[RESTRICT AUTOMERGE] Apply security patch to sqlite 3.18

zezeozue · Bryan Ferris · commit 9c46de648a54 · 2019-12-11T21:56:13.000Z
This patch fixes CVE-2019-9936，CVE-2019-5018，CVE-2019-8457 in b/140181188 b/140180629 and b/140182003 respectively Download from https://www.sqlite.org/src/info/b54aa18b0fe4d683 Get the Tarball or ZIP Archive, unzip it on linux machine then run: mkdir bld; cd bld; ../configure; make sqlite3.c Copy sqlite3.c, sqlite3.h, sqlite3ext.h, shell.c from bld directory to dist/orig. dist contains a copy of dist/orig, but with the Android.patch file applied. Test: select sqlite_version() - returns 3.18.2 Test: atest cts/SQLiteDatabaseTest all passed. Bug: 140181188 Bug: 140180629 Bug: 140182003 Merged-In: Iad8c3d1d74d8591a75a4c033c8bf9d3956d2fe4f Change-Id: Idab253d25374ef6c60e753086d9d8ba12f365697
diff --git a/README.version b/README.version
@@ -1,4 +1,4 @@
-URL: https://www.sqlite.org/src/info/4bb21d8205b3c72b
-Version: 3.18.2 4bb21d8205b3c72b94442018a0544ecc55e3320ef2593f0e3350142b7f2a7663
-This patch fixes Magellan SQLite Security Vulnerability as in b/121156452
+URL: https://www.sqlite.org/src/info/b54aa18b0fe4d683
+Version: 3.18.2 b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973
+This patch fixes CVE-2019-9936，CVE-2019-5018，CVE-2019-8457 in b/140181188 b/140180629 and b/140182003 respectively
 BugComponent: 24950
diff --git a/dist/orig/sqlite3.c b/dist/orig/sqlite3.c
@@ -400,7 +400,7 @@ extern "C" {
 */
 #define SQLITE_VERSION        "3.18.2"
 #define SQLITE_VERSION_NUMBER 3018002
-#define SQLITE_SOURCE_ID      "2018-12-19 01:38:18 4bb21d8205b3c72b94442018a0544ecc55e3320ef2593f0e3350142b7f2a7663"
+#define SQLITE_SOURCE_ID      "2019-09-03 19:40:52 b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973"
 
 /*
 ** CAPI3REF: Run-Time Library Version Numbers
@@ -167025,6 +167025,7 @@ static int rtreeInit(
 }
 
 
+#if defined(SQLITE_TEST)
 /*
 ** Implementation of a scalar function that decodes r-tree nodes to
 ** human readable strings. This can be used for debugging and analysis.
@@ -167086,6 +167087,7 @@ static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
   
   sqlite3_result_text(ctx, zText, -1, sqlite3_free);
 }
+#endif
 
 /* This routine implements an SQL function that returns the "depth" parameter
 ** from the front of a blob that is an r-tree node.  For example:
@@ -167115,9 +167117,11 @@ static void rtreedepth(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
 */
 SQLITE_PRIVATE int sqlite3RtreeInit(sqlite3 *db){
   const int utf8 = SQLITE_UTF8;
-  int rc;
+  int rc = SQLITE_OK;
 
+#if defined(SQLITE_TEST)
   rc = sqlite3_create_function(db, "rtreenode", 2, utf8, 0, rtreenode, 0, 0);
+#endif
   if( rc==SQLITE_OK ){
     rc = sqlite3_create_function(db, "rtreedepth", 1, utf8, 0,rtreedepth, 0, 0);
   }
@@ -189086,7 +189090,9 @@ static int fts5HashEntrySort(
   for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
     Fts5HashEntry *pIter;
     for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
-      if( pTerm==0 || 0==memcmp(pIter->zKey, pTerm, nTerm) ){
+      if( pTerm==0 
+       || (strlen(pIter->zKey)>=nTerm && 0==memcmp(pIter->zKey, pTerm, nTerm))
+      ){
         Fts5HashEntry *pEntry = pIter;
         pEntry->pScanNext = 0;
         for(i=0; ap[i]; i++){
@@ -198282,7 +198288,7 @@ static void fts5SourceIdFunc(
 ){
   assert( nArg==0 );
   UNUSED_PARAM2(nArg, apUnused);
-  sqlite3_result_text(pCtx, "fts5: 2018-12-19 01:38:18 4bb21d8205b3c72b94442018a0544ecc55e3320ef2593f0e3350142b7f2a7663", -1, SQLITE_TRANSIENT);
+  sqlite3_result_text(pCtx, "fts5: 2019-09-03 19:40:52 b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973", -1, SQLITE_TRANSIENT);
 }
 
