sqlite/sqlite-3.19.3-CVE-2017-10989.patch
Petr Kubat a9f2f8dd0f Updated to version 3.19.3
Better detection of CVE-2017-10989
Resolves: #1469673
2017-07-12 08:55:01 +02:00

47 lines
1.3 KiB
Diff

Index: ext/rtree/rtree.c
==================================================================
--- ext/rtree/rtree.c
+++ ext/rtree/rtree.c
@@ -3435,10 +3435,14 @@
pRtree->zDb, pRtree->zName
);
rc = getIntFromStmt(db, zSql, &pRtree->iNodeSize);
if( rc!=SQLITE_OK ){
*pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+ }else if( pRtree->iNodeSize<(512-64) ){
+ rc = SQLITE_CORRUPT;
+ *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"",
+ pRtree->zName);
}
}
sqlite3_free(zSql);
return rc;
Index: ext/rtree/rtreeA.test
==================================================================
--- ext/rtree/rtreeA.test
+++ ext/rtree/rtreeA.test
@@ -213,8 +213,21 @@
} {}
do_corruption_tests rtreeA-6.1 {
1 "DELETE FROM t1 WHERE rowid = 5"
2 "UPDATE t1 SET x1=x1+1, x2=x2+1"
}
+
+#-------------------------------------------------------------------------
+# Truncated blobs in the _node table.
+#
+create_t1
+populate_t1
+sqlite3 db test.db
+do_execsql_test rtreeA-7.100 {
+ UPDATE t1_node SET data=x'' WHERE rowid=1;
+} {}
+do_catchsql_test rtreeA-7.110 {
+ SELECT * FROM t1 WHERE x1>0 AND x1<100 AND x2>0 AND x2<100;
+} {1 {undersize RTree blobs in "t1_node"}}
finish_test