0; i<pIter->nSeg && p->rc==SQLITE_OK; i++){
Fts5SegIter *pSeg = &pIter->aSeg[i];
if( pSeg->pSeg==0 ){
/* no-op */
@@ -4147,33 +4147,41 @@ static void fts5TrimSegments(Fts5Index *p, Fts5Iter *pIter){
iLeafRowid = FTS5_SEGMENT_ROWID(iId, pSeg->iTermLeafPgno);
pData = fts5DataRead(p, iLeafRowid);
if( pData ){
- fts5BufferZero(&buf);
- fts5BufferGrow(&p->rc, &buf, pData->nn);
- fts5BufferAppendBlob(&p->rc, &buf, sizeof(aHdr), aHdr);
- fts5BufferAppendVarint(&p->rc, &buf, pSeg->term.n);
- fts5BufferAppendBlob(&p->rc, &buf, pSeg->term.n, pSeg->term.p);
- fts5BufferAppendBlob(&p->rc, &buf, pData->szLeaf-iOff, &pData->p[iOff]);
- if( p->rc==SQLITE_OK ){
- /* Set the szLeaf field */
- fts5PutU16(&buf.p[2], (u16)buf.n);
- }
+ if( iOff>pData->szLeaf ){
+ /* This can occur if the pages that the segments occupy overlap - if
+ ** a single page has been assigned to more than one segment. In
+ ** this case a prior iteration of this loop may have corrupted the
+ ** segment currently being trimmed. */
+ p->rc = FTS5_CORRUPT;
+ }else{
+ fts5BufferZero(&buf);
+ fts5BufferGrow(&p->rc, &buf, pData->nn);
+ fts5BufferAppendBlob(&p->rc, &buf, sizeof(aHdr), aHdr);
+ fts5BufferAppendVarint(&p->rc, &buf, pSeg->term.n);
+ fts5BufferAppendBlob(&p->rc, &buf, pSeg->term.n, pSeg->term.p);
+ fts5BufferAppendBlob(&p->rc, &buf, pData->szLeaf-iOff,&pData->p[iOff]);
+ if( p->rc==SQLITE_OK ){
+ /* Set the szLeaf field */
+ fts5PutU16(&buf.p[2], (u16)buf.n);
+ }
- /* Set up the new page-index array */
- fts5BufferAppendVarint(&p->rc, &buf, 4);
- if( pSeg->iLeafPgno==pSeg->iTermLeafPgno
- && pSeg->iEndofDoclist<pData->szLeaf
- ){
- int nDiff = pData->szLeaf - pSeg->iEndofDoclist;
- fts5BufferAppendVarint(&p->rc, &buf, buf.n - 1 - nDiff - 4);
- fts5BufferAppendBlob(&p->rc, &buf,
- pData->nn - pSeg->iPgidxOff, &pData->p[pSeg->iPgidxOff]
- );
- }
+ /* Set up the new page-index array */
+ fts5BufferAppendVarint(&p->rc, &buf, 4);
+ if( pSeg->iLeafPgno==pSeg->iTermLeafPgno
+ && pSeg->iEndofDoclist<pData->szLeaf
+ ){
+ int nDiff = pData->szLeaf - pSeg->iEndofDoclist;
+ fts5BufferAppendVarint(&p->rc, &buf, buf.n - 1 - nDiff - 4);
+ fts5BufferAppendBlob(&p->rc, &buf,
+ pData->nn - pSeg->iPgidxOff, &pData->p[pSeg->iPgidxOff]
+ );
+ }
+ pSeg->pSeg->pgnoFirst = pSeg->iTermLeafPgno;
+ fts5DataDelete(p, FTS5_SEGMENT_ROWID(iId, 1), iLeafRowid);
+ fts5DataWrite(p, iLeafRowid, buf.p, buf.n);
+ }
fts5DataRelease(pData);
- pSeg->pSeg->pgnoFirst = pSeg->iTermLeafPgno;
- fts5DataDelete(p, FTS5_SEGMENT_ROWID(iId, 1), iLeafRowid);
- fts5DataWrite(p, iLeafRowid, buf.p, buf.n);
}
}
}
--
1.8.3.1

28
6034-Fix-an-assert-in-vdbemem.c-that-could-fire-if-the-da.patch Normal file
View File

