[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#856120: marked as done (unblock (pre-approval): sqlite3)



Your message dated Sun, 26 Feb 2017 22:36:36 +0100
with message-id <20170226213634.GA20696@ugent.be>
and subject line Re: Bug#856120: unblock (pre-approval): sqlite3
has caused the Debian Bug report #856120,
regarding unblock (pre-approval): sqlite3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
856120: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856120
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi Release Team,

There's a NULL pointer problem fixed in the 3.17.0 version of
SQLite that affects the Stretch version.
The bugreport[1] contains a proof of concept code, which doesn't crash
(it seems it doesn't have a security impact) - but still the bug marked
as severe code defect and fixed immediately. Upstream fix[2] is small,
checking the value and assign 0 if it's NULL. Then the next 'if' will
print an error message that the value can not be opened as being NULL.
The debdiff is attached and I hope the upload and later the unblock
can be approved.

Thanks for consideration,
Laszlo/GCS
[1] http://www.sqlite.org/src/tktview?name=e6e962d6b0
[2] https://www.sqlite.org/src/info/8cd1a4451cce1fe2
diff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog
--- sqlite3-3.16.2/debian/changelog	2017-01-22 17:21:15.000000000 +0000
+++ sqlite3-3.16.2/debian/changelog	2017-02-13 17:31:26.000000000 +0000
@@ -1,3 +1,10 @@
+sqlite3 (3.16.2-3) unstable; urgency=medium
+
+  * Backport upstream fix to ensure that sqlite3_blob_reopen() correctly
+    handles short rows.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 13 Feb 2017 17:31:26 +0000
+
 sqlite3 (3.16.2-2) unstable; urgency=medium
 
   * Backport upstream fix of variable initialization in the CLI tool.
diff -Nru sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch
--- sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch	1970-01-01 00:00:00.000000000 +0000
+++ sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch	2017-02-13 17:31:26.000000000 +0000
@@ -0,0 +1,22 @@
+Description: Ensure that sqlite3_blob_reopen() correctly handles short rows
+ TODO: Put a short summary on the line above and replace this paragraph
+   * Non-maintainer upload.
+Origin: upstream, https://www.sqlite.org/src/info/8cd1a4451cce1fe2
+Author: Laszlo Boszormenyi (GCS) <gcs@debian.org>
+Last-Update: 2017-02-14
+
+---
+
+--- sqlite3-3.16.2.orig/src/vdbeblob.c
++++ sqlite3-3.16.2/src/vdbeblob.c
+@@ -67,7 +67,9 @@ static int blobSeekToRow(Incrblob *p, sq
+   rc = sqlite3_step(p->pStmt);
+   if( rc==SQLITE_ROW ){
+     VdbeCursor *pC = v->apCsr[0];
+-    u32 type = pC->aType[p->iCol];
++    u32 type = pC->nHdrParsed>p->iCol ? pC->aType[p->iCol] : 0;
++    testcase( pC->nHdrParsed==p->iCol );
++    testcase( pC->nHdrParsed==p->iCol+1 );
+     if( type<12 ){
+       zErr = sqlite3MPrintf(p->db, "cannot open value of type %s",
+           type==0?"null": type==7?"real": "integer"
diff -Nru sqlite3-3.16.2/debian/patches/series sqlite3-3.16.2/debian/patches/series
--- sqlite3-3.16.2/debian/patches/series	2017-01-22 17:21:15.000000000 +0000
+++ sqlite3-3.16.2/debian/patches/series	2017-02-13 17:31:26.000000000 +0000
@@ -6,3 +6,4 @@
 31-increase_SQLITE_MAX_DEFAULT_PAGE_SIZE_to_32k.patch
 02-use-packaged-lempar.c.patch
 32-fix_an_uninitialized_variable_in_the_command-line_shell.patch
+35-fix-sqlite3_blob_reopen.patch

--- End Message ---
--- Begin Message ---
Hi,

On Sun, Feb 26, 2017 at 06:03:16PM +0000, Jonathan Wiltshire wrote:
> Please go ahead and when built on all architectures remove the moreinfo tag
> from this bug (although please also fix this first:)

Uploaded and unblocked.

Cheers,

Ivo

--- End Message ---

Reply to: