blob: 8afbbd97b30b3e482247fed9640e6bdc485b8b19 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Victor Costan <pwnall@chromium.org>
Date: Sat, 19 Jan 2019 15:48:54 -0800
Subject: [PATCH 35/40] Fix null pointer dereference in sqlite3ExprCompare.
This backports https://www.sqlite.org/src/info/835e2cc55feea2f2
Bug: 921417
---
third_party/sqlite/src/src/expr.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/third_party/sqlite/src/src/expr.c b/third_party/sqlite/src/src/expr.c
index c61528288baf..50c398266f33 100644
--- a/third_party/sqlite/src/src/expr.c
+++ b/third_party/sqlite/src/src/expr.c
@@ -4748,9 +4748,11 @@ int sqlite3ExprCompare(Parse *pParse, Expr *pA, Expr *pB, int iTab){
if( sqlite3WindowCompare(pParse,pA->y.pWin,pB->y.pWin)!=0 ) return 2;
}
#endif
+ }else if( pA->op==TK_NULL ){
+ return 0;
}else if( pA->op==TK_COLLATE ){
if( sqlite3_stricmp(pA->u.zToken,pB->u.zToken)!=0 ) return 2;
- }else if( strcmp(pA->u.zToken,pB->u.zToken)!=0 ){
+ }else if( ALWAYS(pB->u.zToken!=0) && strcmp(pA->u.zToken,pB->u.zToken)!=0 ){
return 2;
}
}
--
2.18.0
|