 static int fts5Init(sqlite3 *db){
diff --git a/dist/orig/sqlite3.h b/dist/orig/sqlite3.h
@@ -123,7 +123,7 @@ extern "C" {
 */
 #define SQLITE_VERSION        "3.18.2"
 #define SQLITE_VERSION_NUMBER 3018002
-#define SQLITE_SOURCE_ID      "2018-12-19 01:38:18 4bb21d8205b3c72b94442018a0544ecc55e3320ef2593f0e3350142b7f2a7663"
+#define SQLITE_SOURCE_ID      "2019-09-03 19:40:52 b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973"
 
 /*
 ** CAPI3REF: Run-Time Library Version Numbers
diff --git a/dist/sqlite3.c b/dist/sqlite3.c
@@ -400,7 +400,7 @@ extern "C" {
 */
 #define SQLITE_VERSION        "3.18.2"
 #define SQLITE_VERSION_NUMBER 3018002
-#define SQLITE_SOURCE_ID      "2018-12-19 01:38:18 4bb21d8205b3c72b94442018a0544ecc55e3320ef2593f0e3350142b7f2a7663"
+#define SQLITE_SOURCE_ID      "2019-09-03 19:40:52 b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973"
 
 /*
 ** CAPI3REF: Run-Time Library Version Numbers
@@ -167038,6 +167038,7 @@ static int rtreeInit(
 }
 
 
+#if defined(SQLITE_TEST)
 /*
 ** Implementation of a scalar function that decodes r-tree nodes to
 ** human readable strings. This can be used for debugging and analysis.
@@ -167099,6 +167100,7 @@ static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
   
   sqlite3_result_text(ctx, zText, -1, sqlite3_free);
 }
+#endif
 
 /* This routine implements an SQL function that returns the "depth" parameter
 ** from the front of a blob that is an r-tree node.  For example:
@@ -167128,9 +167130,11 @@ static void rtreedepth(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
 */
 SQLITE_PRIVATE int sqlite3RtreeInit(sqlite3 *db){
   const int utf8 = SQLITE_UTF8;
-  int rc;
+  int rc = SQLITE_OK;
 
+#if defined(SQLITE_TEST)
   rc = sqlite3_create_function(db, "rtreenode", 2, utf8, 0, rtreenode, 0, 0);
+#endif
   if( rc==SQLITE_OK ){
     rc = sqlite3_create_function(db, "rtreedepth", 1, utf8, 0,rtreedepth, 0, 0);
   }
@@ -189099,7 +189103,9 @@ static int fts5HashEntrySort(
   for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
     Fts5HashEntry *pIter;
     for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
-      if( pTerm==0 || 0==memcmp(pIter->zKey, pTerm, nTerm) ){
+      if( pTerm==0 
+       || (strlen(pIter->zKey)>=nTerm && 0==memcmp(pIter->zKey, pTerm, nTerm))
+      ){
         Fts5HashEntry *pEntry = pIter;
         pEntry->pScanNext = 0;
         for(i=0; ap[i]; i++){
@@ -198295,7 +198301,7 @@ static void fts5SourceIdFunc(
 ){
   assert( nArg==0 );
   UNUSED_PARAM2(nArg, apUnused);
-  sqlite3_result_text(pCtx, "fts5: 2018-12-19 01:38:18 4bb21d8205b3c72b94442018a0544ecc55e3320ef2593f0e3350142b7f2a7663", -1, SQLITE_TRANSIENT);
+  sqlite3_result_text(pCtx, "fts5: 2019-09-03 19:40:52 b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973", -1, SQLITE_TRANSIENT);
 }
 
 static int fts5Init(sqlite3 *db){
diff --git a/dist/sqlite3.h b/dist/sqlite3.h
@@ -123,7 +123,7 @@ extern "C" {
 */
 #define SQLITE_VERSION        "3.18.2"
 #define SQLITE_VERSION_NUMBER 3018002
-#define SQLITE_SOURCE_ID      "2018-12-19 01:38:18 4bb21d8205b3c72b94442018a0544ecc55e3320ef2593f0e3350142b7f2a7663"
+#define SQLITE_SOURCE_ID      "2019-09-03 19:40:52 b54aa18b0fe4d683c602ed2ba59ded6c33168982d14ea14a12b4e00cde8bf973"
 
 /*
 ** CAPI3REF: Run-Time Library Version Numbers
