Blame sqlite-3.19.3-CVE-2017-10989.patch
|
|
a9f2f8d |
Index: ext/rtree/rtree.c
|
|
|
a9f2f8d |
==================================================================
|
|
|
a9f2f8d |
--- ext/rtree/rtree.c
|
|
|
a9f2f8d |
+++ ext/rtree/rtree.c
|
|
|
a9f2f8d |
@@ -3435,10 +3435,14 @@
|
|
|
a9f2f8d |
pRtree->zDb, pRtree->zName
|
|
|
a9f2f8d |
);
|
|
|
a9f2f8d |
rc = getIntFromStmt(db, zSql, &pRtree->iNodeSize);
|
|
|
a9f2f8d |
if( rc!=SQLITE_OK ){
|
|
|
a9f2f8d |
*pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
|
|
|
a9f2f8d |
+ }else if( pRtree->iNodeSize<(512-64) ){
|
|
|
a9f2f8d |
+ rc = SQLITE_CORRUPT;
|
|
|
a9f2f8d |
+ *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"",
|
|
|
a9f2f8d |
+ pRtree->zName);
|
|
|
a9f2f8d |
}
|
|
|
a9f2f8d |
}
|
|
|
a9f2f8d |
|
|
|
a9f2f8d |
sqlite3_free(zSql);
|
|
|
a9f2f8d |
return rc;
|
|
|
a9f2f8d |
|
|
|
a9f2f8d |
Index: ext/rtree/rtreeA.test
|
|
|
a9f2f8d |
==================================================================
|
|
|
a9f2f8d |
--- ext/rtree/rtreeA.test
|
|
|
a9f2f8d |
+++ ext/rtree/rtreeA.test
|
|
|
a9f2f8d |
@@ -213,8 +213,21 @@
|
|
|
a9f2f8d |
} {}
|
|
|
a9f2f8d |
do_corruption_tests rtreeA-6.1 {
|
|
|
a9f2f8d |
1 "DELETE FROM t1 WHERE rowid = 5"
|
|
|
a9f2f8d |
2 "UPDATE t1 SET x1=x1+1, x2=x2+1"
|
|
|
a9f2f8d |
}
|
|
|
a9f2f8d |
+
|
|
|
a9f2f8d |
+#-------------------------------------------------------------------------
|
|
|
a9f2f8d |
+# Truncated blobs in the _node table.
|
|
|
a9f2f8d |
+#
|
|
|
a9f2f8d |
+create_t1
|
|
|
a9f2f8d |
+populate_t1
|
|
|
a9f2f8d |
+sqlite3 db test.db
|
|
|
a9f2f8d |
+do_execsql_test rtreeA-7.100 {
|
|
|
a9f2f8d |
+ UPDATE t1_node SET data=x'' WHERE rowid=1;
|
|
|
a9f2f8d |
+} {}
|
|
|
a9f2f8d |
+do_catchsql_test rtreeA-7.110 {
|
|
|
a9f2f8d |
+ SELECT * FROM t1 WHERE x1>0 AND x1<100 AND x2>0 AND x2<100;
|
|
|
a9f2f8d |
+} {1 {undersize RTree blobs in "t1_node"}}
|
|
|
a9f2f8d |
|
|
|
a9f2f8d |
|
|
|
a9f2f8d |
finish_test
|