packages/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
dogsheng 2019-12-25 16:07:59 +08:00
parent 81a5c3e471
commit b4a4c8ae87
3 changed files with 103 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
6045-sqlite-CVE-2019-16168.patch Normal file
View File

@ -0,0 +1,65 @@
From f555312151f716b54558776bce53bef9edb69d3a Mon Sep 17 00:00:00 2001
From: guiyao <guiyao@huawei.com>
Date: Mon, 14 Oct 2019 05:23:59 -0400
Subject: [PATCH] fix CVE-2019-16168
---
src/analyze.c | 4 +++-
src/where.c | 1 +
test/analyzeC.test | 13 +++++++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/src/analyze.c b/src/analyze.c
index 48fd495..552330b 100644
--- a/src/analyze.c
+++ b/src/analyze.c
@@ -1497,7 +1497,9 @@ static void decodeIntArray(
if( sqlite3_strglob("unordered*", z)==0 ){
pIndex->bUnordered = 1;
}else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
+ int sz = sqlite3Atoi(z+3);
+ if( sz<2 ) sz = 2;
+ pIndex->szIdxRow = sqlite3LogEst(sz);
}else if( sqlite3_strglob("noskipscan*", z)==0 ){
pIndex->noSkipScan = 1;
}
diff --git a/src/where.c b/src/where.c
index b83915e..1df9b46 100644
--- a/src/where.c
+++ b/src/where.c
@@ -2585,6 +2585,7 @@ static int whereLoopAddBtreeIndex(
** it to pNew->rRun, which is currently set to the cost of the index
** seek only. Then, if this is a non-covering index, add the cost of
** visiting the rows in the main table. */
+ assert( pSrc->pTab->szTabRow>0 );
rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
diff --git a/test/analyzeC.test b/test/analyzeC.test
index 02faa9c..246da89 100644
--- a/test/analyzeC.test
+++ b/test/analyzeC.test
@@ -132,6 +132,19 @@ do_execsql_test 4.3 {
SELECT count(a) FROM t1;
} {/.*INDEX t1ca.*/}
+# 2019-08-15.
+# Ticket https://www.sqlite.org/src/tktview/e4598ecbdd18bd82945f602901
+# The sz=N parameter in the sqlite_stat1 table needs to have a value of
+# 2 or more to avoid a division by zero in the query planner.
+#
+do_execsql_test 4.4 {
+ DROP TABLE IF EXISTS t44;
+ CREATE TABLE t44(a PRIMARY KEY);
+ INSERT INTO sqlite_stat1 VALUES('t44',null,'sz=0');
+ ANALYZE sqlite_master;
+ SELECT 0 FROM t44 WHERE a IN(1,2,3);
+} {}
+
# The sz=NNN parameter works even if there is other extraneous text
# in the sqlite_stat1.stat column.
--
1.8.3.1

27
6046-Fix-CVE-2019-19646.patch Normal file
View File

@ -0,0 +1,27 @@
From b097449afefa53e05637aaa43197c66cece575c7 Mon Sep 17 00:00:00 2001
From: guiyao <guiyao@huawei.com>
Date: Tue, 17 Dec 2019 10:53:58 -0500
Subject: [PATCH] Backport Fix CVE-2019-19646
---
src/pragma.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/pragma.c b/src/pragma.c
index 4699c96..eda1a16 100644
--- a/src/pragma.c
+++ b/src/pragma.c
@@ -1571,7 +1571,9 @@ void sqlite3Pragma(
if( j==pTab->iPKey ) continue;
if( pTab->aCol[j].notNull==0 ) continue;
sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3);
- sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
+ if( sqlite3VdbeGetOp(v,-1)->opcode==OP_Column ){
+ sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
+ }
jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v);
zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
pTab->aCol[j].zName);
--
1.8.3.1

17
sqlite.spec
View File

@ -6,7 +6,7 @@
Name: sqlite Name: sqlite
Version: 3.24.0 Version: 3.24.0
Release: 4 Release: 5
Summary: Embeded SQL database Summary: Embeded SQL database
License: Public Domain License: Public Domain
URL: http://www.sqlite.org/ URL: http://www.sqlite.org/
@ -69,7 +69,8 @@ Patch6041: 6041-Fix-another-segfault-that-could-occur-in-fts5-with-a.patch
Patch6042: 6042-Fix-a-potential-memory-leak-in-RBU-if-the-rbu_fossil.patch Patch6042: 6042-Fix-a-potential-memory-leak-in-RBU-if-the-rbu_fossil.patch
Patch6043: 6043-Fix-a-potential-32-bit-integer-overflow-in-the-showd.patch Patch6043: 6043-Fix-a-potential-32-bit-integer-overflow-in-the-showd.patch
Patch6044: 6044-sqlite-CVE-2019-8457-out-of-bounds-read.patch Patch6044: 6044-sqlite-CVE-2019-8457-out-of-bounds-read.patch
Patch6045: 6045-sqlite-CVE-2019-16168.patch
Patch6046: 6046-Fix-CVE-2019-19646.patch
BuildRequires: gcc autoconf tcl tcl-devel BuildRequires: gcc autoconf tcl tcl-devel
BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: ncurses-devel readline-devel glibc-devel
@ -168,8 +169,8 @@ This contains man files and HTML files for the using of sqlite.
%patch6042 -p1 %patch6042 -p1
%patch6043 -p1 %patch6043 -p1
%patch6044 -p1 %patch6044 -p1
%patch6045 -p1
%patch6046 -p1
rm -f %{name}-doc-%{extver}/sqlite.css~ || : rm -f %{name}-doc-%{extver}/sqlite.css~ || :
@ -239,9 +240,13 @@ make test
%doc %{name}-doc-%{extver}/* %doc %{name}-doc-%{extver}/*
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix CVE bug
* Wed Sep 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-4 * Wed Sep 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-4
- Type:enhancemnet - Type:enhancemnet
- ID:NA - ID:NA