!45 [sync] PR-40: Fix the uninitialized value used in pattern compare function.

From: @openeuler-sync-bot
Reviewed-by: @bzhaoop
Signed-off-by: @bzhaoop

0003-CVE-2022-35737.patch

@@ -1,80 +0,0 @@
-From effc07ec9c6e08d3bd17665f8800054770f8c643 Mon Sep 17 00:00:00 2001
-From: drh <>
-Date: Fri, 15 Jul 2022 12:34:31 +0000
-Subject: [PATCH] Fix the whereKeyStats() routine (part of STAT4 processing
- only) so that it is able to cope with row-value comparisons against the
- primary key index of a WITHOUT ROWID table.
- [forum:/forumpost/3607259d3c|Forum post 3607259d3c].
-
-FossilOrigin-Name: 2a6f761864a462de5c2d5bc666b82fb0b7e124a03443cd1482620dde344b34bb
-
----
- src/where.c        |  4 ++--
- test/rowvalue.test | 31 +++++++++++++++++++++++++++++++
- 2 files changed, 33 insertions(+), 2 deletions(-)
-
-diff --git a/src/where.c b/src/where.c
-index de6ea91e3..110eb4845 100644
---- a/src/where.c
-+++ b/src/where.c
-@@ -1433,7 +1433,7 @@ static int whereKeyStats(
- #endif
-   assert( pRec!=0 );
-   assert( pIdx->nSample>0 );
--  assert( pRec->nField>0 && pRec->nField<=pIdx->nSampleCol );
-+  assert( pRec->nField>0 );
- 
-   /* Do a binary search to find the first sample greater than or equal
-   ** to pRec. If pRec contains a single field, the set of samples to search
-@@ -1479,7 +1479,7 @@ static int whereKeyStats(
-   ** it is extended to two fields. The duplicates that this creates do not 
-   ** cause any problems.
-   */
--  nField = pRec->nField;
-+  nField = MIN(pRec->nField, pIdx->nSample);
-   iCol = 0;
-   iSample = pIdx->nSample * nField;
-   do{
-diff --git a/test/rowvalue.test b/test/rowvalue.test
-index 12fee8237..59b44d938 100644
---- a/test/rowvalue.test
-+++ b/test/rowvalue.test
-@@ -751,4 +751,35 @@ do_execsql_test 30.3 {
- 
- 
- 
-+# 2022-07-15
-+# https://sqlite.org/forum/forumpost/3607259d3c
-+#
-+reset_db
-+do_execsql_test 33.1 {
-+  CREATE TABLE t1(a INT, b INT PRIMARY KEY) WITHOUT ROWID;
-+  INSERT INTO t1(a, b) VALUES (0, 1),(15,-7),(3,100);
-+  ANALYZE;
-+} {}
-+do_execsql_test 33.2 {
-+  SELECT * FROM t1 WHERE (b,a) BETWEEN (0,5) AND (99,-2);
-+} {0 1}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (b,a) BETWEEN (-8,5) AND (0,-2);
-+} {15 -7}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,4);
-+} {3 100}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,2);
-+} {}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (a,b) BETWEEN (-2,99) AND (1,0);
-+} {0 1}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (a,b) BETWEEN (14,99) AND (16,0);
-+} {15 -7}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (a,b) BETWEEN (2,99) AND (4,0);
-+} {3 100}
-+
- finish_test
--- 
-2.25.1
-

