Overview

File sqlite3-CVE-2018-8740.patch of Package sqlite3.11016

--- sqlite3.c.orig
+++ sqlite3.c
@@ -85861,8 +85861,6 @@ SQLITE_PRIVATE void sqlite3EndTable(
   p = pParse->pNewTable;
   if( p==0 ) return;
 
-  assert( !db->init.busy || !pSelect );
-
   /* If the db->init.busy is 1 it means we are reading the SQL off the
   ** "sqlite_master" or "sqlite_temp_master" table on the disk.
   ** So do not write to the disk again.  Extract the root page number
@@ -85870,6 +85868,10 @@ SQLITE_PRIVATE void sqlite3EndTable(
   ** should have been put there by the sqliteOpenCb routine.)
   */
   if( db->init.busy ){
+    if( pSelect ){
+      sqlite3ErrorMsg(pParse, "");
+      return;
+    }
     p->tnum = db->init.newTnum;
   }
 
@@ -98602,7 +98604,7 @@ static void corruptSchema(
     if( zObj==0 ) zObj = "?";
     sqlite3SetString(pData->pzErrMsg, db,
       "malformed database schema (%s)", zObj);
-    if( zExtra ){
+    if( zExtra && zExtra[0] ){
       *pData->pzErrMsg = sqlite3MAppendf(db, *pData->pzErrMsg, 
                                  "%s - %s", *pData->pzErrMsg, zExtra);
     }
openSUSE Build Service is sponsored by
Places