!118 同步社区补丁

From: @noodlesland Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
sync the patch from 2203
2024-11-11 09:29:06 +00:00 · 2024-11-11 09:06:50 +00:00 · 2024-09-06 02:29:15 +00:00 · 2024-09-05 18:10:18 +08:00 · 2024-02-29 06:06:11 +00:00 · 2024-02-28 18:11:48 +08:00
67 changed files with 272 additions and 2958 deletions
@@ -1,291 +0,0 @@
-Index: ext/fts3/fts3.c
-==================================================================
--- ext/fts3/fts3.c
-+++ ext/fts3/fts3.c
-@@ -1819,11 +1819,11 @@
- ){
-   int rc = SQLITE_OK;             /* Return code */
-   const char *zCsr = zNode;       /* Cursor to iterate through node */
-   const char *zEnd = &zCsr[nNode];/* End of interior node buffer */
-   char *zBuffer = 0;              /* Buffer to load terms into */
-  int nAlloc = 0;                 /* Size of allocated buffer */
-+  i64 nAlloc = 0;                 /* Size of allocated buffer */
-   int isFirstTerm = 1;            /* True when processing first term on page */
-   sqlite3_int64 iChild;           /* Block id of child node to descend to */
- 
-   /* Skip over the 'height' varint that occurs at the start of every 
-   ** interior node. Then load the blockid of the left-child of the b-tree
-@@ -1857,18 +1857,18 @@
-     }
-     isFirstTerm = 0;
-     zCsr += fts3GetVarint32(zCsr, &nSuffix);
-     
-     assert( nPrefix>=0 && nSuffix>=0 );
-    if( &zCsr[nSuffix]>zEnd ){
-+    if( nPrefix>zCsr-zNode || nSuffix>zEnd-zCsr ){
-       rc = FTS_CORRUPT_VTAB;
-       goto finish_scan;
-     }
-    if( nPrefix+nSuffix>nAlloc ){
-+    if( (i64)nPrefix+nSuffix>nAlloc ){
-       char *zNew;
-      nAlloc = (nPrefix+nSuffix) * 2;
-      zNew = (char *)sqlite3_realloc(zBuffer, nAlloc);
-+      nAlloc = ((i64)nPrefix+nSuffix) * 2;
-+      zNew = (char *)sqlite3_realloc64(zBuffer, nAlloc);
-       if( !zNew ){
-         rc = SQLITE_NOMEM;
-         goto finish_scan;
-       }
-       zBuffer = zNew;
-
-Index: ext/fts3/fts3_write.c
-==================================================================
--- ext/fts3/fts3_write.c
-+++ ext/fts3/fts3_write.c
-@@ -1372,19 +1372,23 @@
-   
-   /* Because of the FTS3_NODE_PADDING bytes of padding, the following is 
-   ** safe (no risk of overread) even if the node data is corrupted. */
-   pNext += fts3GetVarint32(pNext, &nPrefix);
-   pNext += fts3GetVarint32(pNext, &nSuffix);
-  if( nPrefix<0 || nSuffix<=0 
-   || &pNext[nSuffix]>&pReader->aNode[pReader->nNode] 
-+  if( nSuffix<=0 
-+   || (&pReader->aNode[pReader->nNode] - pNext)<nSuffix
-+   || nPrefix>pReader->nTermAlloc
-   ){
-     return FTS_CORRUPT_VTAB;
-   }
- 
-  if( nPrefix+nSuffix>pReader->nTermAlloc ){
-    int nNew = (nPrefix+nSuffix)*2;
-    char *zNew = sqlite3_realloc(pReader->zTerm, nNew);
-+  /* Both nPrefix and nSuffix were read by fts3GetVarint32() and so are
-+  ** between 0 and 0x7FFFFFFF. But the sum of the two may cause integer
-+  ** overflow - hence the (i64) casts.  */
-+  if( (i64)nPrefix+nSuffix>(i64)pReader->nTermAlloc ){
-+    i64 nNew = ((i64)nPrefix+nSuffix)*2;
-+    char *zNew = sqlite3_realloc64(pReader->zTerm, nNew);
-     if( !zNew ){
-       return SQLITE_NOMEM;
-     }
-     pReader->zTerm = zNew;
-     pReader->nTermAlloc = nNew;
-@@ -1402,11 +1406,11 @@
- 
-   /* Check that the doclist does not appear to extend past the end of the
-   ** b-tree node. And that the final byte of the doclist is 0x00. If either 
-   ** of these statements is untrue, then the data structure is corrupt.
-   */
-  if( &pReader->aDoclist[pReader->nDoclist]>&pReader->aNode[pReader->nNode] 
-+  if( (&pReader->aNode[pReader->nNode] - pReader->aDoclist)<pReader->nDoclist
-    || (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1])
-   ){
-     return FTS_CORRUPT_VTAB;
-   }
-   return SQLITE_OK;
-@@ -3728,25 +3732,30 @@
-     if( bFirst==0 ){
-       p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nPrefix);
-     }
-     p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nSuffix);
- 
-+    if( nPrefix>p->iOff || nSuffix>p->nNode-p->iOff ){
-+      return SQLITE_CORRUPT_VTAB;
-+    }
-     blobGrowBuffer(&p->term, nPrefix+nSuffix, &rc);
-     if( rc==SQLITE_OK ){
-       memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix);
-       p->term.n = nPrefix+nSuffix;
-       p->iOff += nSuffix;
-       if( p->iChild==0 ){
-         p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &p->nDoclist);
-+        if( (p->nNode-p->iOff)<p->nDoclist ){
-+          return SQLITE_CORRUPT_VTAB;
-+        }
-         p->aDoclist = &p->aNode[p->iOff];
-         p->iOff += p->nDoclist;
-       }
-     }
-   }
- 
-   assert( p->iOff<=p->nNode );
-
-   return rc;
- }
- 
- /*
- ** Release all dynamic resources held by node-reader object *p.
-
-ADDED   test/fts3corrupt4.test
-Index: test/fts3corrupt4.test
-==================================================================
--- test/fts3corrupt4.test
-+++ test/fts3corrupt4.test
-@@ -0,0 +1,147 @@
-+# 2006 September 9
-+#
-+# The author disclaims copyright to this source code.  In place of
-+# a legal notice, here is a blessing:
-+#
-+#    May you do good and not evil.
-+#    May you find forgiveness for yourself and forgive others.
-+#    May you share freely, never taking more than you give.
-+#
-+#*************************************************************************
-+# This file implements regression tests for SQLite library.  The
-+# focus of this script is testing the FTS3 module.
-+#
-+# $Id: fts3aa.test,v 1.1 2007/08/20 17:38:42 shess Exp $
-+#
-+
-+set testdir [file dirname $argv0]
-+source $testdir/tester.tcl
-+set testprefix fts3corrupt4
-+
-+# If SQLITE_ENABLE_FTS3 is defined, omit this file.
-+ifcapable !fts3 {
-+  finish_test
-+  return
-+}
-+
-+do_execsql_test 1.0 {
-+  BEGIN;
-+    CREATE VIRTUAL TABLE ft USING fts3;
-+    INSERT INTO ft VALUES('aback');
-+    INSERT INTO ft VALUES('abaft');
-+    INSERT INTO ft VALUES('abandon');
-+  COMMIT;
-+}
-+
-+proc blob {a} { binary decode hex $a }
-+db func blob blob
-+
-+do_execsql_test 1.1 {
-+  SELECT quote(root) FROM ft_segdir;
-+} {X'0005616261636B03010200030266740302020003046E646F6E03030200'}
-+
-+do_execsql_test 1.2 {
-+  UPDATE ft_segdir SET root = blob(
-+    '0005616261636B03010200 FFFFFFFF0702 66740302020003046E646F6E03030200'
-+  );
-+}
-+
-+do_catchsql_test 1.3 {
-+  SELECT * FROM ft WHERE ft MATCH 'abandon';
-+} {1 {database disk image is malformed}}
-+
-+#-------------------------------------------------------------------------
-+reset_db
-+do_execsql_test 2.0.0 {
-+  CREATE VIRTUAL TABLE ft USING fts3;
-+  INSERT INTO ft(ft) VALUES('nodesize=32');
-+}
-+do_test 2.0.1 {
-+  for {set i 0} {$i < 12} {incr i} {
-+    execsql {
-+      BEGIN;
-+        INSERT INTO ft VALUES('abc' || $i);
-+        INSERT INTO ft VALUES('abc' || $i || 'x' );
-+        INSERT INTO ft VALUES('abc' || $i || 'xx' );
-+      COMMIT
-+    }
-+  }
-+  execsql {
-+    SELECT count(*) FROM ft_segdir;
-+    SELECT count(*) FROM ft_segments;
-+  }
-+} {12 0}
-+
-+do_execsql_test 2.1 {
-+  INSERT INTO ft(ft) VALUES('merge=1,4');
-+  SELECT count(*) FROM ft_segdir;
-+  SELECT count(*) FROM ft_segments;
-+} {12 3}
-+
-+do_execsql_test 2.2 {
-+  SELECT quote(block) FROM ft_segments WHERE blockid=2
-+} {X'00056162633130031F0200'}
-+
-+db func blob blob
-+do_execsql_test 2.3.1 {
-+  UPDATE ft_segments SET block = 
-+    blob('00056162633130031F0200 FFFFFFFF07FF55 66740302020003046E646F6E03030200')
-+    WHERE blockid=2;
-+} {}
-+do_catchsql_test 2.3.2 {
-+  INSERT INTO ft(ft) VALUES('merge=1,4');
-+} {1 {database disk image is malformed}}
-+
-+do_execsql_test 2.4.1 {
-+  UPDATE ft_segments SET block = 
-+    blob('00056162633130031F0200 02FFFFFFFF07 66740302020003046E646F6E03030200')
-+    WHERE blockid=2;
-+} {}
-+do_catchsql_test 2.4.2 {
-+  INSERT INTO ft(ft) VALUES('merge=1,4');
-+} {1 {database disk image is malformed}}
-+
-+do_execsql_test 2.5.1 {
-+  UPDATE ft_segments SET block = 
-+    blob('00056162633130031F0200 0202 6674 FFFFFF070302020003046E646F6E030200')
-+    WHERE blockid=2;
-+} {}
-+do_catchsql_test 2.5.2 {
-+  INSERT INTO ft(ft) VALUES('merge=1,4');
-+} {1 {database disk image is malformed}}
-+
-+#-------------------------------------------------------------------------
-+reset_db
-+do_execsql_test 3.0.0 {
-+  CREATE VIRTUAL TABLE ft USING fts3;
-+  INSERT INTO ft(ft) VALUES('nodesize=32');
-+}
-+do_test 3.0.1 {
-+  execsql BEGIN
-+  for {set i 0} {$i < 20} {incr i} {
-+    execsql { INSERT INTO ft VALUES('abc' || $i) }
-+  }
-+  execsql {
-+    COMMIT;
-+    SELECT count(*) FROM ft_segdir;
-+    SELECT count(*) FROM ft_segments;
-+  }
-+} {1 5}
-+
-+do_execsql_test 3.1 {
-+  SELECT quote(root) FROM ft_segdir
-+} {X'0101056162633132040136030132030136'}
-+
-+db func blob blob
-+do_execsql_test 3.2 {
-+  UPDATE ft_segdir 
-+  SET root = blob('0101056162633132FFFFFFFF070236030132030136');
-+}
-+
-+do_catchsql_test 3.1 {
-+  SELECT * FROM ft WHERE ft MATCH 'abc20'
-+} {1 {database disk image is malformed}}
-+
-+finish_test
-+
-+
-
-Index: test/permutations.test
-==================================================================
--- test/permutations.test
-+++ test/permutations.test
-@@ -253,10 +253,11 @@
-   fts3ae.test fts3af.test fts3ag.test fts3ah.test
-   fts3ai.test fts3aj.test fts3ak.test fts3al.test
-   fts3am.test fts3an.test fts3ao.test fts3atoken.test
-   fts3auto.test fts3aux1.test fts3aux2.test fts3b.test
-   fts3comp1.test fts3conf.test fts3corrupt2.test fts3corrupt.test
-+  fts3corrupt4.test
-   fts3cov.test fts3c.test fts3defer2.test fts3defer3.test
-   fts3defer.test fts3drop.test fts3d.test fts3e.test
-   fts3expr2.test fts3expr3.test fts3expr4.test fts3expr5.test
-   fts3expr.test fts3fault2.test fts3fault.test fts3first.test
-   fts3join.test fts3malloc.test fts3matchinfo.test fts3near.test
-
@@ -1,46 +0,0 @@
-From 8b729f3011e608c73624ce823a3f8d811f4684cb Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Wed, 6 Jun 2018 18:50:50 +0000
-Subject: [PATCH 0037/1009] Fix the sqlite3BeginTrans() calls within the
- snapshot extension.
