Fix CVE-2020-15358 and CVE-2020-13871

Test: atest SQLiteSecurityTest Bug: 192605364 Bug: 192606047 Change-Id: If729ab11c364eea165eed1dfc21518bf60d694e2
TeamWin · Jul 13, 2021 · 8450012 · 8450012
1 parent a7e67de
commit 8450012
Show file tree

Hide file tree

Showing 6 changed files with 407 additions and 144 deletions.
diff --git a/README.version b/README.version
@@ -1,3 +1,4 @@
-URL: https://www.sqlite.org/2020/sqlite-autoconf-3320200.tar.gz
-Version: 3.32.2 44a58d6c
+URL: https://www.sqlite.org/src/tarball/bcd014c4/SQLite-bcd014c4.tar.gz
+Version: 3.32a bcd014c4
+This patch fixes CVE-2020-15358 and CVE-2020-13871, b/192605364 and b/192606047
 BugComponent: 24950
diff --git a/dist/Android.patch b/dist/Android.patch
@@ -1,5 +1,5 @@
---- orig/shell.c	2020-07-09 13:55:18.598783417 +0100
-+++ shell.c	2020-10-06 00:01:10.631859326 +0100
+--- orig/shell.c	2021-07-12 20:54:40.989319871 +0100
++++ shell.c	2021-07-12 20:54:51.609392247 +0100
 @@ -95,6 +95,11 @@
  #endif
  #include <ctype.h>
@@ -35,9 +35,9 @@
      if( p->openMode==SHELL_OPEN_ZIPFILE ){
        char *zSql = sqlite3_mprintf(
           "CREATE VIRTUAL TABLE zip USING zipfile(%Q);", p->zDbFilename);
---- orig/sqlite3.c	2020-07-09 13:55:18.706784068 +0100
-+++ sqlite3.c	2020-07-09 13:55:18.814784719 +0100
-@@ -33395,6 +33395,10 @@
+--- orig/sqlite3.c	2021-07-12 20:54:40.969319735 +0100
++++ sqlite3.c	2021-07-12 20:54:51.609392247 +0100
+@@ -33407,6 +33407,10 @@
  # include <sys/mount.h>
  #endif
 
@@ -48,7 +48,7 @@
  #ifdef HAVE_UTIME
  # include <utime.h>
  #endif
-@@ -34155,6 +34159,12 @@
+@@ -34167,6 +34171,12 @@
  #if defined(FD_CLOEXEC) && (!defined(O_CLOEXEC) || O_CLOEXEC==0)
      osFcntl(fd, F_SETFD, osFcntl(fd, F_GETFD, 0) | FD_CLOEXEC);
  #endif
@@ -61,7 +61,7 @@
    }
    return fd;
  }
-@@ -34735,7 +34745,13 @@
+@@ -34747,7 +34757,13 @@
  ** and move on.
  */
  static void robust_close(unixFile *pFile, int h, int lineno){
@@ -75,7 +75,7 @@
      unixLogErrorAtLine(SQLITE_IOERR_CLOSE, "close",
                         pFile ? pFile->zPath : 0, lineno);
    }
-@@ -37269,7 +37285,7 @@
+@@ -37281,7 +37297,7 @@
    SimulateIOError( rc=1 );
    if( rc!=0 ){
      storeLastErrno((unixFile*)id, errno);
@@ -84,7 +84,7 @@
    }
    *pSize = buf.st_size;
 
-@@ -37305,7 +37321,7 @@
+@@ -37317,7 +37333,7 @@
      struct stat buf;              /* Used to hold return values of fstat() */
 
      if( osFstat(pFile->h, &buf) ){
@@ -93,7 +93,7 @@
      }
 
      nSize = ((nByte+pFile->szChunk-1) / pFile->szChunk) * pFile->szChunk;
-@@ -38000,7 +38016,7 @@
+@@ -38012,7 +38028,7 @@
      ** with the same permissions.
      */
      if( osFstat(pDbFd->h, &sStat) ){
@@ -102,7 +102,7 @@
        goto shm_open_err;
      }
 
-@@ -128218,7 +128234,7 @@
+@@ -128302,7 +128318,7 @@
    }
    if( pDb->pSchema->file_format>SQLITE_MAX_FILE_FORMAT ){
      sqlite3SetString(pzErrMsg, db, "unsupported file format");
@@ -111,7 +111,7 @@
      goto initone_error_out;
    }
 
-@@ -170128,13 +170144,25 @@
+@@ -170259,13 +170275,25 @@
    ** module with sqlite.
    */
    if( SQLITE_OK==rc