0003-infinite-loop-in-trim-function.patch

@@ -0,0 +1,88 @@
+diff -ruN origin_src/src/func.c sqlite-src-3340000/src/func.c
+--- origin_src/src/func.c	2021-09-03 10:46:50.253089516 +0800
++++ sqlite-src-3340000/src/func.c	2021-09-03 10:59:23.151415929 +0800
+@@ -1315,10 +1315,10 @@
+ ){
+   const unsigned char *zIn;         /* Input string */
+   const unsigned char *zCharSet;    /* Set of characters to trim */
+-  int nIn;                          /* Number of bytes in input */
++  unsigned int nIn;                 /* Number of bytes in input */
+   int flags;                        /* 1: trimleft  2: trimright  3: trim */
+   int i;                            /* Loop counter */
+-  unsigned char *aLen = 0;          /* Length of each character in zCharSet */
++  unsigned int *aLen = 0;           /* Length of each character in zCharSet */
+   unsigned char **azChar = 0;       /* Individual characters in zCharSet */
+   int nChar;                        /* Number of characters in zCharSet */
+ 
+@@ -1327,13 +1327,13 @@
+   }
+   zIn = sqlite3_value_text(argv[0]);
+   if( zIn==0 ) return;
+-  nIn = sqlite3_value_bytes(argv[0]);
++  nIn = (unsigned)sqlite3_value_bytes(argv[0]);
+   assert( zIn==sqlite3_value_text(argv[0]) );
+   if( argc==1 ){
+-    static const unsigned char lenOne[] = { 1 };
++    static const unsigned lenOne[] = { 1 };
+     static unsigned char * const azOne[] = { (u8*)" " };
+     nChar = 1;
+-    aLen = (u8*)lenOne;
++    aLen = (unsigned*)lenOne;
+     azChar = (unsigned char **)azOne;
+     zCharSet = 0;
+   }else if( (zCharSet = sqlite3_value_text(argv[1]))==0 ){
+@@ -1344,15 +1344,16 @@
+       SQLITE_SKIP_UTF8(z);
+     }
+     if( nChar>0 ){
+-      azChar = contextMalloc(context, ((i64)nChar)*(sizeof(char*)+1));
++      azChar = contextMalloc(context, 
++                     ((i64)nChar)*(sizeof(char*)+sizeof(unsigned)));
+       if( azChar==0 ){
+         return;
+       }
+-      aLen = (unsigned char*)&azChar[nChar];
++      aLen = (unsigned*)&azChar[nChar];
+       for(z=zCharSet, nChar=0; *z; nChar++){
+         azChar[nChar] = (unsigned char *)z;
+         SQLITE_SKIP_UTF8(z);
+-        aLen[nChar] = (u8)(z - azChar[nChar]);
++        aLen[nChar] = (unsigned)(z - azChar[nChar]);
+       }
+     }
+   }
+@@ -1360,7 +1361,7 @@
+     flags = SQLITE_PTR_TO_INT(sqlite3_user_data(context));
+     if( flags & 1 ){
+       while( nIn>0 ){
+-        int len = 0;
++        unsigned int len = 0;
+         for(i=0; i<nChar; i++){
+           len = aLen[i];
+           if( len<=nIn && memcmp(zIn, azChar[i], len)==0 ) break;
+@@ -1372,7 +1373,7 @@
+     }
+     if( flags & 2 ){
+       while( nIn>0 ){
+-        int len = 0;
++        unsigned int len = 0;
+         for(i=0; i<nChar; i++){
+           len = aLen[i];
+           if( len<=nIn && memcmp(&zIn[nIn-len],azChar[i],len)==0 ) break;
+diff -ruN origin_src/test/func.test sqlite-src-3340000/test/func.test
+--- origin_src/test/func.test	2021-09-03 10:46:50.201088526 +0800
++++ sqlite-src-3340000/test/func.test	2021-09-03 10:59:42.751788869 +0800
+@@ -1111,6 +1111,13 @@
+   execsql {SELECT typeof(trim('hello',NULL));}
+ } {null}
+ 
++# 2021-06-15 - infinite loop due to unsigned character counter
++# overflow, reported by Zimuzo Ezeozue
++#
++do_execsql_test func-22.23 {
++  SELECT trim('xyzzy',x'c0808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080');
++} {xyzzy}
++
+ # This is to test the deprecated sqlite3_aggregate_count() API.
+ #
+ ifcapable deprecated {

