crispAudio
/
poky
réplica de git://git.yoctoproject.org/poky


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
							Fix CVE-2017-13685

The dump_callback function in SQLite 3.20.0 allows remote attackers to
cause a denial of service (EXC_BAD_ACCESS and application crash) via a
crafted file.

References:
https://sqlite.org/src/info/02f0f4c54f2819b3
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html

Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149]

CVE: CVE-2017-13685

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>

Index: src/shell.c
==================================================================
--- src/shell.c
+++ src/shell.c
@@ -2657,10 +2657,11 @@
   int *aiType      /* Column types */
 ){
   int i;
   ShellState *p = (ShellState*)pArg;
 
+  if( azArg==0 ) return 0;
   switch( p->cMode ){
     case MODE_Line: {
       int w = 5;
       if( azArg==0 ) break;
       for(i=0; i<nArg; i++){
@@ -3007,10 +3008,11 @@
 */
 static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){
   ShellText *p = (ShellText*)pArg;
   int i;
   UNUSED_PARAMETER(az);
+  if( azArg==0 ) return 0;
   if( p->n ) appendText(p, "|", 0);
   for(i=0; i<nArg; i++){
     if( i ) appendText(p, ",", 0);
     if( azArg[i] ) appendText(p, azArg[i], 0);
   }
@@ -3888,11 +3890,11 @@
   const char *zType;
   const char *zSql;
   ShellState *p = (ShellState *)pArg;
 
   UNUSED_PARAMETER(azNotUsed);
-  if( nArg!=3 ) return 1;
+  if( nArg!=3 || azArg==0 ) return 0;
   zTable = azArg[0];
   zType = azArg[1];
   zSql = azArg[2];
 
   if( strcmp(zTable, "sqlite_sequence")==0 ){