-
-From https://github.com/mackyle/sqlite/commit/8b729f3011e608c73624ce823a3f8d811f4684cb
-
---
- src/main.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/main.c b/src/main.c
-index 8e89cc5..a2b994f 100644
--- a/src/main.c
-+++ b/src/main.c
-@@ -4115,7 +4115,7 @@ int sqlite3_snapshot_get(
-     if( iDb==0 || iDb>1 ){
-       Btree *pBt = db->aDb[iDb].pBt;
-       if( 0==sqlite3BtreeIsInTrans(pBt) ){
-        rc = sqlite3BtreeBeginTrans(pBt, 0);
-+        rc = sqlite3BtreeBeginTrans(pBt, 0, 0);
-         if( rc==SQLITE_OK ){
-           rc = sqlite3PagerSnapshotGet(sqlite3BtreePager(pBt), ppSnapshot);
-         }
-@@ -4153,7 +4153,7 @@ int sqlite3_snapshot_open(
-       if( 0==sqlite3BtreeIsInReadTrans(pBt) ){
-         rc = sqlite3PagerSnapshotOpen(sqlite3BtreePager(pBt), pSnapshot);
-         if( rc==SQLITE_OK ){
-          rc = sqlite3BtreeBeginTrans(pBt, 0);
-+          rc = sqlite3BtreeBeginTrans(pBt, 0, 0);
-           sqlite3PagerSnapshotOpen(sqlite3BtreePager(pBt), 0);
-         }
-       }
-@@ -4185,7 +4185,7 @@ int sqlite3_snapshot_recover(sqlite3 *db, const char *zDb){
-   if( iDb==0 || iDb>1 ){
-     Btree *pBt = db->aDb[iDb].pBt;
-     if( 0==sqlite3BtreeIsInReadTrans(pBt) ){
-      rc = sqlite3BtreeBeginTrans(pBt, 0);
-+      rc = sqlite3BtreeBeginTrans(pBt, 0, 0);
-       if( rc==SQLITE_OK ){
-         rc = sqlite3PagerSnapshotRecover(sqlite3BtreePager(pBt));
-         sqlite3BtreeCommit(pBt);
-- 
-1.8.3.1
-
@@ -1,28 +0,0 @@
-From 06a87a928ee3f272e1a25f15a8a55ad55da636f3 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Wed, 6 Jun 2018 23:31:26 +0000
-Subject: [PATCH 0042/1009] Change a comma into a logically equivalent but
- semantically clearer semicolon.
-
-From https://github.com/mackyle/sqlite/commit/06a87a928ee3f272e1a25f15a8a55ad55da636f3
-
---
- src/alter.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/alter.c b/src/alter.c
-index 51d4a40..f338e8b 100644
--- a/src/alter.c
-+++ b/src/alter.c
-@@ -142,7 +142,7 @@ static void renameParentFunc(
-     }
-   }
- 
-  zResult = sqlite3MPrintf(db, "%s%s", (zOutput?zOutput:""), zInput), 
-+  zResult = sqlite3MPrintf(db, "%s%s", (zOutput?zOutput:""), zInput);
-   sqlite3_result_text(context, zResult, -1, SQLITE_DYNAMIC);
-   sqlite3DbFree(db, zOutput);
- }
-- 
-1.8.3.1
-
@@ -1,27 +0,0 @@
-From 41e8f704c9afd4b9601ac3da2c5c1d6387346806 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Sat, 9 Jun 2018 20:52:45 +0000
-Subject: [PATCH 0064/1009] Fix a typo in the amalgamation autoconf file.
-
-From https://github.com/mackyle/sqlite/commit/41e8f704c9afd4b9601ac3da2c5c1d6387346806
-
---
- autoconf/configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/autoconf/configure.ac b/autoconf/configure.ac
-index 8ba2218..76579c0 100644
--- a/autoconf/configure.ac
-+++ b/autoconf/configure.ac
-@@ -153,7 +153,7 @@ AC_SUBST(SESSION_FLAGS)
- #
- AC_ARG_ENABLE(debug, [AS_HELP_STRING(
-   [--enable-debug], [build with debugging features enabled [default=no]])], 
-  [], [enable_session=no])
-+  [], [enable_debug=no])
- if test x"$enable_debug" = "xyes"; then
-   DEBUG_FLAGS="-DSQLITE_DEBUG -DSQLITE_ENABLE_SELECTTRACE -DSQLITE_ENABLE_WHERETRACE"
- fi
-- 
-1.8.3.1
-
@@ -1,27 +0,0 @@
-From c0506beeac8e92586d1dcdaa0aceeed366c8b62d Mon Sep 17 00:00:00 2001
-From: Joe Mistachkin <sqlite@mistachkin.com>
-Date: Mon, 18 Jun 2018 19:09:30 +0000
-Subject: [PATCH 0096/1009] Fix typo in the 'normalize' extension.
-
-From https://github.com/mackyle/sqlite/commit/c0506beeac8e92586d1dcdaa0aceeed366c8b62d
-
---
- ext/misc/normalize.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/misc/normalize.c b/ext/misc/normalize.c
-index fd656f1..5997ec1 100644
--- a/ext/misc/normalize.c
-+++ b/ext/misc/normalize.c
-@@ -593,7 +593,7 @@ char *sqlite3_normalize(const char *zSql){
-     }
-   }
-   while( j>0 && z[j-1]==' ' ){ j--; }
-  if( i>0 && z[j-1]!=';' ){ z[j++] = ';'; }
-+  if( j>0 && z[j-1]!=';' ){ z[j++] = ';'; }
-   z[j] = 0;
- 
-   /* Make a second pass converting "in(...)" where the "..." is not a
-- 
-1.8.3.1
-
@@ -1,67 +0,0 @@
-From 9627c47a03bfa5aa59fa59b1ef37d8fa524fd9f2 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Sat, 30 Jun 2018 20:00:35 +0000
-Subject: [PATCH 0121/1009] Fix a minor problem in the code for determining
- whether or not an SQL statement is SQLITE_TOOBIG.