0004-fix-memory-problem-in-the-rtree-test-suite.patch

@@ -1,25 +0,0 @@
-From 3755f418be5c3608a7e0b59488a8e172d443d738 Mon Sep 17 00:00:00 2001
-From: zwtmichael <zhuwentao5@huawei.com>
-Date: Tue, 30 Aug 2022 17:02:04 +0800
-Subject: [PATCH] fix memory problem in the rtree test suite
-
----
- ext/rtree/test_rtreedoc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/rtree/test_rtreedoc.c b/ext/rtree/test_rtreedoc.c
-index 119be0e..cdbcb2e 100644
---- a/ext/rtree/test_rtreedoc.c
-+++ b/ext/rtree/test_rtreedoc.c
-@@ -324,7 +324,7 @@ static int SQLITE_TCLAPI register_box_query(
-   }
-   if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ) return TCL_ERROR;
- 
--  pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx*));
-+  pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx));
-   pCtx->interp = interp;
-   pCtx->pScript = Tcl_DuplicateObj(objv[2]);
-   Tcl_IncrRefCount(pCtx->pScript);
--- 
-2.23.0
-

0004-null-ref-in-trigger.patch

@@ -0,0 +1,351 @@
+diff -rNu sqlite_before/src/attach.c sqlite_after/src/attach.c
+--- sqlite_before/src/attach.c	2021-09-05 20:50:58.133474476 +0800
++++ sqlite_after/src/attach.c	2021-09-05 20:52:09.414798420 +0800
+@@ -434,6 +434,63 @@
+ #endif /* SQLITE_OMIT_ATTACH */
+ 
+ /*
++** Expression callback used by sqlite3FixAAAA() routines.
++*/
++static int fixExprCb(Walker *p, Expr *pExpr){
++  DbFixer *pFix = p->u.pFix;
++  if( !pFix->bTemp ) ExprSetProperty(pExpr, EP_FromDDL);
++  if( pExpr->op==TK_VARIABLE ){
++    if( pFix->pParse->db->init.busy ){
++      pExpr->op = TK_NULL;
++    }else{
++      sqlite3ErrorMsg(pFix->pParse, "%s cannot use variables", pFix->zType);
++      return WRC_Abort;
++    }
++  }
++  return WRC_Continue;
++}
++
++/*
++** Select callback used by sqlite3FixAAAA() routines.
++*/
++static int fixSelectCb(Walker *p, Select *pSelect){
++  DbFixer *pFix = p->u.pFix;
++  int i;
++  struct SrcList_item *pItem;
++  sqlite3 *db = pFix->pParse->db;
++  int iDb = sqlite3FindDbName(db, pFix->zDb);
++  SrcList *pList = pSelect->pSrc;
++
++  if( NEVER(pList==0) ) return WRC_Continue;
++  for(i=0, pItem=pList->a; i<pList->nSrc; i++, pItem++){
++    if( pFix->bTemp==0 ){
++      if( pItem->zDatabase && iDb!=sqlite3FindDbName(db, pItem->zDatabase) ){
++        sqlite3ErrorMsg(pFix->pParse,
++            "%s %T cannot reference objects in database %s",
++            pFix->zType, pFix->pName, pItem->zDatabase);
++        return WRC_Abort;
++      }
++      sqlite3DbFree(db, pItem->zDatabase);
++      pItem->zDatabase = 0;
++      pItem->pSchema = pFix->pSchema;
++      pItem->fg.fromDDL = 1;
++    }
++#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
++    if( sqlite3WalkExpr(&pFix->w, pList->a[i].pOn) ) return WRC_Abort;
++#endif
++  }
++  if( pSelect->pWith ){
++    int i;
++    for(i=0; i<pSelect->pWith->nCte; i++){
++      if( sqlite3WalkSelect(p, pSelect->pWith->a[i].pSelect) ){
++        return WRC_Abort;
++      }
++    }
++  }
++  return WRC_Continue;
++}
++
++/*
+ ** Initialize a DbFixer structure.  This routine must be called prior
+ ** to passing the structure to one of the sqliteFixAAAA() routines below.
+ */
+@@ -444,9 +501,7 @@
+   const char *zType,  /* "view", "trigger", or "index" */
