From 2ed9af9893535022f7bed1226cb013288fc883af Mon Sep 17 00:00:00 2001
From: liusirui <liusirui@huawei.com>
Date: Wed, 10 Aug 2022 10:53:03 +0800
Subject: [PATCH] fix CVE-2022-35737

---
 0004-CVE-2022-35737.patch | 29 +++++++++++++++++++++++++++++
 sqlite.spec               |  6 +++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 0004-CVE-2022-35737.patch

diff --git a/0004-CVE-2022-35737.patch b/0004-CVE-2022-35737.patch
new file mode 100644
index 0000000..f454216
--- /dev/null
+++ b/0004-CVE-2022-35737.patch
@@ -0,0 +1,29 @@
+From 6eb7354fabede50a3601f251caaec172556a3a82 Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Mon, 18 Jul 2022 15:27:29 +0000
+Subject: [PATCH] Increase the size of loop variables in the printf()
+ implementation to avoid harmless compiler warnings.
+
+FossilOrigin-Name: 26db4fc22fe6665809d321b8a88b60efbbfecd5723ff3e370b857661b981c32c
+---
+ src/printf.c  |  4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/printf.c b/src/printf.c
+index f0bfa5327..3602e1fcb 100644
+--- a/src/printf.c
++++ b/src/printf.c
+@@ -803,8 +803,8 @@ void sqlite3_str_vappendf(
+       case etSQLESCAPE:           /* %q: Escape ' characters */
+       case etSQLESCAPE2:          /* %Q: Escape ' and enclose in '...' */
+       case etSQLESCAPE3: {        /* %w: Escape " characters */
+-        int i, j, k, n, isnull;
+-        int needQuote;
++        i64 i, j, k, n;
++        int needQuote, isnull;
+         char ch;
+         char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
+         char *escarg;
+-- 
+2.25.1
+
diff --git a/sqlite.spec b/sqlite.spec
index 09e5df2..02e5996 100644
--- a/sqlite.spec
+++ b/sqlite.spec
@@ -6,7 +6,7 @@
 
 Name:    sqlite
 Version: 3.36.0
-Release: 2
+Release: 3
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
@@ -18,6 +18,7 @@ Source2: https://www.sqlite.org/2021/sqlite-autoconf-%{extver}.tar.gz
 Patch1: 0001-sqlite-no-malloc-usable-size.patch
 Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
 Patch3: 0003-CVE-2021-36690.patch
+Patch4: 0004-CVE-2022-35737.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@@ -133,6 +134,9 @@ make test
 %{_mandir}/man*/*
 
 %changelog
+* Wed Aug 10 2022 liusirui <liusirui@huawei.com> - 3.36.0-3
+- fix the CVE-2022-35737.
+
 * Sat Nov 27 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-2
 - fix the CVE-2021-36690.
 
-- 
Gitee