| Message ID | 20220825072507.6568-1-ghassanebb@gmail.com |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [kirkstone] sqlite: Increase the size of loop variables in the printf() implementation to avoid harmless compiler warnings. | expand |
On Thu, Aug 25, 2022 at 9:25 AM ghassaneben <ghassanebb@gmail.com> wrote: > From: ghassaneben <ghassaneb.aattar@huawei.com> > > Increase the size of loop variables in the printf() implementation to > avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737. > This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added > in sqlite 3.39.2 (2022-07-21). > Original commit: https://www.sqlite.org/src/info/aab790a16e1bdff7. > > Steve, I'm adding it to your watch list. This is a CVE fix contrary to the "harmless warnings" one of the commit messages is telling us. Kind regards, Marta
On Wed, Aug 24, 2022 at 9:34 PM Marta Rybczynska <rybczynska@gmail.com> wrote: > > > > On Thu, Aug 25, 2022 at 9:25 AM ghassaneben <ghassanebb@gmail.com> wrote: >> >> From: ghassaneben <ghassaneb.aattar@huawei.com> >> >> Increase the size of loop variables in the printf() implementation to avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737. This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added in sqlite 3.39.2 (2022-07-21). >> Original commit: https://www.sqlite.org/src/info/aab790a16e1bdff7. >> > > Steve, > I'm adding it to your watch list. This is a CVE fix contrary to the "harmless warnings" one of the commit messages is telling us. Thanks! I'll update the short message to reflect this. Steve
diff --git a/meta/recipes-support/sqlite/sqlite/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch b/meta/recipes-support/sqlite/sqlite/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch new file mode 100644 index 0000000000..998e93bc6c --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch @@ -0,0 +1,31 @@ +From ec75530b8d8268cb07d8e476d79e1b0e59492fa2 Mon Sep 17 00:00:00 2001 +From: drh +Date: Thu, 18 Aug 2022 15:10:46 +0200 +Subject: [PATCH] sqlite: Increase the size of loop variables in the printf() implementation to avoid harmless compiler warnings. + +Increase the size of loop variables in the printf() implementation to avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737. This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added in sqlite 3.39.2 (2022-07-21). +Original commit: https://www.sqlite.org/src/info/aab790a16e1bdff7. + +Signed-off-by: Ghassane Ben El Aattar <ghassaneb.aattar@huawei.com> + +CVE: CVE-2022-35737 + +Upstream-Status: Backport https://github.com/sqlite/sqlite/commit/6eb7354fabede50a3601f251caaec172556a3a82 +--- + src/printf.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/printf.c b/src/printf.c +index f867d62..490199a 100644 +--- a/src/printf.c ++++ b/src/printf.c +@@ -542,7 +542,8 @@ static int vxprintf( + case etSQLESCAPE: + case etSQLESCAPE2: + { +- int i, j, n, c, isnull; ++ i64 i, j, n, c; ++ int isnull; + char *arg = va_arg(ap,char*); + isnull = arg==0; + if( isnull ) arg = (xtype==etSQLESCAPE2 ? "NULL" : "(NULL)"); diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index d56a3a0209..7b62980e24 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb @@ -12,3 +12,8 @@ CVE_CHECK_IGNORE += "CVE-2019-19242" CVE_CHECK_IGNORE += "CVE-2015-3717" # Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f CVE_CHECK_IGNORE += "CVE-2021-36690" + +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch" +