+   const Token *pName  /* Name of the view, trigger, or index */
+ ){
+-  sqlite3 *db;
+-
+-  db = pParse->db;
++  sqlite3 *db = pParse->db;
+   assert( db->nDb>iDb );
+   pFix->pParse = pParse;
+   pFix->zDb = db->aDb[iDb].zDbSName;
+@@ -454,6 +509,13 @@
+   pFix->zType = zType;
+   pFix->pName = pName;
+   pFix->bTemp = (iDb==1);
++  pFix->w.pParse = pParse;
++  pFix->w.xExprCallback = fixExprCb;
++  pFix->w.xSelectCallback = fixSelectCb;
++  pFix->w.xSelectCallback2 = 0;
++  pFix->w.walkerDepth = 0;
++  pFix->w.eCode = 0;
++  pFix->w.u.pFix = pFix;
+ }
+ 
+ /*
+@@ -474,115 +536,27 @@
+   DbFixer *pFix,       /* Context of the fixation */
+   SrcList *pList       /* The Source list to check and modify */
+ ){
+-  int i;
+-  struct SrcList_item *pItem;
+-  sqlite3 *db = pFix->pParse->db;
+-  int iDb = sqlite3FindDbName(db, pFix->zDb);
+-
+-  if( NEVER(pList==0) ) return 0;
+-
+-  for(i=0, pItem=pList->a; i<pList->nSrc; i++, pItem++){
+-    if( pFix->bTemp==0 ){
+-      if( pItem->zDatabase && iDb!=sqlite3FindDbName(db, pItem->zDatabase) ){
+-        sqlite3ErrorMsg(pFix->pParse,
+-            "%s %T cannot reference objects in database %s",
+-            pFix->zType, pFix->pName, pItem->zDatabase);
+-        return 1;
+-      }
+-      sqlite3DbFree(db, pItem->zDatabase);
+-      pItem->zDatabase = 0;
+-      pItem->pSchema = pFix->pSchema;
+-      pItem->fg.fromDDL = 1;
+-    }
+-#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
+-    if( sqlite3FixSelect(pFix, pItem->pSelect) ) return 1;
+-    if( sqlite3FixExpr(pFix, pItem->pOn) ) return 1;
+-#endif
+-    if( pItem->fg.isTabFunc && sqlite3FixExprList(pFix, pItem->u1.pFuncArg) ){
+-      return 1;
+-    }
++  int res = 0;
++  if( pList ){
++    Select s; 
++    memset(&s, 0, sizeof(s));
++    s.pSrc = pList;
++    res = sqlite3WalkSelect(&pFix->w, &s);
+   }
+-  return 0;
++  return res;
+ }
+ #if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
+ int sqlite3FixSelect(
+   DbFixer *pFix,       /* Context of the fixation */
+   Select *pSelect      /* The SELECT statement to be fixed to one database */
+ ){
+-  while( pSelect ){
+-    if( sqlite3FixExprList(pFix, pSelect->pEList) ){
+-      return 1;
+-    }
+-    if( sqlite3FixSrcList(pFix, pSelect->pSrc) ){
+-      return 1;
+-    }
+-    if( sqlite3FixExpr(pFix, pSelect->pWhere) ){
+-      return 1;
+-    }
+-    if( sqlite3FixExprList(pFix, pSelect->pGroupBy) ){
+-      return 1;
+-    }
+-    if( sqlite3FixExpr(pFix, pSelect->pHaving) ){
+-      return 1;
+-    }
+-    if( sqlite3FixExprList(pFix, pSelect->pOrderBy) ){
+-      return 1;
+-    }
+-    if( sqlite3FixExpr(pFix, pSelect->pLimit) ){
+-      return 1;
+-    }
+-    if( pSelect->pWith ){
+-      int i;
+-      for(i=0; i<pSelect->pWith->nCte; i++){
+-        if( sqlite3FixSelect(pFix, pSelect->pWith->a[i].pSelect) ){
+-          return 1;
+-        }
+-      }
+-    }
+-    pSelect = pSelect->pPrior;
+-  }
+-  return 0;
++  return sqlite3WalkSelect(&pFix->w, pSelect);
+ }
+ int sqlite3FixExpr(
+   DbFixer *pFix,     /* Context of the fixation */
+   Expr *pExpr        /* The expression to be fixed to one database */
+ ){
