packages/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!71 fix integer overflow on gigabyte string

Browse Source 
From: @zwtmichael 
Reviewed-by: @wbq_sky 
Signed-off-by: @wbq_sky
This commit is contained in:
openeuler-ci-bot 2022-09-05 09:35:02 +00:00 committed by Gitee
commit b6baf940d4
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0005-fix-integer-overflow-on-gigabyte-string.patch Normal file
View File

@ -0,0 +1,28 @@
From 72210cf3c782ff30867d5c78e13900be9904ba76 Mon Sep 17 00:00:00 2001
From: zwtmichael <zhuwentao5@huawei.com>
Date: Mon, 5 Sep 2022 16:49:05 +0800
Subject: [PATCH] fix integer overflow on gigabyte string
Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
---
src/printf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/printf.c b/src/printf.c
index e635184..fb3689e 100644
--- a/src/printf.c
+++ b/src/printf.c
@@ -803,8 +803,8 @@ void sqlite3_str_vappendf(
case etSQLESCAPE: /* %q: Escape ' characters */
case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */
case etSQLESCAPE3: { /* %w: Escape " characters */
- int i, j, k, n, isnull;
- int needQuote;
+ i64 i, j, k, n;
+ int needQuote, isnull;
char ch;
char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */
char *escarg;
--
2.25.1

7
sqlite.spec
View File

@ -6,7 +6,7 @@
Name: sqlite Name: sqlite
Version: 3.37.2 Version: 3.37.2
Release: 1 Release: 2
Summary: Embeded SQL database Summary: Embeded SQL database
License: Public Domain License: Public Domain
URL: http://www.sqlite.org/ URL: http://www.sqlite.org/
@ -19,6 +19,7 @@ Patch1: 0001-sqlite-no-malloc-usable-size.patch
Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
Patch3: 0003-CVE-2022-35737.patch Patch3: 0003-CVE-2022-35737.patch
Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch
Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch
BuildRequires: gcc autoconf tcl tcl-devel BuildRequires: gcc autoconf tcl tcl-devel
BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: ncurses-devel readline-devel glibc-devel
@ -65,6 +66,7 @@ This contains man files and HTML files for the using of sqlite.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
rm -f %{name}-doc-%{extver}/sqlite.css~ || : rm -f %{name}-doc-%{extver}/sqlite.css~ || :
@ -135,6 +137,9 @@ make test
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Mon Sep 5 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-2
- fix integer overflow on gigabyte string
* Mon Aug 29 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-1 * Mon Aug 29 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-1
- update to 3.37.2 - update to 3.37.2