Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
835b5659ea576290458aa17d2119b2ec13ebf0a0
rpi-buildroot/package/sqlite/0002-Add-a-typecast-to-avoid-32-bit-integer-overflow-in-t.patch
Titouan Christophe 835b5659ea package/sqlite: add patch to fix CVE-2025-29087 
This patch was commited upstream, and released as part of sqlite 3.49.1

However, the configuration system changed between sqlite 3.48 and 3.49
from autotools to autosetup, and this has proven challenging to support
in Buildroot (see `git log package/sqlite`), hence why we are still on
sqlite 3.48.

Therefore, until the package build infrastructure correctly supports
building sqlite 3.49, let's simply import the upstream patch to address
the CVE.

Note: the upstream patch is on the orignal sqlite sources. Buildroot is
using the sqlite "amalgamation" source archive, which basically
concatenate all the source files in a single "sqlite3.c" file. So the
patch was reformated to apply correctly on the sqlite release archive.

Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-29087

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien:
 - reformat patch to be applicable on amalgamated sqlite sources
 - add comment in commit log about patch format
 - add "Fixes:" in commit log
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
2025-05-07 22:03:18 +02:00

37 lines
1.1 KiB
Diff
Raw Blame History

From 1cbb088f4be95e7a02627f64de60653ef2b13ab5 Mon Sep 17 00:00:00 2001
From: drh <>
Date: Sun, 16 Feb 2025 10:57:25 +0000
Subject: [PATCH] Add a typecast to avoid 32-bit integer overflow in the
concat_ws() function with an enormous separator values and many arguments.
Fixes the following CVE:
- CVE-2025-29087: In SQLite 3.44.0 through 3.49.0 before 3.49.1,
the concat_ws() SQL function can cause memory to be
written beyond the end of a malloc-allocated buffer.
For more info see https://nvd.nist.gov/vuln/detail/CVE-2025-29087
Upstream: https://sqlite.org/src/info/498e3f1cf57f164f
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
---
sqlite3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sqlite3.c b/sqlite3.c
index 80433f6..8a43734 100644
--- a/sqlite3.c
+++ b/sqlite3.c
@@ -130954,7 +130954,7 @@ static void concatFuncCore(
for(i=0; i<argc; i++){
n += sqlite3_value_bytes(argv[i]);
}
- n += (argc-1)*nSep;
+ n += (argc-1)*(i64)nSep;
z = sqlite3_malloc64(n+1);
if( z==0 ){
sqlite3_result_error_nomem(context);
--
2.49.0
Reference in New Issue View Git Blame Copy Permalink