+-  while( pExpr ){
+-    if( !pFix->bTemp ) ExprSetProperty(pExpr, EP_FromDDL);
+-    if( pExpr->op==TK_VARIABLE ){
+-      if( pFix->pParse->db->init.busy ){
+-        pExpr->op = TK_NULL;
+-      }else{
+-        sqlite3ErrorMsg(pFix->pParse, "%s cannot use variables", pFix->zType);
+-        return 1;
+-      }
+-    }
+-    if( ExprHasProperty(pExpr, EP_TokenOnly|EP_Leaf) ) break;
+-    if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+-      if( sqlite3FixSelect(pFix, pExpr->x.pSelect) ) return 1;
+-    }else{
+-      if( sqlite3FixExprList(pFix, pExpr->x.pList) ) return 1;
+-    }
+-    if( sqlite3FixExpr(pFix, pExpr->pRight) ){
+-      return 1;
+-    }
+-    pExpr = pExpr->pLeft;
+-  }
+-  return 0;
+-}
+-int sqlite3FixExprList(
+-  DbFixer *pFix,     /* Context of the fixation */
+-  ExprList *pList    /* The expression to be fixed to one database */
+-){
+-  int i;
+-  struct ExprList_item *pItem;
+-  if( pList==0 ) return 0;
+-  for(i=0, pItem=pList->a; i<pList->nExpr; i++, pItem++){
+-    if( sqlite3FixExpr(pFix, pItem->pExpr) ){
+-      return 1;
+-    }
+-  }
+-  return 0;
++  return sqlite3WalkExpr(&pFix->w, pExpr);
+ }
+ #endif
+ 
+@@ -592,25 +566,20 @@
+   TriggerStep *pStep /* The trigger step be fixed to one database */
+ ){
+   while( pStep ){
+-    if( sqlite3FixSelect(pFix, pStep->pSelect) ){
+-      return 1;
+-    }
+-    if( sqlite3FixExpr(pFix, pStep->pWhere) ){
+-      return 1;
+-    }
+-    if( sqlite3FixExprList(pFix, pStep->pExprList) ){
+-      return 1;
+-    }
+-    if( pStep->pFrom && sqlite3FixSrcList(pFix, pStep->pFrom) ){
++    if( sqlite3WalkSelect(&pFix->w, pStep->pSelect)
++     || sqlite3WalkExpr(&pFix->w, pStep->pWhere) 
++     || sqlite3WalkExprList(&pFix->w, pStep->pExprList)
++     || sqlite3FixSrcList(pFix, pStep->pFrom)
++    ){
+       return 1;
+     }
+ #ifndef SQLITE_OMIT_UPSERT
+     if( pStep->pUpsert ){
+       Upsert *pUp = pStep->pUpsert;
+-      if( sqlite3FixExprList(pFix, pUp->pUpsertTarget)
+-       || sqlite3FixExpr(pFix, pUp->pUpsertTargetWhere)
+-       || sqlite3FixExprList(pFix, pUp->pUpsertSet)
+-       || sqlite3FixExpr(pFix, pUp->pUpsertWhere)
++      if( sqlite3WalkExprList(&pFix->w, pUp->pUpsertTarget)
++       || sqlite3WalkExpr(&pFix->w, pUp->pUpsertTargetWhere)
++       || sqlite3WalkExprList(&pFix->w, pUp->pUpsertSet)
++       || sqlite3WalkExpr(&pFix->w, pUp->pUpsertWhere)
+       ){
+         return 1;
+       }
+@@ -618,6 +587,7 @@
+ #endif
+     pStep = pStep->pNext;
+   }
++
+   return 0;
+ }
+ #endif
+diff -rNu sqlite_before/src/sqliteInt.h sqlite_after/src/sqliteInt.h
+--- sqlite_before/src/sqliteInt.h	2021-09-05 20:50:58.137474551 +0800
++++ sqlite_after/src/sqliteInt.h	2021-09-05 20:52:09.418798495 +0800
+@@ -1137,6 +1137,7 @@
+ typedef struct CollSeq CollSeq;
+ typedef struct Column Column;
+ typedef struct Db Db;
++typedef struct DbFixer DbFixer;
+ typedef struct Schema Schema;
+ typedef struct Expr Expr;
+ typedef struct ExprList ExprList;
+@@ -3651,21 +3652,6 @@
+ };
+ 
+ /*
+-** The following structure contains information used by the sqliteFix...
+-** routines as they walk the parse tree to make database references
+-** explicit.
+-*/
