From 54d501092d88c0cf89bec4279951f548fb0b8618 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Thu, 19 Dec 2019 15:15:40 +0000
Subject: [PATCH] Fix CVE-2019-19925
 Fix the zipfile extension so that INSERT works even if the
 pathname of the file being inserted is a NULL.  Bug discovered by the
 Yongheng and Rui fuzzer.

FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06

Change by Weifeng <suweifeng1@huawei.com>:
    Fit for version 3.24.0
---
 ext/misc/zipfile.c |  1 +
 test/zipfile.test  | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index 9f2258e..01cd0ca 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1617,6 +1617,7 @@ static int zipfileUpdate(
 
     if( rc==SQLITE_OK ){
       zPath = (const char*)sqlite3_value_text(apVal[2]);
+      if( zPath==0 ) zPath = "";
       nPath = (int)strlen(zPath);
       mTime = zipfileGetTime(apVal[4]);
     }
diff --git a/test/zipfile.test b/test/zipfile.test
index ebc4977..abf432c 100644
--- a/test/zipfile.test
+++ b/test/zipfile.test
@@ -761,4 +761,17 @@ do_execsql_test 11.11 {
   SELECT name, data FROM z ORDER BY name;
 } {b0suffix two b2suffix one}
 
+# 2019-12-18 Yongheng and Rui fuzzer
+#
+do_execsql_test 13.10 {
+  DROP TABLE IF EXISTS t0;
+  DROP TABLE IF EXISTS t1;
+  CREATE TABLE t0(a,b,c,d,e,f,g);
+  REPLACE INTO t0(c,b,f) VALUES(10,10,10);
+  CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
+  REPLACE INTO t1 SELECT * FROM t0;
+  SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
+         quote(data),quote(method) FROM t1;
+} {'' 10 10 2 X'3130' X'3130' 0}
+
 finish_test
-- 
2.19.1