poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch - openbmc/openbmc - Gitiles

 Fix a defect in the query-flattener optimization identified by ticket [8f157e8010b22af0].

 Upstream-Status: Backport
 https://www.sqlite.org/src/info/10fa79d00f8091e5
 CVE: CVE-2020-15358
 Signed-off-by: Armin Kuster <akuster@mvista.com>

 Index: sqlite-autoconf-3310100/sqlite3.c
 ===================================================================
 --- sqlite-autoconf-3310100.orig/sqlite3.c
 +++ sqlite-autoconf-3310100/sqlite3.c
 @@ -18349,6 +18349,7 @@ struct Select {
  #define SF_WhereBegin    0x0080000 /* Really a WhereBegin() call.  Debug Only */
  #define SF_WinRewrite    0x0100000 /* Window function rewrite accomplished */
  #define SF_View          0x0200000 /* SELECT statement is a view */
 +#define SF_NoopOrderBy   0x0400000 /* ORDER BY is ignored for this query */

  /*
  ** The results of a SELECT can be distributed in several ways, as defined
 @@ -130607,9 +130608,7 @@ static int multiSelect(
                            selectOpName(p->op)));
          rc = sqlite3Select(pParse, p, &uniondest);
          testcase( rc!=SQLITE_OK );
 -        /* Query flattening in sqlite3Select() might refill p->pOrderBy.
 -        ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */
 -        sqlite3ExprListDelete(db, p->pOrderBy);
 +        assert( p->pOrderBy==0 );
          pDelete = p->pPrior;
          p->pPrior = pPrior;
          p->pOrderBy = 0;
 @@ -131958,7 +131957,7 @@ static int flattenSubquery(
      ** We look at every expression in the outer query and every place we see
      ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".
      */
 -    if( pSub->pOrderBy ){
 +    if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
        /* At this point, any non-zero iOrderByCol values indicate that the
        ** ORDER BY column expression is identical to the iOrderByCol'th
        ** expression returned by SELECT statement pSub. Since these values
 @@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select(
      sqlite3ExprListDelete(db, p->pOrderBy);
      p->pOrderBy = 0;
      p->selFlags &= ~SF_Distinct;
 +    p->selFlags |= SF_NoopOrderBy;
    }
    sqlite3SelectPrep(pParse, p, 0);
    if( pParse->nErr || db->mallocFailed ){
	Fix a defect in the query-flattener optimization identified by ticket [8f157e8010b22af0].

	Upstream-Status: Backport
	https://www.sqlite.org/src/info/10fa79d00f8091e5
	CVE: CVE-2020-15358
	Signed-off-by: Armin Kuster <akuster@mvista.com>

	Index: sqlite-autoconf-3310100/sqlite3.c
	===================================================================
	--- sqlite-autoconf-3310100.orig/sqlite3.c
	+++ sqlite-autoconf-3310100/sqlite3.c
	@@ -18349,6 +18349,7 @@ struct Select {
	#define SF_WhereBegin 0x0080000 /* Really a WhereBegin() call. Debug Only */
	#define SF_WinRewrite 0x0100000 /* Window function rewrite accomplished */
	#define SF_View 0x0200000 /* SELECT statement is a view */
	+#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */

	/*
	** The results of a SELECT can be distributed in several ways, as defined
	@@ -130607,9 +130608,7 @@ static int multiSelect(
	selectOpName(p->op)));
	rc = sqlite3Select(pParse, p, &uniondest);
	testcase( rc!=SQLITE_OK );
	- /* Query flattening in sqlite3Select() might refill p->pOrderBy.
	- ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */
	- sqlite3ExprListDelete(db, p->pOrderBy);
	+ assert( p->pOrderBy==0 );
	pDelete = p->pPrior;
	p->pPrior = pPrior;
	p->pOrderBy = 0;
	@@ -131958,7 +131957,7 @@ static int flattenSubquery(
	** We look at every expression in the outer query and every place we see
	** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".
	*/
	- if( pSub->pOrderBy ){
	+ if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
	/* At this point, any non-zero iOrderByCol values indicate that the
	** ORDER BY column expression is identical to the iOrderByCol'th
	** expression returned by SELECT statement pSub. Since these values
	@@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select(
	sqlite3ExprListDelete(db, p->pOrderBy);
	p->pOrderBy = 0;
	p->selFlags &= ~SF_Distinct;
	+ p->selFlags \|= SF_NoopOrderBy;
	}
	sqlite3SelectPrep(pParse, p, 0);
	if( pParse->nErr \|\| db->mallocFailed ){