+-typedef struct DbFixer DbFixer;
+-struct DbFixer {
+-  Parse *pParse;      /* The parsing context.  Error messages written here */
+-  Schema *pSchema;    /* Fix items to this schema */
+-  u8 bTemp;           /* True for TEMP schema entries */
+-  const char *zDb;    /* Make sure all objects are contained in this database */
+-  const char *zType;  /* Type of the container - used for error messages */
+-  const Token *pName; /* Name of the container - used for error messages */
+-};
+-
+-/*
+ ** An objected used to accumulate the text of a string where we
+ ** do not necessarily know how big the string will be in the end.
+ */
+@@ -3815,9 +3801,25 @@
+     struct RenameCtx *pRename;                /* RENAME COLUMN context */
+     struct Table *pTab;                       /* Table of generated column */
+     struct SrcList_item *pSrcItem;            /* A single FROM clause item */
++    DbFixer *pFix;
+   } u;
+ };
+ 
++/*
++** The following structure contains information used by the sqliteFix...
++** routines as they walk the parse tree to make database references
++** explicit.
++*/
++struct DbFixer {
++  Parse *pParse;      /* The parsing context.  Error messages written here */
++  Walker w;           /* Walker object */
++  Schema *pSchema;    /* Fix items to this schema */
++  u8 bTemp;           /* True for TEMP schema entries */
++  const char *zDb;    /* Make sure all objects are contained in this database */
++  const char *zType;  /* Type of the container - used for error messages */
++  const Token *pName; /* Name of the container - used for error messages */
++};
++
+ /* Forward declarations */
+ int sqlite3WalkExpr(Walker*, Expr*);
+ int sqlite3WalkExprList(Walker*, ExprList*);
+@@ -4527,7 +4529,6 @@
+ int sqlite3FixSrcList(DbFixer*, SrcList*);
+ int sqlite3FixSelect(DbFixer*, Select*);
+ int sqlite3FixExpr(DbFixer*, Expr*);
+-int sqlite3FixExprList(DbFixer*, ExprList*);
+ int sqlite3FixTriggerStep(DbFixer*, TriggerStep*);
+ int sqlite3RealSameAsInt(double,sqlite3_int64);
+ void sqlite3Int64ToText(i64,char*);
+diff -rNu sqlite_before/test/altertab3.test sqlite_after/test/altertab3.test
+--- sqlite_before/test/altertab3.test	2021-09-05 20:50:58.137474551 +0800
++++ sqlite_after/test/altertab3.test	2021-09-05 20:52:09.422798569 +0800
+@@ -253,7 +253,7 @@
+ 
+ do_catchsql_test 11.2 {
+   ALTER TABLE t1 RENAME TO t1x;
+-} {1 {error in trigger b: no such table: abc}}
++} {1 {error in trigger b: no such table: main.abc}}
+ 
+ do_execsql_test 11.3 {
+   DROP TRIGGER b;
+diff -rNu sqlite_before/test/triggerE.test sqlite_after/test/triggerE.test
+--- sqlite_before/test/triggerE.test	2021-09-05 20:50:58.137474551 +0800
++++ sqlite_after/test/triggerE.test	2021-09-05 20:52:09.462799312 +0800
+@@ -58,6 +58,8 @@
+   8 { BEFORE UPDATE ON t1 BEGIN UPDATE t2 SET c = ?; END; }
+   9 { BEFORE UPDATE ON t1 BEGIN UPDATE t2 SET c = 1 WHERE d = ?; END; }
+  10 { AFTER INSERT ON t1 BEGIN SELECT * FROM pragma_stats(?); END; }
++ 11 { BEFORE INSERT ON t1 BEGIN 
++      INSERT INTO t1 SELECT max(b) OVER(ORDER BY $1) FROM t1; END }
+ } {
+   catchsql {drop trigger tr1}
+   do_catchsql_test 1.1.$tn "CREATE TRIGGER tr1 $defn" [list 1 $errmsg]