@ -0,0 +1,28 @@
From ebf0e4dbbdbc5e35f0febe9e6d3bbceffde814c6 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Wed, 23 Jan 2019 20:31:56 +0000
Subject: [PATCH 0826/1009] Fix an assert() in vdbemem.c that could fire if the
database was corrupt.
https://github.com/mackyle/sqlite/commit/ebf0e4dbbdbc5e35f0febe9e6d3bbceffde814c6
---
src/vdbemem.c | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/src/vdbemem.c b/src/vdbemem.c
index db8fedd..8493df7 100644
--- a/src/vdbemem.c
+++ b/src/vdbemem.c
@@ -243,7 +243,7 @@ SQLITE_NOINLINE int sqlite3VdbeMemGrow(Mem *pMem, int n, int bPreserve){
** if unable to complete the resizing.
*/
int sqlite3VdbeMemClearAndResize(Mem *pMem, int szNew){
- assert( szNew>0 );
+ assert( CORRUPT_DB || szNew>0 );
assert( (pMem->flags & MEM_Dyn)==0 || pMem->szMalloc==0 );
if( pMem->szMalloc<szNew ){
return sqlite3VdbeMemGrow(pMem, szNew, 0);
--
1.8.3.1

35
6035-Fix-a-potential-problem-with-INSERT-INTO-.-SELECT-FR.patch Normal file
View File

@ -0,0 +1,35 @@
From b9338e8475463b29b7f05fb28c78c3f35a7ce814 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 24 Jan 2019 15:16:17 +0000
Subject: [PATCH 0830/1009] Fix a potential problem with "INSERT INTO ...
SELECT * FROM" (or VACUUM) statements on a corrupted database.
https://github.com/mackyle/sqlite/commit/b9338e8475463b29b7f05fb28c78c3f35a7ce814
---
src/btree.c | 7 +--
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/btree.c b/src/btree.c
index b68bca1..401f02e 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -804,11 +804,12 @@ static int btreeMoveto(
UnpackedRecord *pIdxKey; /* Unpacked index key */
if( pKey ){
+ KeyInfo *pKeyInfo = pCur->pKeyInfo;
assert( nKey==(i64)(int)nKey );
- pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
+ pIdxKey = sqlite3VdbeAllocUnpackedRecord(pKeyInfo);
if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
- sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
- if( pIdxKey->nField==0 ){
+ sqlite3VdbeRecordUnpack(pKeyInfo, (int)nKey, pKey, pIdxKey);
+ if( pIdxKey->nField==0 || pIdxKey->nField>pKeyInfo->nAllField ){
rc = SQLITE_CORRUPT_BKPT;
goto moveto_done;
}
--
1.8.3.1

79
6036-Fix-a-segfault-that-could-follow-an-OOM-when-queryin.patch Normal file
View File

@ -0,0 +1,79 @@
From 2084a9dcdb6fa7cd335dca7fef7328ebee65a5d1 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Fri, 25 Jan 2019 17:26:59 +0000
Subject: [PATCH 0842/1009] Fix a segfault that could follow an OOM when
querying a table that has one or more columns with default values "true" or
"false".
https://github.com/mackyle/sqlite/commit/2084a9dcdb6fa7cd335dca7fef7328ebee65a5d1
---
src/vdbemem.c | 8 +++++---
test/insertfault.test | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+), 3 deletions(-)
create mode 100644 test/insertfault.test
diff --git a/src/vdbemem.c b/src/vdbemem.c
index 8493df7..8d9e44b 100644
--- a/src/vdbemem.c
+++ b/src/vdbemem.c
@@ -1530,9 +1530,11 @@ static int valueFromExpr(
}
#endif
else if( op==TK_TRUEFALSE ){
- pVal = valueNew(db, pCtx);
- pVal->flags = MEM_Int;
- pVal->u.i = pExpr->u.zToken[4]==0;
+ pVal = valueNew(db, pCtx);
+ if( pVal ){
+ pVal->flags = MEM_Int;
+ pVal->u.i = pExpr->u.zToken[4]==0;
+ }
}
*ppVal = pVal;
diff --git a/test/insertfault.test b/test/insertfault.test
new file mode 100644
index 0000000..53849a1
--- /dev/null
+++ b/test/insertfault.test
@@ -0,0 +1,36 @@
+# 2019-01-26
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#***********************************************************************
+#
+# Test cases for INSERT
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+set testprefix insertfault
+
+do_execsql_test 1.0 {
+ CREATE TABLE t1(a INTEGER PRIMARY KEY, b, c, d DEFAULT true);
+ INSERT INTO t1 DEFAULT VALUES;
+ SELECT * FROM t1;
+} {1 {} {} 1}
+faultsim_save_and_close
+
+breakpoint
+do_faultsim_test 1 -faults oom* -prep {
+ faultsim_restore_and_reopen
+ db eval { SELECT * FROM sqlite_master }
+} -body {
+ execsql { SELECT * FROM t1 }
+} -test {
+ faultsim_test_result {0 {1 {} {} 1}}
+}
+
+
+finish_test
--
1.8.3.1

