diff options
author | Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> | 2020-03-09 16:30:41 +0000 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2020-03-09 15:26:42 -0400 |
commit | f97d093bbdf3d3b6057a3743c4f9f541e51fd435 (patch) | |
tree | 2b50d3f1b0f5abfcb2f68a2e12534dafa7ada968 /dev-db/sqlite/files/sqlite-3.31.1-nonfull_archive-security_fixes.patch | |
parent | dev-db/sqlite: Version bump (3.31.1). (diff) | |
download | gentoo-f97d093bbdf3d3b6057a3743c4f9f541e51fd435.tar.gz gentoo-f97d093bbdf3d3b6057a3743c4f9f541e51fd435.tar.bz2 gentoo-f97d093bbdf3d3b6057a3743c4f9f541e51fd435.zip |
dev-db/sqlite: Security fixes.
Bug: https://bugs.gentoo.org/711526
Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'dev-db/sqlite/files/sqlite-3.31.1-nonfull_archive-security_fixes.patch')
-rw-r--r-- | dev-db/sqlite/files/sqlite-3.31.1-nonfull_archive-security_fixes.patch | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/dev-db/sqlite/files/sqlite-3.31.1-nonfull_archive-security_fixes.patch b/dev-db/sqlite/files/sqlite-3.31.1-nonfull_archive-security_fixes.patch new file mode 100644 index 000000000000..3bbbbf7c8dde --- /dev/null +++ b/dev-db/sqlite/files/sqlite-3.31.1-nonfull_archive-security_fixes.patch @@ -0,0 +1,112 @@ +https://sqlite.org/cgi/src/info/9d0d4ab95dc0c56e +https://sqlite.org/cgi/src/info/abc473fb8fb99900 +https://sqlite.org/cgi/src/info/5aeb5a2d295e10d5 +https://sqlite.org/cgi/src/info/a67cf5b7d37d5b14 +https://sqlite.org/cgi/src/info/c431b3fd8fd0f6a6 + +--- /sqlite3.c ++++ /sqlite3.c +@@ -17428,8 +17428,11 @@ + */ + #ifndef SQLITE_OMIT_VIRTUALTABLE + # define IsVirtual(X) ((X)->nModuleArg) ++# define ExprIsVtab(X) \ ++ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg) + #else + # define IsVirtual(X) 0 ++# define ExprIsVtab(X) 0 + #endif + + /* +@@ -97816,7 +97819,7 @@ + assert( !ExprHasProperty(pExpr, EP_Reduced) ); + /* Handle special cases of "x IS TRUE", "x IS FALSE", "x IS NOT TRUE", + ** and "x IS NOT FALSE". */ +- if( pRight->op==TK_ID ){ ++ if( pRight && pRight->op==TK_ID ){ + int rc = resolveExprStep(pWalker, pRight); + if( rc==WRC_Abort ) return WRC_Abort; + if( pRight->op==TK_TRUEFALSE ){ +@@ -104133,19 +104136,25 @@ + case TK_LT: + case TK_LE: + case TK_GT: +- case TK_GE: ++ case TK_GE: { ++ Expr *pLeft = pExpr->pLeft; ++ Expr *pRight = pExpr->pRight; + testcase( pExpr->op==TK_EQ ); + testcase( pExpr->op==TK_NE ); + testcase( pExpr->op==TK_LT ); + testcase( pExpr->op==TK_LE ); + testcase( pExpr->op==TK_GT ); + testcase( pExpr->op==TK_GE ); +- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab)) +- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab)) ++ /* The y.pTab=0 assignment in wherecode.c always happens after the ++ ** impliesNotNullRow() test */ ++ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0) ++ && IsVirtual(pLeft->y.pTab)) ++ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0) ++ && IsVirtual(pRight->y.pTab)) + ){ +- return WRC_Prune; ++ return WRC_Prune; + } +- ++ } + default: + return WRC_Continue; + } +@@ -130673,6 +130682,7 @@ + /* Generate code to take the intersection of the two temporary + ** tables. + */ ++ if( rc ) break; + assert( p->pEList ); + iBreak = sqlite3VdbeMakeLabel(pParse); + iCont = sqlite3VdbeMakeLabel(pParse); +@@ -133015,7 +133025,7 @@ + pNew = sqlite3ExprListAppend(pParse, pNew, pExpr); + sqlite3TokenInit(&sColname, zColname); + sqlite3ExprListSetName(pParse, pNew, &sColname, 0); +- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){ ++ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){ + struct ExprList_item *pX = &pNew->a[pNew->nExpr-1]; + sqlite3DbFree(db, pX->zEName); + if( pSub ){ +@@ -142593,7 +142603,8 @@ + ** MATCH(expression,vtab_column) + */ + pCol = pList->a[1].pExpr; +- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ ++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); ++ if( ExprIsVtab(pCol) ){ + for(i=0; i<ArraySize(aOp); i++){ + if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){ + *peOp2 = aOp[i].eOp2; +@@ -142615,7 +142626,8 @@ + ** with function names in an arbitrary case. + */ + pCol = pList->a[0].pExpr; +- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ ++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); ++ if( ExprIsVtab(pCol) ){ + sqlite3_vtab *pVtab; + sqlite3_module *pMod; + void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**); +@@ -142638,10 +142650,12 @@ + int res = 0; + Expr *pLeft = pExpr->pLeft; + Expr *pRight = pExpr->pRight; +- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){ ++ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 ); ++ if( ExprIsVtab(pLeft) ){ + res++; + } +- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){ ++ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 ); ++ if( pRight && ExprIsVtab(pRight) ){ + res++; + SWAP(Expr*, pLeft, pRight); + } |