0005-fix-integer-overflow-on-gigabyte-string.patch

@@ -1,28 +0,0 @@
-From 72210cf3c782ff30867d5c78e13900be9904ba76 Mon Sep 17 00:00:00 2001
-From: zwtmichael <zhuwentao5@huawei.com>
-Date: Mon, 5 Sep 2022 16:49:05 +0800
-Subject: [PATCH] fix integer overflow on gigabyte string
-
-Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
----
- src/printf.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/printf.c b/src/printf.c
-index e635184..fb3689e 100644
---- a/src/printf.c
-+++ b/src/printf.c
-@@ -803,8 +803,8 @@ void sqlite3_str_vappendf(
-       case etSQLESCAPE:           /* %q: Escape ' characters */
-       case etSQLESCAPE2:          /* %Q: Escape ' and enclose in '...' */
-       case etSQLESCAPE3: {        /* %w: Escape " characters */
--        int i, j, k, n, isnull;
--        int needQuote;
-+        i64 i, j, k, n;
-+        int needQuote, isnull;
-         char ch;
-         char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
-         char *escarg;
--- 
-2.25.1
-

0005-uninitialized-value-used-in-pattern-compare.patch

@@ -0,0 +1,28 @@
+diff -Nur sqlite_before/src/func.c sqlite_after/src/func.c
+--- sqlite_before/src/func.c	2021-09-26 16:11:20.573041810 +0800
++++ sqlite_after/src/func.c	2021-09-26 16:16:56.535137866 +0800
+@@ -694,7 +694,8 @@
+       /* Skip over multiple "*" characters in the pattern.  If there
+       ** are also "?" characters, skip those as well, but consume a
+       ** single character of the input string for each "?" skipped */
+-      while( (c=Utf8Read(zPattern)) == matchAll || c == matchOne ){
++      while( (c=Utf8Read(zPattern)) == matchAll 
++             || (c == matchOne && matchOne!=0) ){
+         if( c==matchOne && sqlite3Utf8Read(&zString)==0 ){
+           return SQLITE_NOWILDCARDMATCH;
+         }
+diff -Nur sqlite_before/test/like.test sqlite_after/test/like.test
+--- sqlite_before/test/like.test	2021-09-26 16:11:20.561041592 +0800
++++ sqlite_after/test/like.test	2021-09-26 16:17:03.575265610 +0800
+@@ -1131,4 +1131,11 @@
+   SELECT id FROM t1 WHERE x LIKE 'abc__' ESCAPE '_';
+ } {2}
+ 
++# 2021-02-15 ticket c0aeea67d58ae0fd
++#
++do_execsql_test 17.1 {
++  SELECT 'x' LIKE '%' ESCAPE '_';
++} {1}
++
++
+ finish_test