-
-From https://github.com/mackyle/sqlite/commit/9627c47a03bfa5aa59fa59b1ef37d8fa524fd9f2
-
---
- src/alter.c    | 4 ++--
- src/tokenize.c | 7 ++++++-
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/src/alter.c b/src/alter.c
-index f338e8b..2d7a5d6 100644
--- a/src/alter.c
-+++ b/src/alter.c
-@@ -74,7 +74,7 @@ static void renameTableFunc(
-         zCsr += len;
-         len = sqlite3GetToken(zCsr, &token);
-       } while( token==TK_SPACE );
-      assert( len>0 );
-+      assert( len>0 || !*zCsr );
-     } while( token!=TK_LP && token!=TK_USING );
- 
-     zRet = sqlite3MPrintf(db, "%.*s\"%w\"%s", (int)(((u8*)tname.z) - zSql),
-@@ -198,7 +198,7 @@ static void renameTriggerFunc(
-         zCsr += len;
-         len = sqlite3GetToken(zCsr, &token);
-       }while( token==TK_SPACE );
-      assert( len>0 );
-+      assert( len>0 || !*zCsr );
- 
-       /* Variable 'dist' stores the number of tokens read since the most
-       ** recent TK_DOT or TK_ON. This means that when a WHEN, FOR or BEGIN 
-diff --git a/src/tokenize.c b/src/tokenize.c
-index 15678ed..fc5989c 100644
--- a/src/tokenize.c
-+++ b/src/tokenize.c
-@@ -54,11 +54,12 @@
- #define CC_TILDA     25    /* '~' */
- #define CC_DOT       26    /* '.' */
- #define CC_ILLEGAL   27    /* Illegal character */
-+#define CC_NUL       28    /* 0x00 */
- 
- static const unsigned char aiClass[] = {
- #ifdef SQLITE_ASCII
- /*         x0  x1  x2  x3  x4  x5  x6  x7  x8  x9  xa  xb  xc  xd  xe  xf */
-/* 0x */   27, 27, 27, 27, 27, 27, 27, 27, 27,  7,  7, 27,  7,  7, 27, 27,
-+/* 0x */   28, 27, 27, 27, 27, 27, 27, 27, 27,  7,  7, 27,  7,  7, 27, 27,
- /* 1x */   27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
- /* 2x */    7, 15,  8,  5,  4, 22, 24,  8, 17, 18, 21, 20, 23, 11, 26, 16,
- /* 3x */    3,  3,  3,  3,  3,  3,  3,  3,  3,  3,  5, 19, 12, 14, 13,  6,
-@@ -532,6 +533,10 @@ int sqlite3GetToken(const unsigned char *z, int *tokenType){
-       i = 1;
-       break;
-     }
-+    case CC_NUL: {
-+      *tokenType = TK_ILLEGAL;
-+      return 0;
-+    }
-     default: {
-       *tokenType = TK_ILLEGAL;
-       return 1;
-- 
-1.8.3.1
-
@@ -1,29 +0,0 @@
-From 7173baee93fed1c0a20bb02350c22ab219e4654b Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Sun, 1 Jul 2018 16:05:40 +0000
-Subject: [PATCH 0123/1009] Quick patch to the Lemon parser template to avoid
- an array overread reported by OSSFuzz.  A proper fix involves enhancements to
- the table generators in Lemon to make the overread impossible.  That fix will
- take longer to implement.  The current check-in is a stop-gap.
-
-From https://github.com/mackyle/sqlite/commit/7173baee93fed1c0a20bb02350c22ab219e4654b
-
---
- tool/lempar.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/tool/lempar.c b/tool/lempar.c
-index 450dcde..e19aba4 100644
--- a/tool/lempar.c
-+++ b/tool/lempar.c
-@@ -550,6 +550,7 @@ static YYACTIONTYPE yy_find_shift_action(
- #if YY_SHIFT_MAX+YYWILDCARD>=YY_ACTTAB_COUNT
-           j<YY_ACTTAB_COUNT &&
- #endif
-+          j<sizeof(yy_lookahead)/sizeof(yy_lookahead[0]) &&
-           yy_lookahead[j]==YYWILDCARD && iLookAhead>0
-         ){
- #ifndef NDEBUG
-- 
-1.8.3.1
-
@@ -1,28 +0,0 @@
-From 8a6d814cd2574e878ab45c8bbf209212bd705e47 Mon Sep 17 00:00:00 2001
-From: Joe Mistachkin <sqlite@mistachkin.com>
-Date: Sat, 8 Sep 2018 16:53:47 +0000
-Subject: [PATCH 0352/1009] Fix typo in the Win32-specific code for the fileio
- extension.
-
-https://github.com/mackyle/sqlite/commit/8a6d814cd2574e878ab45c8bbf209212bd705e47
-
---
- ext/misc/fileio.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/misc/fileio.c b/ext/misc/fileio.c
-index b734ca0..816a353 100644
--- a/ext/misc/fileio.c
-+++ b/ext/misc/fileio.c
-@@ -204,7 +204,7 @@ static void statTimesToUtc(
-   extern LPWSTR sqlite3_win32_utf8_to_unicode(const char*);
-   zUnicodeName = sqlite3_win32_utf8_to_unicode(zPath);
-   if( zUnicodeName ){
-    memset(&fd, 0, sizeof(WIN32_FIND_DATA));
-+    memset(&fd, 0, sizeof(WIN32_FIND_DATAW));
-     hFindFile = FindFirstFileW(zUnicodeName, &fd);
-     if( hFindFile!=NULL ){
-       pStatBuf->st_ctime = (time_t)fileTimeToUnixTime(&fd.ftCreationTime);
-- 
-1.8.3.1
-
@@ -1,55 +0,0 @@
-From 8bc9e8b38de805a0c02db12c6afe796a47b22747 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Tue, 11 Sep 2018 13:38:35 +0000
-Subject: [PATCH 0363/1009] Fix a problem causing ENABLE_CURSOR_HINTS builds to
- segfault.
-
-https://github.com/mackyle/sqlite/commit/8bc9e8b38de805a0c02db12c6afe796a47b22747
-
---
- src/wherecode.c       |  4 +---
- test/cursorhint2.test | 15 +++++++++++++++
- 2 files changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/src/wherecode.c b/src/wherecode.c
-index 8251923..07de2c6 100644
--- a/src/wherecode.c
-+++ b/src/wherecode.c
-@@ -886,9 +886,7 @@ static int codeCursorHintFixExpr(Walker *pWalker, Expr *pExpr){
-     if( pExpr->iTable!=pHint->iTabCur ){
-       Vdbe *v = pWalker->pParse->pVdbe;
-       int reg = ++pWalker->pParse->nMem;   /* Register for column value */
-      sqlite3ExprCodeGetColumnOfTable(
-          v, pExpr->pTab, pExpr->iTable, pExpr->iColumn, reg
-      );
-+      sqlite3ExprCode(pWalker->pParse, pExpr, reg);
-       pExpr->op = TK_REGISTER;
-       pExpr->iTable = reg;
-     }else if( pHint->pIdx!=0 ){
-diff --git a/test/cursorhint2.test b/test/cursorhint2.test
-index 0175568..a78d151 100644
--- a/test/cursorhint2.test
-+++ b/test/cursorhint2.test
-@@ -186,4 +186,19 @@ do_extract_hints_test 2.12 {
-   x2 {EQ(c0,r[2])}
- }
- 
-+reset_db
-+do_execsql_test 3.0 {
-+  CREATE TABLE t1 (i1 TEXT);    
-+  CREATE TABLE t2 (i2 TEXT UNIQUE);    
-+  INSERT INTO t1 VALUES('0');
-+  INSERT INTO t2 VALUES('0');
-+}
-+
-+do_extract_hints_test 3.1 {
-+  SELECT * FROM t1 CROSS JOIN t2 WHERE (t1.i1 = t2.i2) AND t2.i2 = 1;
-+} {
-+  t1 {EQ(c0,r[1])} t2 EQ(c0,1)
-+}
-+
-+
- finish_test
-- 
-1.8.3.1
-
@@ -1,33 +0,0 @@
-From 2b256aaaae3c32e69a5a4c24d7bb22bbc7232f88 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Mon, 1 Oct 2018 13:54:30 +0000
-Subject: [PATCH 0435/1009] Fix a potential crash that can occur while reading
- an index from a corrupt database file.  The corruption is a
- record-header-size that is larger than 0x7fffffff.  Problem detected by
- OSSFuzz against GDAL and reported to us (with a suggested fix) by Even
- Rouault.  The test case is in TH3.
-
-https://github.com/mackyle/sqlite/commit/2b256aaaae3c32e69a5a4c24d7bb22bbc7232f88
-
---
- src/vdbeaux.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/vdbeaux.c b/src/vdbeaux.c
-index 5ec3d13..99df435 100644
--- a/src/vdbeaux.c
-+++ b/src/vdbeaux.c
-@@ -4557,7 +4557,9 @@ int sqlite3VdbeIdxRowid(sqlite3 *db, BtCursor *pCur, i64 *rowid){
-   (void)getVarint32((u8*)m.z, szHdr);
-   testcase( szHdr==3 );
-   testcase( szHdr==m.n );
-  if( unlikely(szHdr<3 || (int)szHdr>m.n) ){
-+  testcase( szHdr>0x7fffffff );
-+  assert( m.n>=0 );
-+  if( unlikely(szHdr<3 || szHdr>(unsigned)m.n) ){
-     goto idx_rowid_corruption;
-   }
- 
-- 
-1.8.3.1
-
@@ -1,34 +0,0 @@
-From c0ead185cc44359ecb406e9f7e21b964393f96d8 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Thu, 11 Oct 2018 10:37:24 +0000
-Subject: [PATCH 0453/1009] In the CLI, fix a file descriptor leak following
- OOM and a missing va_end() call.
-
---
- src/shell.c.in | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/shell.c.in b/src/shell.c.in
-index a5ab143..c1db72c 100644
--- a/src/shell.c.in
-+++ b/src/shell.c.in
-@@ -3592,7 +3592,7 @@ static char *readFile(const char *zName, int *pnByte){
-   nIn = ftell(in);
-   rewind(in);
-   pBuf = sqlite3_malloc64( nIn+1 );
-  if( pBuf==0 ) return 0;
-+  if( pBuf==0 ){ fclose(in); return 0; }
-   nRead = fread(pBuf, nIn, 1, in);
-   fclose(in);
-   if( nRead!=1 ){
-@@ -4976,6 +4976,7 @@ static void shellPreparePrintf(
-     char *z;
-     va_start(ap, zFmt);
-     z = sqlite3_vmprintf(zFmt, ap);
-+    va_end(ap);
-     if( z==0 ){
-       *pRc = SQLITE_NOMEM;
-     }else{
-- 
-1.8.3.1
-
@@ -1,35 +0,0 @@
-From 8dba5edb332d9bdf8b856c26404c8043bdfd4192 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Thu, 18 Oct 2018 15:17:18 +0000
-Subject: [PATCH 0460/1009] Take steps to avoid a potential integer overflow in
- sessionBufferGrow().