27
6037-Fix-a-buffer-overread-in-fts3-that-could-occur-when-.patch Normal file
View File

@ -0,0 +1,27 @@
From 896da092c4debe2e865ccfbc94939aae2feda5fc Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Mon, 28 Jan 2019 16:50:42 +0000
Subject: [PATCH 0858/1009] Fix a buffer overread in fts3 that could occur when
accessing a corrupt database.
https://github.com/mackyle/sqlite/commit/896da092c4debe2e865ccfbc94939aae2feda5fc
---
ext/fts3/fts3.c | 1 +
1 files changed, 1 insertions(+)
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index 36e41d2..bd0003d 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -2810,6 +2810,7 @@ static int fts3TermSelectMerge(
pTS->anOutput[0] = nDoclist;
if( pTS->aaOutput[0] ){
memcpy(pTS->aaOutput[0], aDoclist, nDoclist);
+ memset(&pTS->aaOutput[0][nDoclist], 0, FTS3_VARINT_MAX);
}else{
return SQLITE_NOMEM;
}
--
1.8.3.1

28
6038-Fix-a-buffer-overrun-triggered-by-a-merge-operation-.patch Normal file
View File

@ -0,0 +1,28 @@
From 850b66a5848d73428951382ca909c3663b905a9e Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Tue, 29 Jan 2019 11:42:43 +0000
Subject: [PATCH 0862/1009] Fix a buffer overrun triggered by a merge operation
on a corrupt fts5 database.
https://github.com/mackyle/sqlite/commit/850b66a5848d73428951382ca909c3663b905a9e
---
ext/fts5/fts5_index.c | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index cec4415..e1bb8d4 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -4145,7 +4145,7 @@ static void fts5TrimSegments(Fts5Index *p, Fts5Iter *pIter){
u8 aHdr[4] = {0x00, 0x00, 0x00, 0x00};
iLeafRowid = FTS5_SEGMENT_ROWID(iId, pSeg->iTermLeafPgno);
- pData = fts5DataRead(p, iLeafRowid);
+ pData = fts5LeafRead(p, iLeafRowid);
if( pData ){
if( iOff>pData->szLeaf ){
/* This can occur if the pages that the segments occupy overlap - if
--
1.8.3.1

29
6039-Fix-another-buffer-overread-in-fts5-that-may-occur-w.patch Normal file
View File

@ -0,0 +1,29 @@
From 06895c18a8afdfd7b46c09bb5623f1d68e82a955 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Wed, 30 Jan 2019 12:15:27 +0000
Subject: [PATCH 0868/1009] Fix another buffer overread in fts5 that may occur
when accessing a corrupt database.
https://github.com/mackyle/sqlite/commit/06895c18a8afdfd7b46c09bb5623f1d68e82a955
---
ext/fts5/fts5_index.c | 3 +-
1 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index e1bb8d4..32732b9 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -3104,7 +3104,8 @@ static void fts5SegiterPoslist(
Fts5Colset *pColset,
Fts5Buffer *pBuf
){
- if( 0==fts5BufferGrow(&p->rc, pBuf, pSeg->nPos) ){
+ if( 0==fts5BufferGrow(&p->rc, pBuf, pSeg->nPos+FTS5_DATA_ZERO_PADDING) ){
+ memset(&pBuf->p[pBuf->n+pSeg->nPos], 0, FTS5_DATA_ZERO_PADDING);
if( pColset==0 ){
fts5ChunkIterate(p, pSeg, (void*)pBuf, fts5PoslistCallback);
}else{
--
1.8.3.1