0006-CVE-2022-46908.patch

@@ -1,53 +0,0 @@
-From 040177c01a76ccb631bbe19a445f716f0d7b9458 Mon Sep 17 00:00:00 2001
-From: zwtmichael <zhuwentao5@huawei.com>
-Date: Thu, 15 Dec 2022 09:49:15 +0800
-Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
-
-Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
----
- src/shell.c.in   |  4 ++--
- test/shell2.test | 11 +++++++++++
- 2 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/src/shell.c.in b/src/shell.c.in
-index 543141c..2c1e013 100644
---- a/src/shell.c.in
-+++ b/src/shell.c.in
-@@ -1829,7 +1829,7 @@ static int safeModeAuth(
-     "zipfile",
-     "zipfile_cds",
-   };
--  UNUSED_PARAMETER(zA2);
-+  UNUSED_PARAMETER(zA1);
-   UNUSED_PARAMETER(zA3);
-   UNUSED_PARAMETER(zA4);
-   switch( op ){
-@@ -1840,7 +1840,7 @@ static int safeModeAuth(
-     case SQLITE_FUNCTION: {
-       int i;
-       for(i=0; i<ArraySize(azProhibitedFunctions); i++){
--        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
-+        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
-           failIfSafeMode(p, "cannot use the %s() function in safe mode",
-                          azProhibitedFunctions[i]);
-         }
-diff --git a/test/shell2.test b/test/shell2.test
-index 6b4dff5..c3777eb 100644
---- a/test/shell2.test
-+++ b/test/shell2.test
-@@ -188,4 +188,15 @@ b
- 2
- }}
- 
-+# Verify that safe mode rejects certain UDFs
-+# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
-+do_test shell2-1.4.8 {
-+  catchcmd "-safe :memory:" {
-+ SELECT edit('DoNotCare');}
-+} {1 {line 2: cannot use the edit() function in safe mode}}
-+do_test shell2-1.4.9 {
-+  catchcmd "-safe :memory:" {
-+ SELECT writefile('DoNotCare', x'');}
-+} {1 {line 2: cannot use the writefile() function in safe mode}}
-+
- finish_test

sqlite.spec

@@ -1,26 +1,25 @@
 %bcond_without check
 
-%global extver 3370200
+%global extver 3340000
 %global tcl_version 8.6
 %global tcl_sitearch %{_libdir}/tcl%{tcl_version}
 
 Name:    sqlite
-Version: 3.37.2
-Release: 5
+Version: 3.34.0
+Release: 4
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
 
-Source0: https://www.sqlite.org/2022/sqlite-src-%{extver}.zip
-Source1: http://www.sqlite.org/2022/sqlite-doc-%{extver}.zip
-Source2: https://www.sqlite.org/2022/sqlite-autoconf-%{extver}.tar.gz
+Source0: https://www.sqlite.org/2020/sqlite-src-%{extver}.zip
+Source1: http://www.sqlite.org/2020/sqlite-doc-%{extver}.zip
+Source2: https://www.sqlite.org/2020/sqlite-autoconf-%{extver}.tar.gz
 
 Patch1: 0001-sqlite-no-malloc-usable-size.patch
 Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
-Patch3: 0003-CVE-2022-35737.patch
-Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch
-Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch
-Patch6: 0006-CVE-2022-46908.patch
+Patch3: 0003-infinite-loop-in-trim-function.patch
+Patch4: 0004-null-ref-in-trigger.patch
+Patch5: 0005-uninitialized-value-used-in-pattern-compare.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@@ -68,13 +67,12 @@ This contains man files and HTML files for the using of sqlite.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
-%patch6 -p1
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
 
-%build
-
 autoconf
+
+%build
 export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
                -DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=3 \
                -DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 \
@@ -115,10 +113,6 @@ export MALLOC_CHECK_=3
 %else
 rm test/csv01.test
 %endif
-%ifarch loongarch64
-rm -rf test/thread1.test
-rm -rf test/thread2.test
-%endif
 
 make test
 %endif # with check
@@ -143,30 +137,6 @@ make test
 %{_mandir}/man*/*
 
 %changelog
-* Fri Jan 13 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.37.2-5
-- remove fail testcase for loongarch
-
-* Wed Dec 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-4
-- fix the CVE-2022-46908
-
-* Wed Sep 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-3
-- fix build problem
-
-* Mon Sep 5 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-2
-- fix integer overflow on gigabyte string
-
-* Mon Aug 29 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-1
-- update to 3.37.2
-
-* Tue Aug 16 2022 liusirui <liusirui@huawei.com> - 3.36.0-3
-- fix the CVE-2022-35737.
-
-* Sat Nov 27 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-2
-- fix the CVE-2021-36690.
-
-* Fri Nov 25 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-1
-- update to 3.36.0.
-
 * Fri Sep 26 2021 wbq_sky <wangbingquan@huawei.com> - 3.34.0-4
 - fix the uninitialized value used in pattern match.