-
-https://github.com/mackyle/sqlite/commit/8dba5edb332d9bdf8b856c26404c8043bdfd4192
-
---
- ext/session/sqlite3session.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
-index 20810ee..a1ca9a7 100644
--- a/ext/session/sqlite3session.c
-+++ b/ext/session/sqlite3session.c
-@@ -1794,12 +1794,12 @@ int sqlite3session_attach(
- static int sessionBufferGrow(SessionBuffer *p, int nByte, int *pRc){
-   if( *pRc==SQLITE_OK && p->nAlloc-p->nBuf<nByte ){
-     u8 *aNew;
-    int nNew = p->nAlloc ? p->nAlloc : 128;
-+    i64 nNew = p->nAlloc ? p->nAlloc : 128;
-     do {
-       nNew = nNew*2;
-    }while( nNew<(p->nBuf+nByte) );
-+    }while( (nNew-p->nBuf)<nByte );
- 
-    aNew = (u8 *)sqlite3_realloc(p->aBuf, nNew);
-+    aNew = (u8 *)sqlite3_realloc64(p->aBuf, nNew);
-     if( 0==aNew ){
-       *pRc = SQLITE_NOMEM;
-     }else{
-- 
-1.8.3.1
-
@@ -1,40 +0,0 @@
-From 259c8907624a568bd0faa10687f659c9321f9a05 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Mon, 29 Oct 2018 18:33:42 +0000
-Subject: [PATCH 0473/1009] Fix minor memory leak in the dbstat extension that
- can occur following an attempt to analyze a corrupt database file.
-
-From https://github.com/mackyle/sqlite/commit/259c8907624a568bd0faa10687f659c9321f9a05
-
---
- src/dbstat.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/dbstat.c b/src/dbstat.c
-index 432cfae..b746fa0 100644
--- a/src/dbstat.c
-+++ b/src/dbstat.c
-@@ -254,7 +254,7 @@ static int statOpen(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor){
-   return SQLITE_OK;
- }
- 
-static void statClearPage(StatPage *p){
-+static void statClearCells(StatPage *p){
-   int i;
-   if( p->aCell ){
-     for(i=0; i<p->nCell; i++){
-@@ -262,6 +262,11 @@ static void statClearPage(StatPage *p){
-     }
-     sqlite3_free(p->aCell);
-   }
-+  p->nCell = 0;
-+  p->aCell = 0;
-+}
-+static void statClearPage(StatPage *p){
-+  statClearCells(p);
-   sqlite3PagerUnref(p->pPg);
-   sqlite3_free(p->zPath);
-   memset(p, 0, sizeof(StatPage));
-- 
-1.8.3.1
-
@@ -1,85 +0,0 @@
-From 54e058c2c503364cd316bf9c73e253dffa5285a4 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Tue, 27 Nov 2018 19:47:55 +0000
-Subject: [PATCH 0548/1009] Fix a failing assert() in
- sqlite3ResetAllSchemasOfConnection().
-
-https://github.com/mackyle/sqlite/commit/54e058c2c503364cd316bf9c73e253dffa5285a4
-
---
- src/build.c        | 11 ++++++++---
- test/vtab_err.test | 23 ++++++++++++++++++++++-
- 2 files changed, 30 insertions(+), 4 deletions(-)
-
-diff --git a/src/build.c b/src/build.c
-index fca5a92..bed8295 100644
--- a/src/build.c
-+++ b/src/build.c
-@@ -544,17 +544,22 @@ void sqlite3ResetOneSchema(sqlite3 *db, int iDb){
- void sqlite3ResetAllSchemasOfConnection(sqlite3 *db){
-   int i;
-   sqlite3BtreeEnterAll(db);
-  assert( db->nSchemaLock==0 );
-   for(i=0; i<db->nDb; i++){
-     Db *pDb = &db->aDb[i];
-     if( pDb->pSchema ){
-      sqlite3SchemaClear(pDb->pSchema);
-+      if( db->nSchemaLock==0 ){
-+        sqlite3SchemaClear(pDb->pSchema);
-+      }else{
-+        DbSetProperty(db, i, DB_ResetWanted);
-+      }
-     }
-   }
-   db->mDbFlags &= ~(DBFLAG_SchemaChange|DBFLAG_SchemaKnownOk);
-   sqlite3VtabUnlockList(db);
-   sqlite3BtreeLeaveAll(db);
-  sqlite3CollapseDatabaseArray(db);
-+  if( db->nSchemaLock==0 ){
-+    sqlite3CollapseDatabaseArray(db);
-+  }
- }
- 
- /*
-diff --git a/test/vtab_err.test b/test/vtab_err.test
-index cb40acd..cfc5fc3 100644
--- a/test/vtab_err.test
-+++ b/test/vtab_err.test
-@@ -20,7 +20,6 @@ ifcapable !vtab {
- }
- 
- 
-
- unset -nocomplain echo_module_begin_fail
- do_ioerr_test vtab_err-1 -tclprep {
-   register_echo_module [sqlite3_connection_pointer db]
-@@ -63,4 +62,26 @@ do_malloc_test vtab_err-2 -tclprep {
- 
- sqlite3_memdebug_fail -1
- 
-+reset_db
-+register_echo_module [sqlite3_connection_pointer db]
-+do_execsql_test vtab_err-3.0 {
-+  CREATE TABLE r(a PRIMARY KEY, b, c);
-+  CREATE VIRTUAL TABLE e USING echo(r);
-+}
-+faultsim_save_and_close
-+
-+do_faultsim_test vtab_err-3 -faults oom-t* -prep {
-+  faultsim_restore_and_reopen
-+  register_echo_module [sqlite3_connection_pointer db]
-+} -body {
-+  execsql {
-+    BEGIN;
-+      CREATE TABLE xyz(x);
-+      SELECT a FROM e;
-+    COMMIT;
-+  }
-+} -test {
-+  faultsim_test_result {0 {}}
-+}
-+
- finish_test
-- 
-1.8.3.1
-
@@ -1,32 +0,0 @@
-From f75ff65c0027041b95647acdb86abf0dc1158f55 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Mon, 3 Dec 2018 01:47:41 +0000
-Subject: [PATCH 0562/1009] Fix a parser bug in the use of parentheses around
- table-valued functions.
-
-https://github.com/mackyle/sqlite/commit/f75ff65c0027041b95647acdb86abf0dc1158f55
-
---
- src/parse.y         |  6 ++++++
- 1 files changed, 6 insertions(+), 0 deletion(-)
-
-diff --git a/src/parse.y b/src/parse.y
-index b150c73..3bb28ab 100644
--- a/src/parse.y
-+++ b/src/parse.y
-@@ -664,6 +664,12 @@ seltablist(A) ::= stl_prefix(A) nm(Y) dbnm(D) LP exprlist(E) RP as(Z)
-         pNew->zName = pOld->zName;
-         pNew->zDatabase = pOld->zDatabase;
-         pNew->pSelect = pOld->pSelect;
-+        if( pOld->fg.isTabFunc ){
-+          pNew->u1.pFuncArg = pOld->u1.pFuncArg;
-+          pOld->u1.pFuncArg = 0;
-+          pOld->fg.isTabFunc = 0;
-+          pNew->fg.isTabFunc = 1;
-+        }
-         pOld->zName = pOld->zDatabase = 0;
-         pOld->pSelect = 0;
-       }
-- 
-1.8.3.1
-
@@ -1,41 +0,0 @@
-From 3bb789ba44d04e5c7d02abdfce6ff2e51f566db2 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Fri, 14 Dec 2018 17:57:01 +0000
-Subject: [PATCH 0626/1009] Fix possible integer overflow while running PRAGMA
- integrity_check on a database file with a badly corrupted freelist.
-
-https://github.com/mackyle/sqlite/commit/3bb789ba44d04e5c7d02abdfce6ff2e51f566db2
-
---
- src/btree.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/btree.c b/src/btree.c
-index 8b3375e..24a274c 100644
--- a/src/btree.c
-+++ b/src/btree.c
-@@ -9414,18 +9414,18 @@ static void checkList(
-     }
-     pOvflData = (unsigned char *)sqlite3PagerGetData(pOvflPage);
-     if( isFreeList ){
-      int n = get4byte(&pOvflData[4]);
-+      u32 n = (u32)get4byte(&pOvflData[4]);
- #ifndef SQLITE_OMIT_AUTOVACUUM
-       if( pCheck->pBt->autoVacuum ){
-         checkPtrmap(pCheck, iPage, PTRMAP_FREEPAGE, 0);
-       }
- #endif
-      if( n>(int)pCheck->pBt->usableSize/4-2 ){
-+      if( n>pCheck->pBt->usableSize/4-2 ){
-         checkAppendMsg(pCheck,
-            "freelist leaf count too big on page %d", iPage);
-         N--;
-       }else{
-        for(i=0; i<n; i++){
-+        for(i=0; i<(int)n; i++){
-           Pgno iFreePage = get4byte(&pOvflData[8+i*4]);
- #ifndef SQLITE_OMIT_AUTOVACUUM
-           if( pCheck->pBt->autoVacuum ){
-- 
-1.8.3.1
-
@@ -1,54 +0,0 @@
-From af72ceaf22e73fd78e32ef439c1869292b94aaa1 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Thu, 20 Dec 2018 15:04:38 +0000
-Subject: [PATCH 0631/1009] Fix a segfault caused by using the RAISE function
- incorrectly (library now returns an error instead of crashing).
-
-https://github.com/mackyle/sqlite/commit/af72ceaf22e73fd78e32ef439c1869292b94aaa1
-
---
- src/expr.c         |  2 +-
- test/triggerC.test | 16 ++++++++++++++++
- 2 files changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/src/expr.c b/src/expr.c
-index 5d36502..b1a06bd 100644
--- a/src/expr.c
-+++ b/src/expr.c
-@@ -4745,7 +4745,7 @@ int sqlite3ExprCompare(Parse *pParse, Expr *pA, Expr *pB, int iTab){
-     }
-     return 2;
-   }
-  if( pA->op!=pB->op ){
-+  if( pA->op!=pB->op || pA->op==TK_RAISE ){
-     if( pA->op==TK_COLLATE && sqlite3ExprCompare(pParse, pA->pLeft,pB,iTab)<2 ){
-       return 1;
-     }
-diff --git a/test/triggerC.test b/test/triggerC.test
-index 3e47521..49d4eca 100644
--- a/test/triggerC.test
-+++ b/test/triggerC.test
-@@ -1042,4 +1042,20 @@ do_execsql_test 15.2.1 {
- do_execsql_test 15.2.2 { SELECT * FROM x2;       } {1 2 3 4}
- do_execsql_test 15.2.3 { SELECT * FROM """x2"""; } {3 11 x y}
- 
-+#-------------------------------------------------------------------------
-+# At one point queries such as the following were causing segfaults.