41
6040-Fix-another-buffer-overrun-that-could-occur-when-que.patch Normal file
View File

@ -0,0 +1,41 @@
From 536bdac3ff692d5ebf13d6b7ff129721444f281b Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 31 Jan 2019 14:37:18 +0000
Subject: [PATCH 0878/1009] Fix another buffer overrun that could occur when
quering a corrupt database using an fts5vocab table.
https://github.com/mackyle/sqlite/commit/536bdac3ff692d5ebf13d6b7ff129721444f281b
---
ext/fts5/fts5_index.c | 2 +-
ext/fts5/fts5_vocab.c | 1 +
1 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 32732b9..bb87714 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -1652,7 +1652,7 @@ static void fts5SegIterLoadTerm(Fts5Index *p, Fts5SegIter *pIter, int nKeep){
int nNew; /* Bytes of new data */
iOff += fts5GetVarint32(&a[iOff], nNew);
- if( iOff+nNew>pIter->pLeaf->szLeaf || nKeep>pIter->term.n ){
+ if( iOff+nNew>pIter->pLeaf->szLeaf || nKeep>pIter->term.n || nNew==0 ){
p->rc = FTS5_CORRUPT;
return;
}
diff --git a/ext/fts5/fts5_vocab.c b/ext/fts5/fts5_vocab.c
index bfb6821..2550c9d 100644
--- a/ext/fts5/fts5_vocab.c
+++ b/ext/fts5/fts5_vocab.c
@@ -484,6 +484,7 @@ static int fts5VocabNextMethod(sqlite3_vtab_cursor *pCursor){
int nTerm;
zTerm = sqlite3Fts5IterTerm(pCsr->pIter, &nTerm);
+ assert( nTerm>=0 );
if( pCsr->nLeTerm>=0 ){
int nCmp = MIN(nTerm, pCsr->nLeTerm);
int bCmp = memcmp(pCsr->zLeTerm, zTerm, nCmp);
--
1.8.3.1

37
6041-Fix-another-segfault-that-could-occur-in-fts5-with-a.patch Normal file
View File

@ -0,0 +1,37 @@
From 032f34b06b09b35542a7dd6242e2032cbed59b6e Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Mon, 11 Feb 2019 16:12:09 +0000
Subject: [PATCH 0939/1009] Fix another segfault that could occur in fts5 with
a corrupted database.
https://github.com/mackyle/sqlite/commit/032f34b06b09b35542a7dd6242e2032cbed59b6e
---
ext/fts5/fts5_index.c | 7 +-
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
index 5ce75bd..741e579 100644
--- a/ext/fts5/fts5_index.c
+++ b/ext/fts5/fts5_index.c
@@ -4169,13 +4169,14 @@ static void fts5TrimSegments(Fts5Index *p, Fts5Iter *pIter){
/* Set up the new page-index array */
fts5BufferAppendVarint(&p->rc, &buf, 4);
if( pSeg->iLeafPgno==pSeg->iTermLeafPgno
- && pSeg->iEndofDoclist<pData->szLeaf
- ){
+ && pSeg->iEndofDoclist<pData->szLeaf
+ && pSeg->iPgidxOff<=pData->nn
+ ){
int nDiff = pData->szLeaf - pSeg->iEndofDoclist;
fts5BufferAppendVarint(&p->rc, &buf, buf.n - 1 - nDiff - 4);
fts5BufferAppendBlob(&p->rc, &buf,
pData->nn - pSeg->iPgidxOff, &pData->p[pSeg->iPgidxOff]
- );
+ );
}
pSeg->pSeg->pgnoFirst = pSeg->iTermLeafPgno;
--
1.8.3.1

28
6042-Fix-a-potential-memory-leak-in-RBU-if-the-rbu_fossil.patch Normal file
View File

