Security Patch [CVE-2017-10989]

 - https://sqlite.org/src/info/66de6f4a
 Enhance the RTree module to detect node truncation early and report an
 error.

[Model] All
[BinType] AP
[Customer] OPEN

[Issue#] N/A
[Request] N/A
[Occurrence Version] N/A

[Problem] buffer overflow
[Cause & Measure] cve patch
[Checking Method] N/A

[Team] Open Source Management and Setting Part
[Developer] dh0128.kwak
[Solution company] Samsung
[Change Type] N/A

Change-Id: I532694fa7870856256e07389e44d4299d7f6fdf1
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

diff --git a/sqlite3.c b/sqlite3.c
index 13d962b..7cd8c86 100644 (file)
--- a/sqlite3.c
+++ b/sqlite3.c
@@ -166897,6 +166897,10 @@ static int getNodeSize(
     rc = getIntFromStmt(db, zSql, &pRtree->iNodeSize);
     if( rc!=SQLITE_OK ){
       *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+    }else if( pRtree->iNodeSize<(512-64) ){
+      rc = SQLITE_CORRUPT_VTAB;
+      *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"",
+                               pRtree->zName);
     }
   }