| From becd68ba0dac41904aa817d96a67fb4685734b41 Mon Sep 17 00:00:00 2001 |
| From: dan <dan@noemail.net> |
| Date: Sat, 16 May 2020 17:26:58 +0000 |
| Subject: [PATCH] Fix a use-after-free bug in the fts3 snippet() function. |
| |
| FossilOrigin-Name: 0d69f76f0865f9626078bee087a22fb826407279e78cf9d5382e1c985c9f64a9 |
| |
| Upstream-Status: Backport |
| CVE: CVE-2020-13630 |
| |
| Reference to upstream patch: |
| https://github.com/sqlite/sqlite/commit/becd68ba0dac41904aa817d96a67fb4685734b41 |
| |
| Patch converted to amalgamation format |
| |
| Signed-off-by: Steve Sakoman <steve@sakoman.com> |
| --- |
| sqlite3.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| diff --git a/sqlite3.c b/sqlite3.c |
| index 02892f8..e72fabb 100644 |
| --- a/sqlite3.c |
| +++ b/sqlite3.c |
| @@ -170257,6 +170257,7 @@ static void fts3EvalNextRow( |
| fts3EvalNextRow(pCsr, pLeft, pRc); |
| } |
| } |
| + pRight->bEof = pLeft->bEof = 1; |
| } |
| } |
| break; |