@ -0,0 +1,28 @@
From d651ad3b3d42dfe3fc26023ae2c61d04802cd721 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Tue, 19 Feb 2019 17:45:31 +0000
Subject: [PATCH 0956/1009] Fix a potential memory leak in RBU if the
rbu_fossil_delta() SQL function is misused. Misuse never happens in a
working RBU system, so this is not a particularly important fix.
https://github.com/mackyle/sqlite/commit/d651ad3b3d42dfe3fc26023ae2c61d04802cd721
---
ext/rbu/sqlite3rbu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ext/rbu/sqlite3rbu.c b/ext/rbu/sqlite3rbu.c
index e86606b..1a78adc 100644
--- a/ext/rbu/sqlite3rbu.c
+++ b/ext/rbu/sqlite3rbu.c
@@ -684,6 +684,7 @@ static void rbuFossilDeltaFunc(
}else{
nOut2 = rbuDeltaApply(aOrig, nOrig, aDelta, nDelta, aOut);
if( nOut2!=nOut ){
+ sqlite3_free(aOut);
sqlite3_result_error(context, "corrupt fossil delta", -1);
}else{
sqlite3_result_blob(context, aOut, nOut, sqlite3_free);
--
1.8.3.1

29
6043-Fix-a-potential-32-bit-integer-overflow-in-the-showd.patch Normal file
View File

@ -0,0 +1,29 @@
From 7003b1922263ee4b6131fd458537808ccae22f41 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Tue, 5 Mar 2019 23:49:17 +0000
Subject: [PATCH 1002/1009] Fix a potential 32-bit integer overflow in the
"showdb" utility program when it is trying to interpret a corrupt database
file.
https://github.com/mackyle/sqlite/commit/7003b1922263ee4b6131fd458537808ccae22f41
---
tool/showdb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tool/showdb.c b/tool/showdb.c
index ba7a362..cb6ddab 100644
--- a/tool/showdb.c
+++ b/tool/showdb.c
@@ -828,7 +828,7 @@ static void page_usage_cell(
while( ovfl && (cnt++)<g.mxPage ){
page_usage_msg(ovfl, "overflow %d from cell %d of page %d",
cnt, cellno, pgno);
- a = fileRead((ovfl-1)*g.pagesize, 4);
+ a = fileRead((ovfl-1)*(sqlite3_int64)g.pagesize, 4);
ovfl = decodeInt32(a);
sqlite3_free(a);
}
--
1.8.3.1

86
6044-sqlite-CVE-2019-8457-out-of-bounds-read.patch Normal file
View File

@ -0,0 +1,86 @@
From 808d7ed1f82a24f7367006e43174c0c322e24590 Mon Sep 17 00:00:00 2001
From: SQLite Maintainers
Date: Thu, 15 Aug 2019 15:08:23 +0800
Subject: [PATCH] fix out of bounds read
Enhance the rtreenode() function of rtree (used for testing)
so that it uses the newer sqlite3_str object for better performance and
improved error reporting.
---
ext/rtree/rtree.c | 35 ++++++++++++++++-------------------
1 file changed, 16 insertions(+), 19 deletions(-)
diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c
index 56bf836..53c7adf 100644
--- a/ext/rtree/rtree.c
+++ b/ext/rtree/rtree.c
@@ -3689,49 +3689,46 @@ rtreeInit_fail:
** <num-dimension>*2 coordinates.
*/
static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
- char *zText = 0;
RtreeNode node;
Rtree tree;
int ii;
+ int nData;
+ int errCode;
+ sqlite3_str *pOut;
UNUSED_PARAMETER(nArg);
memset(&node, 0, sizeof(RtreeNode));
memset(&tree, 0, sizeof(Rtree));
tree.nDim = (u8)sqlite3_value_int(apArg[0]);
+ if( tree.nDim<1 || tree.nDim>5 ) return;
tree.nDim2 = tree.nDim*2;
tree.nBytesPerCell = 8 + 8 * tree.nDim;
node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
+ nData = sqlite3_value_bytes(apArg[1]);
+ if( nData<4 ) return;
+ if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
+ pOut = sqlite3_str_new(0);
for(ii=0; ii<NCELL(&node); ii++){
- char zCell[512];
- int nCell = 0;
RtreeCell cell;
int jj;
nodeGetCell(&tree, &node, ii, &cell);
- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
- nCell = (int)strlen(zCell);
+ if( ii>0 ) sqlite3_str_append(pOut, " ", 1);
+ sqlite3_str_appendf(pOut, "{%lld", cell.iRowid);
for(jj=0; jj<tree.nDim2; jj++){
#ifndef SQLITE_RTREE_INT_ONLY
- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g",
- (double)cell.aCoord[jj].f);
+ sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f);
#else
- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d",
- cell.aCoord[jj].i);
+ sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i);
#endif
- nCell = (int)strlen(zCell);
- }
-
- if( zText ){
- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
- sqlite3_free(zText);
- zText = zTextNew;
- }else{
- zText = sqlite3_mprintf("{%s}", zCell);
}
+ sqlite3_str_append(pOut, "}", 1);
}
- sqlite3_result_text(ctx, zText, -1, sqlite3_free);
+ errCode = sqlite3_str_errcode(pOut);
+ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
+ sqlite3_result_error_code(ctx, errCode);
}
/* This routine implements an SQL function that returns the "depth" parameter
--
1.8.3.1

