Changeset View
Changeset View
Standalone View
Standalone View
devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c
- This file was added.
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:keywords | null | FreeBSD=%H \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
# Fix for CVE-2018-8740: https://nvd.nist.gov/vuln/detail/CVE-2018-8740 | |||||
# Detect databases whose schema is corrupted using a CREATE TABLE AS statement and issue an appropriate error message. | |||||
# Commit [d75e6765]: https://www.sqlite.org/src/info/d75e67654aa9620b | |||||
# Description: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349 | |||||
--- uppsrc/plugin/sqlite3/lib/sqlite3.c.orig 2018-03-31 06:10:16 UTC | |||||
+++ uppsrc/plugin/sqlite3/lib/sqlite3.c | |||||
@@ -103474,8 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable( | |||||
p = pParse->pNewTable; | |||||
if( p==0 ) return; | |||||
- assert( !db->init.busy || !pSelect ); | |||||
- | |||||
/* If the db->init.busy is 1 it means we are reading the SQL off the | |||||
** "sqlite_master" or "sqlite_temp_master" table on the disk. | |||||
** So do not write to the disk again. Extract the root page number | |||||
@@ -103486,6 +103484,10 @@ SQLITE_PRIVATE void sqlite3EndTable( | |||||
** table itself. So mark it read-only. | |||||
*/ | |||||
if( db->init.busy ){ | |||||
+ if( pSelect ){ | |||||
+ sqlite3ErrorMsg(pParse, ""); | |||||
+ return; | |||||
+ } | |||||
p->tnum = db->init.newTnum; | |||||
if( p->tnum==1 ) p->tabFlags |= TF_Readonly; | |||||
} | |||||
@@ -117813,7 +117815,7 @@ static void corruptSchema( | |||||
char *z; | |||||
if( zObj==0 ) zObj = "?"; | |||||
z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj); | |||||
- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); | |||||
+ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); | |||||
sqlite3DbFree(db, *pData->pzErrMsg); | |||||
*pData->pzErrMsg = z; | |||||
} |