Differential D16017 Diff 44490 devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c

Changeset View

Standalone View

Property	Old Value	New Value
fbsd:nokeywords	null	yes \ No newline at end of property
svn:eol-style	null	native \ No newline at end of property
svn:keywords	null	FreeBSD=%H \ No newline at end of property
svn:mime-type	null	text/plain \ No newline at end of property

				# Fix for CVE-2018-8740: https://nvd.nist.gov/vuln/detail/CVE-2018-8740
				# Detect databases whose schema is corrupted using a CREATE TABLE AS statement and issue an appropriate error message.
				# Commit [d75e6765]: https://www.sqlite.org/src/info/d75e67654aa9620b
				# Description: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349

				--- uppsrc/plugin/sqlite3/lib/sqlite3.c.orig 2018-03-31 06:10:16 UTC
				+++ uppsrc/plugin/sqlite3/lib/sqlite3.c
				@@ -103474,8 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable(
				p = pParse->pNewTable;
				if( p==0 ) return;

				- assert( !db->init.busy \|\| !pSelect );
				-
				/* If the db->init.busy is 1 it means we are reading the SQL off the
				** "sqlite_master" or "sqlite_temp_master" table on the disk.
				** So do not write to the disk again. Extract the root page number
				@@ -103486,6 +103484,10 @@ SQLITE_PRIVATE void sqlite3EndTable(
				** table itself. So mark it read-only.
				*/
				if( db->init.busy ){
				+ if( pSelect ){
				+ sqlite3ErrorMsg(pParse, "");
				+ return;
				+ }
				p->tnum = db->init.newTnum;
				if( p->tnum==1 ) p->tabFlags \|= TF_Readonly;
				}
				@@ -117813,7 +117815,7 @@ static void corruptSchema(
				char *z;
				if( zObj==0 ) zObj = "?";
				z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
				- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
				+ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
				sqlite3DbFree(db, *pData->pzErrMsg);
				*pData->pzErrMsg = z;
				}