From: ghassaneben <ghassaneb.aat...@huawei.com> Increase the size of loop variables in the printf() implementation to avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737. This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added in sqlite 3.39.2 (2022-07-21). Original commit: https://www.sqlite.org/src/info/aab790a16e1bdff7.
Signed-off-by: Ghassane Ben El Aattar <ghassaneb.aat...@huawei.com> --- ...riables-in-the-printf-implementation.patch | 31 +++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 5 +++ 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-support/sqlite/sqlite/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch diff --git a/meta/recipes-support/sqlite/sqlite/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch b/meta/recipes-support/sqlite/sqlite/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch new file mode 100644 index 0000000000..998e93bc6c --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch @@ -0,0 +1,31 @@ +From ec75530b8d8268cb07d8e476d79e1b0e59492fa2 Mon Sep 17 00:00:00 2001 +From: drh +Date: Thu, 18 Aug 2022 15:10:46 +0200 +Subject: [PATCH] sqlite: Increase the size of loop variables in the printf() implementation to avoid harmless compiler warnings. + +Increase the size of loop variables in the printf() implementation to avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737. This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added in sqlite 3.39.2 (2022-07-21). +Original commit: https://www.sqlite.org/src/info/aab790a16e1bdff7. + +Signed-off-by: Ghassane Ben El Aattar <ghassaneb.aat...@huawei.com> + +CVE: CVE-2022-35737 + +Upstream-Status: Backport https://github.com/sqlite/sqlite/commit/6eb7354fabede50a3601f251caaec172556a3a82 +--- + src/printf.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/printf.c b/src/printf.c +index f867d62..490199a 100644 +--- a/src/printf.c ++++ b/src/printf.c +@@ -542,7 +542,8 @@ static int vxprintf( + case etSQLESCAPE: + case etSQLESCAPE2: + { +- int i, j, n, c, isnull; ++ i64 i, j, n, c; ++ int isnull; + char *arg = va_arg(ap,char*); + isnull = arg==0; + if( isnull ) arg = (xtype==etSQLESCAPE2 ? "NULL" : "(NULL)"); diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index d56a3a0209..7b62980e24 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb @@ -12,3 +12,8 @@ CVE_CHECK_IGNORE += "CVE-2019-19242" CVE_CHECK_IGNORE += "CVE-2015-3717" # Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f CVE_CHECK_IGNORE += "CVE-2021-36690" + +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch" + -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#169835): https://lists.openembedded.org/g/openembedded-core/message/169835 Mute This Topic: https://lists.openembedded.org/mt/93243836/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-