-+#
-+do_catchsql_test 16.1 {
-+  SELECT raise(ABORT, 'msg') FROM sqlite_master 
-+  UNION SELECT 1 
-+  ORDER BY raise(IGNORE);
-+} {1 {1st ORDER BY term does not match any column in the result set}}
-+
-+do_catchsql_test 16.2 {
-+  SELECT count(*) FROM sqlite_master 
-+  GROUP BY raise(IGNORE) 
-+  HAVING raise(ABORT, 'msg');
-+} {1 {RAISE() may only be used within a trigger-program}}
-+
- finish_test
-+
-- 
-1.8.3.1
-
@@ -1,34 +0,0 @@
-From 16f6aeb0a017f8406ca9de7224f8c8fe6d5ee30e Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Thu, 27 Dec 2018 20:12:02 +0000
-Subject: [PATCH 0684/1009] Fix another problem with corrupt database handling
- in fts5.
-
-https://github.com/mackyle/sqlite/commit/16f6aeb0a017f8406ca9de7224f8c8fe6d5ee30e
-
---
- ext/fts5/fts5_index.c           |   3 +-
- 1 files changed, 2 insertions(+), 1 deletions(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index acf2db2..c5fe01b 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -1649,12 +1649,13 @@ static void fts5SegIterLoadTerm(Fts5Index *p, Fts5SegIter *pIter, int nKeep){
-   int nNew;                       /* Bytes of new data */
- 
-   iOff += fts5GetVarint32(&a[iOff], nNew);
-  if( iOff+nNew>pIter->pLeaf->nn ){
-+  if( iOff+nNew>pIter->pLeaf->nn || nKeep>pIter->term.n ){
-     p->rc = FTS5_CORRUPT;
-     return;
-   }
-   pIter->term.n = nKeep;
-   fts5BufferAppendBlob(&p->rc, &pIter->term, nNew, &a[iOff]);
-+  assert( pIter->term.n<=pIter->term.nSpace );
-   iOff += nNew;
-   pIter->iTermLeafOffset = iOff;
-   pIter->iTermLeafPgno = pIter->iLeafPgno;
-- 
-1.8.3.1
-
@@ -1,43 +0,0 @@
-From 1d41f8f6d718cd93b0bd55e72f0a919b1c6e1388 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Fri, 28 Dec 2018 13:57:30 +0000
-Subject: [PATCH 0686/1009] Fix a buffer overwrite in fts5 triggered by a
- corrupt database.
-
-https://github.com/mackyle/sqlite/commit/1d41f8f6d718cd93b0bd55e72f0a919b1c6e1388
-
---
- ext/fts5/fts5_index.c           |   5 +-
- 1 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index 6bd18c5..3361b19 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -3902,6 +3902,7 @@ static void fts5WriteAppendTerm(
-   int nPrefix;                    /* Bytes of prefix compression for term */
-   Fts5PageWriter *pPage = &pWriter->writer;
-   Fts5Buffer *pPgidx = &pWriter->writer.pgidx;
-+  int nMin = MIN(pPage->term.n, nTerm);
- 
-   assert( p->rc==SQLITE_OK );
-   assert( pPage->buf.n>=4 );
-@@ -3943,13 +3944,13 @@ static void fts5WriteAppendTerm(
-       ** inefficient, but still correct.  */
-       int n = nTerm;
-       if( pPage->term.n ){
-        n = 1 + fts5PrefixCompress(pPage->term.n, pPage->term.p, pTerm);
-+        n = 1 + fts5PrefixCompress(nMin, pPage->term.p, pTerm);
-       }
-       fts5WriteBtreeTerm(p, pWriter, n, pTerm);
-       pPage = &pWriter->writer;
-     }
-   }else{
-    nPrefix = fts5PrefixCompress(pPage->term.n, pPage->term.p, pTerm);
-+    nPrefix = fts5PrefixCompress(nMin, pPage->term.p, pTerm);
-     fts5BufferAppendVarint(&p->rc, &pPage->buf, nPrefix);
-   }
- 
-- 
-1.8.3.1
-
@@ -1,40 +0,0 @@
-From 3af43610d9406dfc859f7aca5a3c6441c852911b Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Tue, 1 Jan 2019 13:59:34 +0000
-Subject: [PATCH 0698/1009] Fix another case in fts5 where a corrupt database
- could cause a buffer overread.
-
-https://github.com/mackyle/sqlite/commit/3af43610d9406dfc859f7aca5a3c6441c852911b
-
---
- ext/fts5/fts5_index.c           |   6 +-
- 1 files changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index f786e8d..6ce9844 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -2311,6 +2311,7 @@ static void fts5LeafSeek(
-         iPgidx += fts5GetVarint32(&pIter->pLeaf->p[iPgidx], iOff);
-         if( iOff<4 || iOff>=pIter->pLeaf->szLeaf ){
-           p->rc = FTS5_CORRUPT;
-+          return;
-         }else{
-           nKeep = 0;
-           iTermOff = iOff;
-@@ -2323,8 +2324,11 @@ static void fts5LeafSeek(
-   }
- 
-  search_success:
-
-   pIter->iLeafOffset = iOff + nNew;
-+  if( pIter->iLeafOffset>n ){
-+    p->rc = FTS5_CORRUPT;
-+    return;
-+  }
-   pIter->iTermLeafOffset = pIter->iLeafOffset;
-   pIter->iTermLeafPgno = pIter->iLeafPgno;
- 
-- 
-1.8.3.1
-
@@ -1,28 +0,0 @@
-From 3ad151ae6c0d1c8158c2df9fd11fab0cd0075d6f Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Mon, 7 Jan 2019 16:52:00 +0000
-Subject: [PATCH 0721/1009] Fix another potential buffer overread in fts5.
-
-https://github.com/mackyle/sqlite/commit/3ad151ae6c0d1c8158c2df9fd11fab0cd0075d6f
-
---
- ext/fts5/fts5_hash.c            |   3 +-
- 1 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c
-index 1757061..7e404a8 100644
--- a/ext/fts5/fts5_hash.c
-+++ b/ext/fts5/fts5_hash.c
-@@ -483,7 +483,8 @@ int sqlite3Fts5HashQuery(
- 
-   for(p=pHash->aSlot[iHash]; p; p=p->pHashNext){
-     zKey = fts5EntryKey(p);
-    if( memcmp(zKey, pTerm, nTerm)==0 && zKey[nTerm]==0 ) break;
-+    assert( p->nKey+1==(int)strlen(zKey) );
-+    if( nTerm==p->nKey+1 && memcmp(zKey, pTerm, nTerm)==0 ) break;
-   }
- 
-   if( p ){
-- 
-1.8.3.1
-
@@ -1,35 +0,0 @@
-From dc9d6ce103251a827eacde12399418b8dd55ca47 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Tue, 8 Jan 2019 14:28:02 +0000
-Subject: [PATCH 0723/1009] Fix a possible memory leak when trying to UPDATE a
- corrupt RTREE index.
-
-https://github.com/mackyle/sqlite/commit/dc9d6ce103251a827eacde12399418b8dd55ca47
-
---
- ext/rtree/rtree.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c
-index ea44ffe..83d1b82 100644
--- a/ext/rtree/rtree.c
-+++ b/ext/rtree/rtree.c
-@@ -717,7 +717,6 @@ static int nodeAcquire(
-       pNode->pNext = 0;
-       rc = sqlite3_blob_read(pRtree->pNodeBlob, pNode->zData,
-                              pRtree->iNodeSize, 0);
-      nodeReference(pParent);
-     }
-   }
- 
-@@ -748,6 +747,7 @@ static int nodeAcquire(
- 
-   if( rc==SQLITE_OK ){
-     if( pNode!=0 ){
-+      nodeReference(pParent);
-       nodeHashInsert(pRtree, pNode);
-     }else{
-       rc = SQLITE_CORRUPT_VTAB;
-- 
-1.8.3.1
-
@@ -1,39 +0,0 @@
-From 525fdb146b15ef6c42886fccf1b892388c2011d6 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Wed, 9 Jan 2019 21:12:23 +0000
-Subject: [PATCH 0730/1009] Fix an out-of-bounds read in SQL function
- fts5_decode() that could occur if it was passed a corrupt record.
-
-https://github.com/mackyle/sqlite/commit/525fdb146b15ef6c42886fccf1b892388c2011d6
-
---
- ext/fts5/fts5_index.c           |   6 +-
- 1 files changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index 268af5e..90dc0a5 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -6409,7 +6409,7 @@ static void fts5DecodeFunction(
-     nDoclist = (iTermOff ? iTermOff : szLeaf) - iOff;
-     fts5DecodeDoclist(&rc, &s, &a[iOff], nDoclist);
- 
-    while( iPgidxOff<n ){
-+    while( iPgidxOff<n && rc==SQLITE_OK ){
-       int bFirst = (iPgidxOff==szLeaf);     /* True for first term on page */
-       int nByte;                            /* Bytes of data */
-       int iEnd;
-@@ -6427,6 +6427,10 @@ static void fts5DecodeFunction(
- 
-       if( bFirst==0 ){
-         iOff += fts5GetVarint32(&a[iOff], nByte);
-+        if( nByte>term.n ){
-+          rc = FTS5_CORRUPT;
-+          goto decode_out;
-+        }
-         term.n = nByte;
-       }
-       iOff += fts5GetVarint32(&a[iOff], nByte);
-- 
-1.8.3.1
-
@@ -1,28 +0,0 @@
-From 2fbabe31a19e10c68357884846454753ee2b4cc3 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Fri, 11 Jan 2019 21:34:25 +0000
-Subject: [PATCH 0748/1009] Fix a segfault in fts3 prompted by a corrupted
- database.