BIN
sqlite-autoconf-3240000.tar.gz Normal file
View File

Binary file not shown.

BIN
sqlite-doc-3240000.zip Normal file
View File

Binary file not shown.

BIN
sqlite-src-3240000.zip Normal file
View File

Binary file not shown.

280
sqlite.spec Normal file
View File

@ -0,0 +1,280 @@
%bcond_without check
%global extver 3240000
%global tcl_version 8.6
%global tcl_sitearch %{_libdir}/tcl%{tcl_version}
Name: sqlite
Version: 3.24.0
Release: 4
Summary: Embeded SQL database
License: Public Domain
URL: http://www.sqlite.org/
Source0: http://www.sqlite.org/2018/sqlite-src-%{extver}.zip
Source1: http://www.sqlite.org/2018/sqlite-doc-%{extver}.zip
Source2: https://www.sqlite.org/2018/sqlite-autoconf-%{extver}.tar.gz
Patch0000: 0000-sqlite-3.6.23-lemon-system-template.patch
Patch0001: 0001-sqlite-3.7.7.1-stupid-openfiles-test.patch
Patch0002: 0002-sqlite-3.12.2-no-malloc-usable-size.patch
Patch0003: 0003-sqlite-3.8.0-percentile-test.patch
Patch0004: 0004-sqlite-3.8.10.1-tcl-regress-tests.patch
Patch0005: 0005-sqlite-3.16-datetest-2.2c.patch
Patch0006: 0006-sqlite-3.18.0-sync2-dirsync.patch
Patch0007: 0007-sqlite-CVE-2018-20346.patch
Patch6000: 6000-Fix-the-sqlite3BeginTrans-calls-within-the-snapshot-.patch
Patch6001: 6001-Change-a-comma-into-a-logically-equivalent-but-seman.patch
Patch6002: 6002-Fix-a-typo-in-the-amalgamation-autoconf-file.patch
Patch6003: 6003-Fix-typo-in-the-normalize-extension.patch
Patch6004: 6004-Fix-a-minor-problem-in-the-code-for-determining-whet.patch
Patch6005: 6005-Quick-patch-to-the-Lemon-parser-template-to-avoid-an.patch
Patch6006: 6006-Fix-typo-in-the-Win32-specific-code-for-the-fileio-e.patch
Patch6007: 6007-Fix-a-problem-causing-ENABLE_CURSOR_HINTS-builds-to-.patch
Patch6008: 6008-Fix-a-potential-crash-that-can-occur-while-reading-a.patch
Patch6009: 6009-In-the-CLI-fix-a-file-descriptor-leak-following-OOM-.patch
Patch6010: 6010-Take-steps-to-avoid-a-potential-integer-overflow-in-.patch
Patch6011: 6011-Fix-minor-memory-leak-in-the-dbstat-extension-that-c.patch
Patch6012: 6012-Fix-a-failing-assert-in-sqlite3ResetAllSchemasOfConn.patch
Patch6013: 6013-Fix-a-parser-bug-in-the-use-of-parentheses-around-ta.patch
Patch6014: 6014-Fix-possible-integer-overflow-while-running-PRAGMA-i.patch
Patch6015: 6015-Fix-a-segfault-caused-by-using-the-RAISE-function-in.patch
Patch6016: 6016-Fix-another-problem-with-corrupt-database-handling-i.patch
Patch6017: 6017-Fix-a-buffer-overwrite-in-fts5-triggered-by-a-corrup.patch
Patch6018: 6018-Fix-another-case-in-fts5-where-a-corrupt-database-co.patch
Patch6019: 6019-Fix-another-potential-buffer-overread-in-fts5.patch
Patch6020: 6020-Fix-a-possible-memory-leak-when-trying-to-UPDATE-a-c.patch
Patch6021: 6021-Fix-an-out-of-bounds-read-in-SQL-function-fts5_decod.patch
Patch6022: 6022-Fix-a-segfault-in-fts3-prompted-by-a-corrupted-datab.patch
Patch6023: 6023-Prevent-unsigned-32-bit-integer-overflow-from-leadin.patch
