From e284ec234b1ebd143a5454497ba3464cd415779e Mon Sep 17 00:00:00 2001
From: pangqing <pangqing@uniontech.com>
Date: Wed, 3 Jul 2024 17:12:03 +0800
Subject: [PATCH] CVE-2023-7104

Signed-off-by: pangqing <pangqing@uniontech.com>
---
 0001-CVE-2023-7104.patch | 43 ++++++++++++++++++++++++++++++++++++++++
 sqlite.spec              |  7 ++++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 0001-CVE-2023-7104.patch

diff --git a/0001-CVE-2023-7104.patch b/0001-CVE-2023-7104.patch
new file mode 100644
index 0000000..e8ab8a9
--- /dev/null
+++ b/0001-CVE-2023-7104.patch
@@ -0,0 +1,43 @@
+From e4bb334dc3c6a4bfa6e3f4bbc1e98c62156c07e9 Mon Sep 17 00:00:00 2001
+From: songmingliang <songmingliang@uniontech.com>
+Date: Wed, 3 Jul 2024 16:18:49 +0800
+Subject: [PATCH] CVE-2023-7104
+
+---
+ ext/session/sqlite3session.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index 6794088..e3aabeb 100644
+--- a/ext/session/sqlite3session.c
++++ b/ext/session/sqlite3session.c
+@@ -3235,15 +3235,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
++        if( (pIn->nData-pIn->iNext)<8 ){
++          rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
++          sqlite3_int64 v = sessionGetI64(aVal);
++          if( eType==SQLITE_INTEGER ){
++            sqlite3VdbeMemSetInt64(apOut[i], v);
++          }else{
++            double d;
++            memcpy(&d, &v, 8);
++            sqlite3VdbeMemSetDouble(apOut[i], d);
++          }
++          pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.27.0
+
diff --git a/sqlite.spec b/sqlite.spec
index 2271244..d970ce2 100644
--- a/sqlite.spec
+++ b/sqlite.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 
 %bcond_without tcl
 %bcond_without sqldiff
@@ -19,6 +19,7 @@ URL: http://www.sqlite.org/
 
 Source0: http://www.sqlite.org/%{year}/sqlite-src-%{realver}.zip
 Source1: http://www.sqlite.org/%{year}/sqlite-doc-%{docver}.zip
+Patch0001: 0001-CVE-2023-7104.patch 
 
 BuildRequires: make
 BuildRequires: gcc
@@ -113,6 +114,7 @@ This package contains the analysis program for %{name}.
 
 %prep
 %setup -q -a1 -n %{name}-src-%{realver}
+%patch0001 -p1
 
 # Remove backup-file
 rm -f %{name}-doc-%{docver}/sqlite.css~ || :
@@ -237,6 +239,9 @@ rm -rf test/transitive1.test test/tkt3493.test test/misc1.test test/indexexpr2.t
 %endif
 
 %changelog
+* Wed Jul  3 2024 pangqing <pangqing@uniontech.com> - 3.42.0-4
+- CVE: CVE-2023-7104
+
 * Tue Apr  9 2024 Wenlong Zhang <zhangwenlong@loongson.cn> - 3.42.0-3
 - remove fail testcase for loongarch64
 
-- 
Gitee