public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Mike Gilbert" <floppym@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-db/sqlite/, dev-db/sqlite/files/
Date: Sat,  4 Jul 2020 13:53:09 +0000 (UTC)	[thread overview]
Message-ID: <1593870748.51cc692bb2bd55a85dd31fbcd972fe590879e429.floppym@gentoo> (raw)

commit:     51cc692bb2bd55a85dd31fbcd972fe590879e429
Author:     Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache <DOT> Org>
AuthorDate: Thu Jul  2 13:57:21 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Jul  4 13:52:28 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51cc692b

dev-db/sqlite: Security fixes.

Bug: https://bugs.gentoo.org/716748
Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache.Org>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/sqlite-3.32.3-security_fixes.patch       | 146 +++++++++++++++++++++
 dev-db/sqlite/sqlite-3.32.3.ebuild                 |   1 +
 2 files changed, 147 insertions(+)

diff --git a/dev-db/sqlite/files/sqlite-3.32.3-security_fixes.patch b/dev-db/sqlite/files/sqlite-3.32.3-security_fixes.patch
new file mode 100644
index 00000000000..ad2a3bfe16d
--- /dev/null
+++ b/dev-db/sqlite/files/sqlite-3.32.3-security_fixes.patch
@@ -0,0 +1,146 @@
+https://sqlite.org/src/info/cc888878ea8d5bc7
+https://sqlite.org/src/info/be545f85a6ef09cc
+https://sqlite.org/src/info/6e0ffa2053124168
+https://sqlite.org/src/info/4d0cfb1236884349
+
+--- /ext/fts3/fts3.c
++++ /ext/fts3/fts3.c
+@@ -5208,10 +5208,12 @@
+   );
+   if( res ){
+     nNew = (int)(pOut - pPhrase->doclist.pList) - 1;
+-    assert( pPhrase->doclist.pList[nNew]=='\0' );
+-    assert( nNew<=pPhrase->doclist.nList && nNew>0 );
+-    memset(&pPhrase->doclist.pList[nNew], 0, pPhrase->doclist.nList - nNew);
+-    pPhrase->doclist.nList = nNew;
++    if( nNew>=0 ){
++      assert( pPhrase->doclist.pList[nNew]=='\0' );
++      assert( nNew<=pPhrase->doclist.nList && nNew>0 );
++      memset(&pPhrase->doclist.pList[nNew], 0, pPhrase->doclist.nList - nNew);
++      pPhrase->doclist.nList = nNew;
++    }
+     *paPoslist = pPhrase->doclist.pList;
+     *pnToken = pPhrase->nToken;
+   }
+--- /ext/fts3/fts3_write.c
++++ /ext/fts3/fts3_write.c
+@@ -341,7 +341,9 @@
+ ** created by merging the oldest :2 segments from absolute level :1. See 
+ ** function sqlite3Fts3Incrmerge() for details.  */
+ /* 29 */ "SELECT 2 * total(1 + leaves_end_block - start_block) "
+-         "  FROM %Q.'%q_segdir' WHERE level = ? AND idx < ?",
++         "  FROM (SELECT * FROM %Q.'%q_segdir' "
++         "        WHERE level = ? ORDER BY idx ASC LIMIT ?"
++         "  )",
+ 
+ /* SQL_DELETE_SEGDIR_ENTRY
+ **   Delete the %_segdir entry on absolute level :1 with index :2.  */
+@@ -2853,6 +2855,19 @@
+   return SQLITE_OK;
+ }
+ 
++static int fts3GrowSegReaderBuffer(Fts3MultiSegReader *pCsr, int nReq){
++  if( nReq>pCsr->nBuffer ){
++    char *aNew;
++    pCsr->nBuffer = nReq*2;
++    aNew = sqlite3_realloc(pCsr->aBuffer, pCsr->nBuffer);
++    if( !aNew ){
++      return SQLITE_NOMEM;
++    }
++    pCsr->aBuffer = aNew;
++  }
++  return SQLITE_OK;
++}
++
+ 
+ int sqlite3Fts3SegReaderStep(
+   Fts3Table *p,                   /* Virtual table handle */
+@@ -2987,15 +3002,9 @@
+           }
+ 
+           nByte = sqlite3Fts3VarintLen(iDelta) + (isRequirePos?nList+1:0);
+-          if( nDoclist+nByte>pCsr->nBuffer ){
+-            char *aNew;
+-            pCsr->nBuffer = (nDoclist+nByte)*2;
+-            aNew = sqlite3_realloc(pCsr->aBuffer, pCsr->nBuffer);
+-            if( !aNew ){
+-              return SQLITE_NOMEM;
+-            }
+-            pCsr->aBuffer = aNew;
+-          }
++
++          rc = fts3GrowSegReaderBuffer(pCsr, nByte+nDoclist);
++          if( rc ) return rc;
+ 
+           if( isFirst ){
+             char *a = &pCsr->aBuffer[nDoclist];
+@@ -3020,6 +3029,9 @@
+         fts3SegReaderSort(apSegment, nMerge, j, xCmp);
+       }
+       if( nDoclist>0 ){
++        rc = fts3GrowSegReaderBuffer(pCsr, nDoclist+FTS3_NODE_PADDING);
++        if( rc ) return rc;
++        memset(&pCsr->aBuffer[nDoclist], 0, FTS3_NODE_PADDING);
+         pCsr->aDoclist = pCsr->aBuffer;
+         pCsr->nDoclist = nDoclist;
+         rc = SQLITE_ROW;
+--- /src/expr.c
++++ /src/expr.c
+@@ -4272,7 +4272,9 @@
+       int nCol;
+       testcase( op==TK_EXISTS );
+       testcase( op==TK_SELECT );
+-      if( op==TK_SELECT && (nCol = pExpr->x.pSelect->pEList->nExpr)!=1 ){
++      if( pParse->db->mallocFailed ){
++        return 0;
++      }else if( op==TK_SELECT && (nCol = pExpr->x.pSelect->pEList->nExpr)!=1 ){
+         sqlite3SubselectError(pParse, nCol, 1);
+       }else{
+         return sqlite3CodeSubselect(pParse, pExpr);
+--- /test/fts3corrupt4.test
++++ /test/fts3corrupt4.test
+@@ -6123,4 +6123,44 @@
+   SELECT offsets(t1) FROM t1 WHERE t1 MATCH 'rtree ner "json1^enable"';
+ }
+ 
++#-------------------------------------------------------------------------
++do_execsql_test 42.1 {
++  CREATE VIRTUAL TABLE f USING fts3(a, b);
++}
++do_execsql_test 42.2 {
++  INSERT INTO f_segdir VALUES(0,2,1111,0,0,X'00');
++  INSERT INTO f_segdir VALUES(0,3,0   ,0,0,X'00013003010200');
++}
++do_execsql_test 42.3 {
++  INSERT INTO f(f) VALUES ('merge=107,2');
++}
++
++#-------------------------------------------------------------------------
++reset_db
++set saved $sqlite_fts3_enable_parentheses
++set sqlite_fts3_enable_parentheses 1
++do_execsql_test 43.1 {
++  CREATE VIRTUAL TABLE def USING fts3(xyz);
++  INSERT INTO def_segdir VALUES(0,0,0,0,0, X'0001310301c9000103323334050d81');
++} {}
++
++do_execsql_test 43.2 {
++  SELECT rowid FROM def WHERE def MATCH '1 NEAR 1'
++} {1}
++
++set sqlite_fts3_enable_parentheses $saved
++
++#-------------------------------------------------------------------------
++reset_db
++do_execsql_test 44.1 {
++  CREATE VIRTUAL TABLE t0 USING fts3(col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY);
++  INSERT INTO t0_content VALUES(0,NULL,NULL,NULL,NULL);
++  INSERT INTO t0_segdir VALUES(0,0,0,0,'0 42',X'00013103010200010332333405010201ba00000461616161050101020200000462626262050101030200');
++}
++
++do_execsql_test 44.2 {
++  SELECT matchinfo(t0, t0) IS NULL FROM t0 WHERE t0 MATCH '1*'
++} {0}
++
++
+ finish_test