Patch6024: 6024-Fix-a-problem-causing-a-crash-if-an-fts5vocab-table-.patch
Patch6025: 6025-Fix-a-harmless-memory-leak-in-the-Lemon-parser-gener.patch
Patch6026: 6026-Handle-SQL-NULL-values-without-crashing-in-the-fts5-.patch
Patch6027: 6027-Fix-a-memory-leak-that-could-occur-in-fts3-when-hand.patch
Patch6028: 6028-Fix-a-buffer-overwrite-that-could-occur-when-running.patch
Patch6029: 6029-Fix-another-corruption-related-crash-in-fts5.patch
Patch6030: 6030-Avoid-integer-overflow-when-computing-the-array-of-a.patch
Patch6031: 6031-Fix-another-segfault-caused-by-a-corrupt-fts3-databa.patch
Patch6032: 6032-Fix-a-buffer-overrun-that-could-occur-in-fts5-if-a-p.patch
Patch6033: 6033-Fix-another-fts5-crash-that-can-occur-if-the-databas.patch
Patch6034: 6034-Fix-an-assert-in-vdbemem.c-that-could-fire-if-the-da.patch
Patch6035: 6035-Fix-a-potential-problem-with-INSERT-INTO-.-SELECT-FR.patch
Patch6036: 6036-Fix-a-segfault-that-could-follow-an-OOM-when-queryin.patch
Patch6037: 6037-Fix-a-buffer-overread-in-fts3-that-could-occur-when-.patch
Patch6038: 6038-Fix-a-buffer-overrun-triggered-by-a-merge-operation-.patch
Patch6039: 6039-Fix-another-buffer-overread-in-fts5-that-may-occur-w.patch
Patch6040: 6040-Fix-another-buffer-overrun-that-could-occur-when-que.patch
Patch6041: 6041-Fix-another-segfault-that-could-occur-in-fts5-with-a.patch
Patch6042: 6042-Fix-a-potential-memory-leak-in-RBU-if-the-rbu_fossil.patch
Patch6043: 6043-Fix-a-potential-32-bit-integer-overflow-in-the-showd.patch
Patch6044: 6044-sqlite-CVE-2019-8457-out-of-bounds-read.patch
BuildRequires: gcc autoconf tcl tcl-devel
BuildRequires: ncurses-devel readline-devel glibc-devel
Provides: %{name}-libs
Obsoletes: %{name}-libs
Provides: lemon
Obsoletes: lemon
Provides: %{name}-analyzer
Obsoletes: %{name}-analyzer
Provides: %{name}-tcl
Obsoletes: %{name}-tcl
%description
SQLite is a C-language library that implements a small, fast, self-contained,
high-reliability, full-featured, SQL database engine. SQLite is the most used
database engine in the world. SQLite is built into all mobile phones and most
computers and comes bundled inside countless other applications that people
use every day.It also include lemon and sqlite3_analyzer and tcl tools.
%package devel
Summary: Including header files and library for the developing of sqlite
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig
%description devel
This contains dynamic libraries and header files for the developing of sqlite.
%package help
Summary: Man file and documentation for sqlite
BuildArch: noarch
Provides: %{name}-doc
Obsoletes: %{name}-doc
%description help
This contains man files and HTML files for the using of sqlite.
%prep
#autosetup will fail because of 2 zip files
%setup -q -a1 -n %{name}-src-%{extver}
%patch0000 -p1
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
%patch0004 -p1
%ifarch %{ix86}
%patch0005 -p1
%endif
%patch0006 -p1
%patch0007 -p0
%patch6000 -p1
%patch6001 -p1
%patch6002 -p1
%patch6003 -p1