-
-https://github.com/mackyle/sqlite/commit/2fbabe31a19e10c68357884846454753ee2b4cc3
-
---
- ext/fts3/fts3.c        |  2 +-
- 1 files changed, 1 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
-index e168fae..5266749 100644
--- a/ext/fts3/fts3.c
-+++ b/ext/fts3/fts3.c
-@@ -2899,7 +2899,7 @@ static int fts3SegReaderCursor(
- 
-       /* If zTerm is not NULL, and this segment is not stored entirely on its
-       ** root node, the range of leaves scanned can be reduced. Do this. */
-      if( iStartBlock && zTerm ){
-+      if( iStartBlock && zTerm && zRoot ){
-         sqlite3_int64 *pi = (isPrefix ? &iLeavesEndBlock : 0);
-         rc = fts3SelectLeaf(p, zTerm, nTerm, zRoot, nRoot, &iStartBlock, pi);
-         if( rc!=SQLITE_OK ) goto finished;
-- 
-1.8.3.1
-
@@ -1,31 +0,0 @@
-From 95a3db8dcf8622a8db12059abe1befca418d9440 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Sat, 12 Jan 2019 21:30:26 +0000
-Subject: [PATCH 0756/1009] Prevent unsigned 32-bit integer overflow from
- leading to a buffer overread inside of an assert().  The problem fixed here
- is no reachable in production code.
-
-https://github.com/mackyle/sqlite/commit/95a3db8dcf8622a8db12059abe1befca418d9440
-
---
- src/vdbeaux.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/vdbeaux.c b/src/vdbeaux.c
-index 1125cfd..1af8a6f 100644
--- a/src/vdbeaux.c
-+++ b/src/vdbeaux.c
-@@ -3883,8 +3883,8 @@ static int vdbeRecordCompareDebug(
-     ** Use that approximation to avoid the more expensive call to
-     ** sqlite3VdbeSerialTypeLen() in the common case.
-     */
-    if( d1+serial_type1+2>(u32)nKey1
-     && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1 
-+    if( d1+(u64)serial_type1+2>(u64)nKey1
-+     && d1+(u64)sqlite3VdbeSerialTypeLen(serial_type1)>(u64)nKey1 
-     ){
-       break;
-     }
-- 
-1.8.3.1
-
@@ -1,39 +0,0 @@
-From 5b01e4f591862a943728f1abe1cf44ac0844dbf1 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Mon, 14 Jan 2019 15:35:15 +0000
-Subject: [PATCH 0765/1009] Fix a problem causing a crash if an fts5vocab table
- was created to query an fts3/4 FTS index.
-
-https://github.com/mackyle/sqlite/commit/5b01e4f591862a943728f1abe1cf44ac0844dbf1
-
---
- ext/fts5/fts5_main.c          | 12 ++++++------
- 1 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/ext/fts5/fts5_main.c b/ext/fts5/fts5_main.c
-index 6fc5a90..07934eb 100644
--- a/ext/fts5/fts5_main.c
-+++ b/ext/fts5/fts5_main.c
-@@ -2244,13 +2244,13 @@ Fts5Index *sqlite3Fts5IndexFromCsrid(
-   Fts5Config **ppConfig           /* OUT: Configuration object */
- ){
-   Fts5Cursor *pCsr;
-  Fts5Table *pTab;
-
-   pCsr = fts5CursorFromCsrid(pGlobal, iCsrId);
-  pTab = (Fts5Table*)pCsr->base.pVtab;
-  *ppConfig = pTab->pConfig;
-
-  return pTab->pIndex;
-+  if( pCsr ){
-+    Fts5Table *pTab = (Fts5Table*)pCsr->base.pVtab;
-+    *ppConfig = pTab->pConfig;
-+    return pTab->pIndex;
-+  }
-+  return 0;
- }
- 
- /*
-- 
-1.8.3.1
-
@@ -1,27 +0,0 @@
-From 5dfe84921758b84e698b4f3429e56f3f292f8de5 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Tue, 15 Jan 2019 14:44:23 +0000
-Subject: [PATCH 0770/1009] Fix a harmless memory leak in the Lemon parser
- generator utility program.
-
-https://github.com/mackyle/sqlite/commit/5dfe84921758b84e698b4f3429e56f3f292f8de5
-
---
- tool/lemon.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/tool/lemon.c b/tool/lemon.c
-index 7f0e557..7ef99fd 100644
--- a/tool/lemon.c
-+++ b/tool/lemon.c
-@@ -4674,6 +4674,7 @@ void ReportTable(
-   /* Append any addition code the user desires */
-   tplt_print(out,lemp,lemp->extracode,&lineno);
- 
-+  acttab_free(pActtab);
-   fclose(in);
-   fclose(out);
-   return;
-- 
-1.8.3.1
-
@@ -1,48 +0,0 @@
-From 88ea6ea1ee2b7c93120857c65c882144c9f4ce71 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Tue, 15 Jan 2019 18:14:27 +0000
-Subject: [PATCH 0773/1009] Handle SQL NULL values without crashing in the fts5
- snippet() and highlight() functions.
-
-https://github.com/mackyle/sqlite/commit/88ea6ea1ee2b7c93120857c65c882144c9f4ce71
-
---
- ext/fts5/fts5_aux.c       | 2 +-
- ext/fts5/test/fts5ak.test | 8 ++++++++
- 2 files changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts5/fts5_aux.c b/ext/fts5/fts5_aux.c
-index f884ddb..7d4f3e6 100644
--- a/ext/fts5/fts5_aux.c
-+++ b/ext/fts5/fts5_aux.c
-@@ -136,7 +136,7 @@ static void fts5HighlightAppend(
-   HighlightContext *p, 
-   const char *z, int n
- ){
-  if( *pRc==SQLITE_OK ){
-+  if( *pRc==SQLITE_OK && z ){
-     if( n<0 ) n = (int)strlen(z);
-     p->zOut = sqlite3_mprintf("%z%.*s", p->zOut, n, z);
-     if( p->zOut==0 ) *pRc = SQLITE_NOMEM;
-diff --git a/ext/fts5/test/fts5ak.test b/ext/fts5/test/fts5ak.test
-index cab0ae2..0a3cd6a78 100644
--- a/ext/fts5/test/fts5ak.test
-+++ b/ext/fts5/test/fts5ak.test
-@@ -144,6 +144,14 @@ do_execsql_test 3.1 {
-   {[a b c d e]}
- }
- 
-+do_execsql_test 3.2 {
-+  SELECT highlight(ft, 0, NULL, NULL) FROM ft WHERE ft MATCH 'a+b+c AND c+d+e';
-+} {
-+  {a b c x c d e}
-+  {a b c c d e}
-+  {a b c d e}
-+}
-+
- }
- 
- finish_test
-- 
-1.8.3.1
-
@@ -1,27 +0,0 @@
-From 5dc52d357ad41bcbd945f360df2d49a7701f8776 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Wed, 16 Jan 2019 11:38:06 +0000
-Subject: [PATCH 0775/1009] Fix a memory leak that could occur in fts3 when
- handling a corrupt database.
-
-https://github.com/mackyle/sqlite/commit/5dc52d357ad41bcbd945f360df2d49a7701f8776
-
---
- ext/fts3/fts3_write.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
-index 0baf82b..096eafc 100644
--- a/ext/fts3/fts3_write.c
-+++ b/ext/fts3/fts3_write.c
-@@ -1606,6 +1606,7 @@ int sqlite3Fts3SegReaderNew(
- 
-   assert( iStartLeaf<=iEndLeaf );
-   if( iStartLeaf==0 ){
-+    if( iEndLeaf!=0 ) return FTS_CORRUPT_VTAB;
-     nExtra = nRoot + FTS3_NODE_PADDING;
-   }
- 
-- 
-1.8.3.1
-
@@ -1,47 +0,0 @@
-From 1634068a27a93898908802f514ae41c1a3aa3bf9 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Thu, 17 Jan 2019 19:11:10 +0000
-Subject: [PATCH 0787/1009] Fix a buffer overwrite that could occur when
- running an fts5 prefix query against a corrupt database.
-
-https://github.com/mackyle/sqlite/commit/1634068a27a93898908802f514ae41c1a3aa3bf9
-
---
- ext/fts5/fts5_index.c           |  11 +-
- 1 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index 426cf61..259ae35 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -4959,6 +4959,8 @@ static void fts5MergePrefixLists(
-         int iOff2 = 0;
-         u8 *a1 = &i1.aPoslist[i1.nSize];
-         u8 *a2 = &i2.aPoslist[i2.nSize];
-+        int nCopy;
-+        u8 *aCopy;
- 
-         i64 iPrev = 0;
-         Fts5PoslistWriter writer;
-@@ -5002,11 +5004,16 @@ static void fts5MergePrefixLists(
-           if( iPos1!=iPrev ){
-             sqlite3Fts5PoslistSafeAppend(&tmp, &iPrev, iPos1);
-           }
-          fts5BufferSafeAppendBlob(&tmp, &a1[iOff1], i1.nPoslist-iOff1);
-+          aCopy = &a1[iOff1];
-+          nCopy = i1.nPoslist - iOff1;
-         }else{
-           assert( iPos2>=0 && iPos2!=iPrev );
-           sqlite3Fts5PoslistSafeAppend(&tmp, &iPrev, iPos2);
-          fts5BufferSafeAppendBlob(&tmp, &a2[iOff2], i2.nPoslist-iOff2);
-+          aCopy = &a2[iOff2];
-+          nCopy = i2.nPoslist - iOff2;
-+        }
-+        if( nCopy>0 ){
-+          fts5BufferSafeAppendBlob(&tmp, aCopy, nCopy);
-         }
- 
-         /* WRITEPOSLISTSIZE */
-- 
-1.8.3.1
-
@@ -1,27 +0,0 @@
-From 80b709ea4c758f5f8fcb125082a17ceb5b9f5c76 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Thu, 17 Jan 2019 20:06:56 +0000
-Subject: [PATCH 0789/1009] Fix another corruption related crash in fts5.
