1 Star 0 Fork 39

ethan848/sqlite

forked from src-openEuler/sqlite 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
6057-Fix-CVE-2020-11655.patch 1.07 KB
一键复制 编辑 原始数据 按行查看 历史
ethan848 提交于 2020-04-18 18:50 . fix CVE-2020-11655
From fc24a3a984c373d94612dcb3ec1e75b4f8a3ab6c Mon Sep 17 00:00:00 2001
From: luoshijie1 <luoshijie1@huawei.com>
Date: Tue, 14 Apr 2020 16:21:35 +0000
Subject: [PATCH] sqlite: fix CVE-2020-11655
In the event of a semantic error in an aggregate query, early-out
the resetAccumulator() function to prevent problems due to incomplete
or incorrect initialization of the AggInfo object.
Fix for ticket [af4556bb5c285c08].
https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11
Signed-off-by: drh <drh@noemail.net>
Signed-off-by: luoshiji1 <luoshijie1@huawei.com>
---
src/select.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/select.c b/src/select.c
index 3bb98ad..270075a 100644
--- a/src/select.c
+++ b/src/select.c
@@ -5058,6 +5058,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){
struct AggInfo_func *pFunc;
int nReg = pAggInfo->nFunc + pAggInfo->nColumn;
if( nReg==0 ) return;
+ if( pParse->nErr ) return;
#ifdef SQLITE_DEBUG
/* Verify that all AggInfo registers are within the range specified by
** AggInfo.mnReg..AggInfo.mxReg */
--
1.8.3.1
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/ethan848/sqlite.git
git@gitee.com:ethan848/sqlite.git
ethan848
sqlite
sqlite
master

搜索帮助