%patch6004 -p1
%patch6005 -p1
%patch6006 -p1
%patch6007 -p1
%patch6008 -p1
%patch6009 -p1
%patch6010 -p1
%patch6011 -p1
%patch6012 -p1
%patch6013 -p1
%patch6014 -p1
%patch6015 -p1
%patch6016 -p1
%patch6017 -p1
%patch6018 -p1
%patch6019 -p1
%patch6020 -p1
%patch6021 -p1
%patch6022 -p1
%patch6023 -p1
%patch6024 -p1
%patch6025 -p1
%patch6026 -p1
%patch6027 -p1
%patch6028 -p1
%patch6029 -p1
%patch6030 -p1
%patch6031 -p1
%patch6032 -p1
%patch6033 -p1
%patch6034 -p1
%patch6035 -p1
%patch6036 -p1
%patch6037 -p1
%patch6038 -p1
%patch6039 -p1
%patch6040 -p1
%patch6041 -p1
%patch6042 -p1
%patch6043 -p1
%patch6044 -p1
rm -f %{name}-doc-%{extver}/sqlite.css~ || :
autoconf
%build
export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
-DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=3 \
-DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 \
-DSQLITE_ENABLE_UNLOCK_NOTIFY=1 -DSQLITE_ENABLE_DBSTAT_VTAB=1 \
-DSQLITE_ENABLE_FTS3_PARENTHESIS=1 -DSQLITE_ENABLE_JSON1=1 \
-Wall -fno-strict-aliasing"
%configure --enable-fts5 \
--enable-threadsafe \
--enable-threads-override-locks \
--enable-load-extension \
TCLLIBDIR=%{tcl_sitearch}/sqlite3
# rpath removal
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%make_build
%make_build sqlite3_analyzer
%install
make DESTDIR=${RPM_BUILD_ROOT} install
install -D -m 755 lemon %{buildroot}%{_bindir}/lemon
install -D -m 644 tool/lempar.c %{buildroot}%{_datadir}/lemon/lempar.c
install -D -m 644 sqlite3.1 %{buildroot}%{_mandir}/man1/sqlite3.1
install -D -m 755 sqlite3_analyzer %{buildroot}%{_bindir}/sqlite3_analyzer
chmod 755 %{buildroot}/%{tcl_sitearch}/sqlite3/*.so
%if %{with check}
%check
export LD_LIBRARY_PATH=`pwd`/.libs
export MALLOC_CHECK_=3
%ifarch x86_64 %{ix86}
%else
rm test/csv01.test
%endif
make test
%endif # with check
%ldconfig_scriptlets
%files
%doc README.md
%{_bindir}/{sqlite3,lemon,sqlite3_analyzer}
%{_libdir}/*.so.*
%{_datadir}/lemon
%{tcl_sitearch}/sqlite3
%exclude %{_libdir}/*.{la,a}
%files devel
%{_includedir}/*.h
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%files help
%doc %{name}-doc-%{extver}/*
%{_mandir}/man*/*
%changelog
* Wed Sep 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-4
- Type:enhancemnet
- ID:NA
- SUG:NA
- DESC:remove debuginfo
* Wed Aug 28 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-3
- Type:enhancemnet
- ID:NA
- SUG:restart
- DESC:openEuler Debranding
* Tue Aug 20 2019 wubo<wubo40@huawei.com> - 3.24.0-2.h4
- Type:
- ID:
- SUG:NA
- DESC:rename patch
* Thu Aug 15 2019 wubo<wubo40@huawei.com> - 3.24.0-2.h3
- Type:bugfix
- ID:CVE-2019-8457
- SUG:NA
- DESC:heap out-of-bound read in function rtreenode()
* Sat Mar 23 2019 Xiaoqi Guo<guoxiaoqi2@huawei.com> - 3.24.0-2.h2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:backport patch from community
* Sat Mar 23 2019 luochunsheng<luochunsheng@huawei.com> - 3.24.0-2.h1
- Type:cves
- ID:CVE-2018-20346
- SUG:NA
- DESC:CVE-2018-20346
- Package init