-
-https://github.com/mackyle/sqlite/commit/80b709ea4c758f5f8fcb125082a17ceb5b9f5c76
-
---
- ext/fts5/fts5_index.c           |   2 +-
- 1 files changed, 1 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index 259ae35..66ab9be 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -1652,7 +1652,7 @@ static void fts5SegIterLoadTerm(Fts5Index *p, Fts5SegIter *pIter, int nKeep){
-   int nNew;                       /* Bytes of new data */
- 
-   iOff += fts5GetVarint32(&a[iOff], nNew);
-  if( iOff+nNew>pIter->pLeaf->nn || nKeep>pIter->term.n ){
-+  if( iOff+nNew>pIter->pLeaf->szLeaf || nKeep>pIter->term.n ){
-     p->rc = FTS5_CORRUPT;
-     return;
-   }
-- 
-1.8.3.1
-
@@ -1,36 +0,0 @@
-From a47d7130bcbf6dbf2c3d0cb33555a68e288cc407 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Fri, 18 Jan 2019 18:52:17 +0000
-Subject: [PATCH 0794/1009] Avoid integer overflow when computing the array of
- a bounding box with the rtree_i32 virtual table.
-
-https://github.com/mackyle/sqlite/commit/a47d7130bcbf6dbf2c3d0cb33555a68e288cc407
-
---
- ext/rtree/rtree.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c
-index c998d95..73d0661 100644
--- a/ext/rtree/rtree.c
-+++ b/ext/rtree/rtree.c
-@@ -1999,11 +1999,11 @@ static RtreeDValue cellArea(Rtree *pRtree, RtreeCell *p){
- #endif
-   {
-     switch( pRtree->nDim ){
-      case 5:  area  = p->aCoord[9].i - p->aCoord[8].i;
-      case 4:  area *= p->aCoord[7].i - p->aCoord[6].i;
-      case 3:  area *= p->aCoord[5].i - p->aCoord[4].i;
-      case 2:  area *= p->aCoord[3].i - p->aCoord[2].i;
-      default: area *= p->aCoord[1].i - p->aCoord[0].i;
-+      case 5:  area  = (i64)p->aCoord[9].i - (i64)p->aCoord[8].i;
-+      case 4:  area *= (i64)p->aCoord[7].i - (i64)p->aCoord[6].i;
-+      case 3:  area *= (i64)p->aCoord[5].i - (i64)p->aCoord[4].i;
-+      case 2:  area *= (i64)p->aCoord[3].i - (i64)p->aCoord[2].i;
-+      default: area *= (i64)p->aCoord[1].i - (i64)p->aCoord[0].i;
-     }
-   }
-   return area;
-- 
-1.8.3.1
-
@@ -1,31 +0,0 @@
-From 7c66bd37c346c0bbf92502edec140b488e4af6e2 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Tue, 22 Jan 2019 12:21:28 +0000
-Subject: [PATCH 0813/1009] Fix another segfault caused by a corrupt fts3
- database.
-
-https://github.com/mackyle/sqlite/commit/7c66bd37c346c0bbf92502edec140b488e4af6e2
-
---
- ext/fts3/fts3_write.c  |   5 ++
- 1 files changed, 5 insertions(+), 0 deletion(-)
-
-diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
-index df3c07e..3e195c3 100644
--- a/ext/fts3/fts3_write.c
-+++ b/ext/fts3/fts3_write.c
-@@ -2255,6 +2255,11 @@ static int fts3SegWriterAdd(
-   nPrefix = fts3PrefixCompress(pWriter->zTerm, pWriter->nTerm, zTerm, nTerm);
-   nSuffix = nTerm-nPrefix;
- 
-+  /* If nSuffix is zero or less, then zTerm/nTerm must be a prefix of 
-+  ** pWriter->zTerm/pWriter->nTerm. i.e. must be equal to or less than when
-+  ** compared with BINARY collation. This indicates corruption.  */
-+  if( nSuffix<=0 ) return FTS_CORRUPT_VTAB;
-+
-   /* Figure out how many bytes are required by this new entry */
-   nReq = sqlite3Fts3VarintLen(nPrefix) +    /* varint containing prefix size */
-     sqlite3Fts3VarintLen(nSuffix) +         /* varint containing suffix size */
-- 
-1.8.3.1
-
@@ -1,87 +0,0 @@
-From ec2409b34e42389034ecf6ae616a85de97c0fd8c Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Tue, 22 Jan 2019 21:17:40 +0000
-Subject: [PATCH 0820/1009] Fix a buffer overrun that could occur in fts5 if a
- prefix query is made on a corrupt database.
-
-https://github.com/mackyle/sqlite/commit/ec2409b34e42389034ecf6ae616a85de97c0fd8c
-
---
- ext/fts5/fts5.h                 |   8 +-
- ext/fts5/fts5Int.h              |   2 +-
- ext/fts5/fts5_index.c           |   2 +-
- ext/fts5/fts5_main.c            |   5 +
- ext/fts5/test/fts5corrupt3.test | 217 ++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 226 insertions(+), 8 deletions(-)
-
-diff --git a/ext/fts5/fts5.h b/ext/fts5/fts5.h
-index 8273785..f0b7d55 100644
--- a/ext/fts5/fts5.h
-+++ b/ext/fts5/fts5.h
-@@ -120,12 +120,8 @@ struct Fts5PhraseIter {
- **
- **   Usually, output parameter *piPhrase is set to the phrase number, *piCol
- **   to the column in which it occurs and *piOff the token offset of the
-**   first token of the phrase. The exception is if the table was created
-**   with the offsets=0 option specified. In this case *piOff is always
-**   set to -1.
-**
-**   Returns SQLITE_OK if successful, or an error code (i.e. SQLITE_NOMEM) 
-**   if an error occurs.
-+**   first token of the phrase. Returns SQLITE_OK if successful, or an error
-+**   code (i.e. SQLITE_NOMEM) if an error occurs.
- **
- **   This API can be quite slow if used with an FTS5 table created with the
- **   "detail=none" or "detail=column" option. 
-diff --git a/ext/fts5/fts5Int.h b/ext/fts5/fts5Int.h
-index 4855abe..629bcf0 100644
--- a/ext/fts5/fts5Int.h
-+++ b/ext/fts5/fts5Int.h
-@@ -274,7 +274,7 @@ void sqlite3Fts5Put32(u8*, int);
- int sqlite3Fts5Get32(const u8*);
- 
- #define FTS5_POS2COLUMN(iPos) (int)(iPos >> 32)
-#define FTS5_POS2OFFSET(iPos) (int)(iPos & 0xFFFFFFFF)
-+#define FTS5_POS2OFFSET(iPos) (int)(iPos & 0x7FFFFFFF)
- 
- typedef struct Fts5PoslistReader Fts5PoslistReader;
- struct Fts5PoslistReader {
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index 66ab9be..165d094 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -5122,7 +5122,7 @@ static void fts5SetupPrefixIter(
-     }
-     fts5MultiIterFree(p1);
- 
-    pData = fts5IdxMalloc(p, sizeof(Fts5Data) + doclist.n);
-+    pData = fts5IdxMalloc(p, sizeof(Fts5Data)+doclist.n+FTS5_DATA_ZERO_PADDING);
-     if( pData ){
-       pData->p = (u8*)&pData[1];
-       pData->nn = pData->szLeaf = doclist.n;
-diff --git a/ext/fts5/fts5_main.c b/ext/fts5/fts5_main.c
-index bb34234..c98df4f 100644
--- a/ext/fts5/fts5_main.c
-+++ b/ext/fts5/fts5_main.c
-@@ -1777,6 +1777,7 @@ static int fts5CacheInstArray(Fts5Cursor *pCsr){
-   int rc = SQLITE_OK;
-   Fts5PoslistReader *aIter;       /* One iterator for each phrase */
-   int nIter;                      /* Number of iterators/phrases */
-+  int nCol = ((Fts5Table*)pCsr->base.pVtab)->pConfig->nCol;
-   
-   nIter = sqlite3Fts5ExprPhraseCount(pCsr->pExpr);
-   if( pCsr->aInstIter==0 ){
-@@ -1830,6 +1831,10 @@ static int fts5CacheInstArray(Fts5Cursor *pCsr){
-         aInst[0] = iBest;
-         aInst[1] = FTS5_POS2COLUMN(aIter[iBest].iPos);
-         aInst[2] = FTS5_POS2OFFSET(aIter[iBest].iPos);
-+        if( aInst[1]<0 || aInst[1]>=nCol ){
-+          rc = FTS5_CORRUPT;
-+          break;
-+        }
-         sqlite3Fts5PoslistReaderNext(&aIter[iBest]);
-       }
-     }
-- 
-1.8.3.1
-
@@ -1,94 +0,0 @@
-From 64a2e3704ddeecff5abcf7729345e1e0bd2f6dbd Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Wed, 23 Jan 2019 19:17:05 +0000
-Subject: [PATCH 0823/1009] Fix another fts5 crash that can occur if the
- database is corrupted.
