From 296731c2d95feb994c3cf60f8bd97cc6bbd871f4 Mon Sep 17 00:00:00 2001
From: zwtmichael <zhuwentao5@huawei.com>
Date: Tue, 8 Aug 2023 11:33:50 +0800
Subject: [PATCH] fix CVE-2023-36191

Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
---
 0007-CVE-2023-36191.patch | 32 ++++++++++++++++++++++++++++++++
 sqlite.spec               |  7 ++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 0007-CVE-2023-36191.patch

diff --git a/0007-CVE-2023-36191.patch b/0007-CVE-2023-36191.patch
new file mode 100644
index 0000000..712f11c
--- /dev/null
+++ b/0007-CVE-2023-36191.patch
@@ -0,0 +1,32 @@
+From 267263ccdfd39e35df70d5bd08a90be6b0cfd285 Mon Sep 17 00:00:00 2001
+From: zwtmichael <zhuwentao5@huawei.com>
+Date: Tue, 8 Aug 2023 11:31:23 +0800
+Subject: [PATCH] fix segmentation violation
+
+Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
+---
+ src/shell.c.in | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/shell.c.in b/src/shell.c.in
+index 543141c..d278988 100644
+--- a/src/shell.c.in
++++ b/src/shell.c.in
+@@ -11469,8 +11469,12 @@ int SQLITE_CDECL wmain(int argc, wchar_t **wargv){
+     }else if( strcmp(z,"-bail")==0 ){
+       bail_on_error = 1;
+     }else if( strcmp(z,"-nonce")==0 ){
+-      free(data.zNonce);
+-      data.zNonce = strdup(argv[++i]);
++      if( data.zNonce ) free(data.zNonce);
++        if( i+1 < argc ) data.zNonce = strdup(argv[++i]);
++        else{
++          data.zNonce = 0;
++            break;
++        }
+     }else if( strcmp(z,"-safe")==0 ){
+       /* no-op - catch this on the second pass */
+     }
+-- 
+2.34.1.windows.1
+
diff --git a/sqlite.spec b/sqlite.spec
index a766e8b..b304d95 100644
--- a/sqlite.spec
+++ b/sqlite.spec
@@ -6,7 +6,7 @@
 
 Name:    sqlite
 Version: 3.37.2
-Release: 5
+Release: 6
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
@@ -21,6 +21,7 @@ Patch3: 0003-CVE-2022-35737.patch
 Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch
 Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch
 Patch6: 0006-CVE-2022-46908.patch
+Patch7: 0007-CVE-2023-36191.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@@ -69,6 +70,7 @@ This contains man files and HTML files for the using of sqlite.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
 
@@ -143,6 +145,9 @@ make test
 %{_mandir}/man*/*
 
 %changelog
+* Mon Aug 7 2023 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-6
+- fix the CVE-2023-36191
+
 * Fri Jan 13 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.37.2-5
 - remove fail testcase for loongarch
 
-- 
Gitee