diff --git a/dev-db/sqlite/sqlite-3.32.3.ebuild b/dev-db/sqlite/sqlite-3.32.3.ebuild
index 837ec066c9e..d23c7e7cd72 100644
--- a/dev-db/sqlite/sqlite-3.32.3.ebuild
+++ b/dev-db/sqlite/sqlite-3.32.3.ebuild
@@ -101,6 +101,7 @@ src_unpack() {
 src_prepare() {
 	eapply "${FILESDIR}/${PN}-3.32.1-full_archive-build_1.patch"
 	eapply "${FILESDIR}/${PN}-3.32.1-full_archive-build_2.patch"
+	eapply "${FILESDIR}/${PN}-3.32.3-security_fixes.patch"
 
 	eapply_user
 


             reply	other threads:[~2020-07-04 13:53 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-04 13:53 Mike Gilbert [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-02-22 13:18 [gentoo-commits] repo/gentoo:master commit in: dev-db/sqlite/, dev-db/sqlite/files/ Jakov Smolić
2024-12-27 17:14 Sam James
2024-11-16 18:20 Jakov Smolić
2024-03-01 19:10 Jakov Smolić
2024-02-06  3:26 Sam James
2023-04-17 17:30 Jakov Smolić
2023-03-23 22:39 Sam James
2022-11-25  3:40 Sam James
2021-04-02 15:00 Mike Gilbert
2021-03-26 14:38 Mike Gilbert
2021-03-26 14:38 Mike Gilbert
2020-12-28  0:01 Mike Gilbert
2020-12-27 18:39 Mike Gilbert
2020-09-15 18:34 Mike Gilbert
2020-07-29 18:46 Mike Gilbert
2020-07-04 13:53 Mike Gilbert
2020-03-09 19:29 Mike Gilbert
2019-12-06 20:25 Mike Gilbert
2019-05-05 19:05 Mike Gilbert
2019-02-25 21:25 Mike Gilbert
2018-12-19 17:59 Mike Gilbert
2018-10-02 20:08 Mike Gilbert
2018-06-13 14:36 Mike Gilbert
2018-04-16 18:29 Mike Gilbert
2018-04-16 18:29 Mike Gilbert
2018-02-12 19:16 Mike Gilbert
2017-11-01 20:54 Mike Gilbert
2017-11-01 20:54 Mike Gilbert
2017-09-28 17:18 Mike Gilbert
2017-08-04 18:39 Mike Gilbert
2017-04-04 19:50 Mike Gilbert
2016-11-10 18:19 Mike Gilbert
2016-08-16 18:37 Mike Gilbert
2016-04-02 21:31 Mike Gilbert
2016-03-03  1:54 Mike Gilbert
2016-02-20 17:23 Pacho Ramos

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1593870748.51cc692bb2bd55a85dd31fbcd972fe590879e429.floppym@gentoo \
    --to=floppym@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox