开源软件构建与测试

_service:tar_scm:sqlite.spec Changed

_service:tar_scm:0007-CVE-2023-36191.patch Added

@@ -0,0 +1,32 @@
+From 1b2901722e5de3ef8d29edb4481327e48bd3363c Mon Sep 17 00:00:00 2001
+From: zwtmichael <zhuwentao5@huawei.com>
+Date: Mon, 7 Aug 2023 15:10:32 +0800
+Subject: PATCH fix segmentation violation
+
+Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
+---
+ src/shell.c.in | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/shell.c.in b/src/shell.c.in
+index 543141c..d278988 100644
+--- a/src/shell.c.in
++++ b/src/shell.c.in
+@@ -11469,8 +11469,12 @@ int SQLITE_CDECL wmain(int argc, wchar_t **wargv){
+     }else if( strcmp(z,"-bail")==0 ){
+       bail_on_error = 1;
+     }else if( strcmp(z,"-nonce")==0 ){
+-      free(data.zNonce);
+-      data.zNonce = strdup(argv++i);
++      if( data.zNonce ) free(data.zNonce);
++        if( i+1 < argc ) data.zNonce = strdup(argv++i);
++        else{
++          data.zNonce = 0;
++            break;
++        }
+     }else if( strcmp(z,"-safe")==0 ){
+       /* no-op - catch this on the second pass */
+     }
+-- 
+2.34.1.windows.1
+

_service:tar_scm:0008-CVE-2023-7104.patch Added

@@ -0,0 +1,45 @@
+it From a756d158b3e55831975feb45b753ba499d2adeda Mon Sep 17 00:00:00 2001
+From: mazhao <mazhao12@huawei.com>
+Date: Wed, 3 Jan 2024 12:00:45 +0800
+Subject: PATCH Fix a buffer overread in the sessions extension that could
+ occur when processing a corrupt changeset.
+
+Signed-off-by: mazhao <mazhao12@huawei.com>
+---
+ ext/session/sqlite3session.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index a892804..72ad427 100644
+--- a/ext/session/sqlite3session.c
++++ b/ext/session/sqlite3session.c
+@@ -3050,15 +3050,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOuti, v);
++        if( (pIn->nData-pIn->iNext)<8 ){
++          rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOuti, d);
++          sqlite3_int64 v = sessionGetI64(aVal);
++          if( eType==SQLITE_INTEGER ){
++            sqlite3VdbeMemSetInt64(apOuti, v);
++          }else{
++            double d;
++            memcpy(&d, &v, 8);
++            sqlite3VdbeMemSetDouble(apOuti, d);
++          }
++          pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.34.1
+

_service Changed

Changes of Revision 3