-
-https://github.com/mackyle/sqlite/commit/64a2e3704ddeecff5abcf7729345e1e0bd2f6dbd
-
---
- ext/fts5/fts5_index.c           |  58 ++++++-----
- 1 files changed, 23 insertions(+), 25 deletions(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index 57fce0a..eced245 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -4127,7 +4127,7 @@ static void fts5TrimSegments(Fts5Index *p, Fts5Iter *pIter){
-   int i;
-   Fts5Buffer buf;
-   memset(&buf, 0, sizeof(Fts5Buffer));
-  for(i=0; i<pIter->nSeg; i++){
-+  for(i=0; i<pIter->nSeg && p->rc==SQLITE_OK; i++){
-     Fts5SegIter *pSeg = &pIter->aSeg[i];
-     if( pSeg->pSeg==0 ){
-       /* no-op */
-@@ -4147,33 +4147,41 @@ static void fts5TrimSegments(Fts5Index *p, Fts5Iter *pIter){
-       iLeafRowid = FTS5_SEGMENT_ROWID(iId, pSeg->iTermLeafPgno);
-       pData = fts5DataRead(p, iLeafRowid);
-       if( pData ){
-        fts5BufferZero(&buf);
-        fts5BufferGrow(&p->rc, &buf, pData->nn);
-        fts5BufferAppendBlob(&p->rc, &buf, sizeof(aHdr), aHdr);
-        fts5BufferAppendVarint(&p->rc, &buf, pSeg->term.n);
-        fts5BufferAppendBlob(&p->rc, &buf, pSeg->term.n, pSeg->term.p);
-        fts5BufferAppendBlob(&p->rc, &buf, pData->szLeaf-iOff, &pData->p[iOff]);
-        if( p->rc==SQLITE_OK ){
-          /* Set the szLeaf field */
-          fts5PutU16(&buf.p[2], (u16)buf.n);
-        }
-+        if( iOff>pData->szLeaf ){
-+          /* This can occur if the pages that the segments occupy overlap - if
-+          ** a single page has been assigned to more than one segment. In
-+          ** this case a prior iteration of this loop may have corrupted the
-+          ** segment currently being trimmed.  */
-+          p->rc = FTS5_CORRUPT;
-+        }else{
-+          fts5BufferZero(&buf);
-+          fts5BufferGrow(&p->rc, &buf, pData->nn);
-+          fts5BufferAppendBlob(&p->rc, &buf, sizeof(aHdr), aHdr);
-+          fts5BufferAppendVarint(&p->rc, &buf, pSeg->term.n);
-+          fts5BufferAppendBlob(&p->rc, &buf, pSeg->term.n, pSeg->term.p);
-+          fts5BufferAppendBlob(&p->rc, &buf, pData->szLeaf-iOff,&pData->p[iOff]);
-+          if( p->rc==SQLITE_OK ){
-+            /* Set the szLeaf field */
-+            fts5PutU16(&buf.p[2], (u16)buf.n);
-+          }
- 
-        /* Set up the new page-index array */
-        fts5BufferAppendVarint(&p->rc, &buf, 4);
-        if( pSeg->iLeafPgno==pSeg->iTermLeafPgno 
-         && pSeg->iEndofDoclist<pData->szLeaf 
-        ){
-          int nDiff = pData->szLeaf - pSeg->iEndofDoclist;
-          fts5BufferAppendVarint(&p->rc, &buf, buf.n - 1 - nDiff - 4);
-          fts5BufferAppendBlob(&p->rc, &buf, 
-              pData->nn - pSeg->iPgidxOff, &pData->p[pSeg->iPgidxOff]
-          );
-        }
-+          /* Set up the new page-index array */
-+          fts5BufferAppendVarint(&p->rc, &buf, 4);
-+          if( pSeg->iLeafPgno==pSeg->iTermLeafPgno 
-+              && pSeg->iEndofDoclist<pData->szLeaf 
-+            ){
-+            int nDiff = pData->szLeaf - pSeg->iEndofDoclist;
-+            fts5BufferAppendVarint(&p->rc, &buf, buf.n - 1 - nDiff - 4);
-+            fts5BufferAppendBlob(&p->rc, &buf, 
-+                pData->nn - pSeg->iPgidxOff, &pData->p[pSeg->iPgidxOff]
-+                );
-+          }
- 
-+          pSeg->pSeg->pgnoFirst = pSeg->iTermLeafPgno;
-+          fts5DataDelete(p, FTS5_SEGMENT_ROWID(iId, 1), iLeafRowid);
-+          fts5DataWrite(p, iLeafRowid, buf.p, buf.n);
-+        }
-         fts5DataRelease(pData);
-        pSeg->pSeg->pgnoFirst = pSeg->iTermLeafPgno;
-        fts5DataDelete(p, FTS5_SEGMENT_ROWID(iId, 1), iLeafRowid);
-        fts5DataWrite(p, iLeafRowid, buf.p, buf.n);
-       }
-     }
-   }
-- 
-1.8.3.1
-
@@ -1,28 +0,0 @@
-From ebf0e4dbbdbc5e35f0febe9e6d3bbceffde814c6 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Wed, 23 Jan 2019 20:31:56 +0000
-Subject: [PATCH 0826/1009] Fix an assert() in vdbemem.c that could fire if the
- database was corrupt.
-
-https://github.com/mackyle/sqlite/commit/ebf0e4dbbdbc5e35f0febe9e6d3bbceffde814c6
-
---
- src/vdbemem.c      |  2 +-
- 1 files changed, 1 insertions(+), 1 deletion(-)
-
-diff --git a/src/vdbemem.c b/src/vdbemem.c
-index db8fedd..8493df7 100644
--- a/src/vdbemem.c
-+++ b/src/vdbemem.c
-@@ -243,7 +243,7 @@ SQLITE_NOINLINE int sqlite3VdbeMemGrow(Mem *pMem, int n, int bPreserve){
- ** if unable to complete the resizing.
- */
- int sqlite3VdbeMemClearAndResize(Mem *pMem, int szNew){
-  assert( szNew>0 );
-+  assert( CORRUPT_DB || szNew>0 );
-   assert( (pMem->flags & MEM_Dyn)==0 || pMem->szMalloc==0 );
-   if( pMem->szMalloc<szNew ){
-     return sqlite3VdbeMemGrow(pMem, szNew, 0);
-- 
-1.8.3.1
-
@@ -1,35 +0,0 @@
-From b9338e8475463b29b7f05fb28c78c3f35a7ce814 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Thu, 24 Jan 2019 15:16:17 +0000
-Subject: [PATCH 0830/1009] Fix a potential problem with "INSERT INTO ...
- SELECT * FROM" (or VACUUM) statements on a corrupted database.
-
-https://github.com/mackyle/sqlite/commit/b9338e8475463b29b7f05fb28c78c3f35a7ce814
-
---
- src/btree.c         |   7 +--
- 1 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/btree.c b/src/btree.c
-index b68bca1..401f02e 100644
--- a/src/btree.c
-+++ b/src/btree.c
-@@ -804,11 +804,12 @@ static int btreeMoveto(
-   UnpackedRecord *pIdxKey;   /* Unpacked index key */
- 
-   if( pKey ){
-+    KeyInfo *pKeyInfo = pCur->pKeyInfo;
-     assert( nKey==(i64)(int)nKey );
-    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
-+    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pKeyInfo);
-     if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
-    sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
-    if( pIdxKey->nField==0 ){
-+    sqlite3VdbeRecordUnpack(pKeyInfo, (int)nKey, pKey, pIdxKey);
-+    if( pIdxKey->nField==0 || pIdxKey->nField>pKeyInfo->nAllField ){
-       rc = SQLITE_CORRUPT_BKPT;
-       goto moveto_done;
-     }
-- 
-1.8.3.1
-
@@ -1,79 +0,0 @@
-From 2084a9dcdb6fa7cd335dca7fef7328ebee65a5d1 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Fri, 25 Jan 2019 17:26:59 +0000
-Subject: [PATCH 0842/1009] Fix a segfault that could follow an OOM when
- querying a table that has one or more columns with default values "true" or
- "false".
-
-https://github.com/mackyle/sqlite/commit/2084a9dcdb6fa7cd335dca7fef7328ebee65a5d1
-
---
- src/vdbemem.c         |  8 +++++---
- test/insertfault.test | 36 ++++++++++++++++++++++++++++++++++++
- 2 files changed, 41 insertions(+), 3 deletions(-)
- create mode 100644 test/insertfault.test
-
-diff --git a/src/vdbemem.c b/src/vdbemem.c
-index 8493df7..8d9e44b 100644
--- a/src/vdbemem.c
-+++ b/src/vdbemem.c
-@@ -1530,9 +1530,11 @@ static int valueFromExpr(
-   }
- #endif
-   else if( op==TK_TRUEFALSE ){
-     pVal = valueNew(db, pCtx);
-     pVal->flags = MEM_Int;
-     pVal->u.i = pExpr->u.zToken[4]==0;
-+    pVal = valueNew(db, pCtx);
-+    if( pVal ){
-+      pVal->flags = MEM_Int;
-+      pVal->u.i = pExpr->u.zToken[4]==0;
-+    }
-   }
- 
-   *ppVal = pVal;
-diff --git a/test/insertfault.test b/test/insertfault.test
-new file mode 100644
-index 0000000..53849a1
--- /dev/null
-+++ b/test/insertfault.test
-@@ -0,0 +1,36 @@
-+# 2019-01-26
-+#
-+# The author disclaims copyright to this source code.  In place of
-+# a legal notice, here is a blessing:
-+#
-+#    May you do good and not evil.
-+#    May you find forgiveness for yourself and forgive others.
-+#    May you share freely, never taking more than you give.
-+#
-+#***********************************************************************
-+#
-+# Test cases for INSERT
-+
-+set testdir [file dirname $argv0]
-+source $testdir/tester.tcl
-+set testprefix insertfault
-+
-+do_execsql_test 1.0 {
-+  CREATE TABLE t1(a INTEGER PRIMARY KEY, b, c, d DEFAULT true);
-+  INSERT INTO t1 DEFAULT VALUES;
-+  SELECT * FROM t1;
-+} {1 {} {} 1}
-+faultsim_save_and_close
-+
-+breakpoint
-+do_faultsim_test 1 -faults oom* -prep {
-+  faultsim_restore_and_reopen
-+  db eval { SELECT * FROM sqlite_master } 
-+} -body {
-+  execsql { SELECT * FROM t1 }
-+} -test {
-+  faultsim_test_result {0 {1 {} {} 1}}
-+}
-+
-+
-+finish_test
-- 
-1.8.3.1
-
@@ -1,27 +0,0 @@
-From 896da092c4debe2e865ccfbc94939aae2feda5fc Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Mon, 28 Jan 2019 16:50:42 +0000
-Subject: [PATCH 0858/1009] Fix a buffer overread in fts3 that could occur when
- accessing a corrupt database.
-
-https://github.com/mackyle/sqlite/commit/896da092c4debe2e865ccfbc94939aae2feda5fc
-
---
- ext/fts3/fts3.c        |   1 +
- 1 files changed, 1 insertions(+)
-
-diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
-index 36e41d2..bd0003d 100644
--- a/ext/fts3/fts3.c
-+++ b/ext/fts3/fts3.c
-@@ -2810,6 +2810,7 @@ static int fts3TermSelectMerge(
-     pTS->anOutput[0] = nDoclist;
-     if( pTS->aaOutput[0] ){
-       memcpy(pTS->aaOutput[0], aDoclist, nDoclist);
-+      memset(&pTS->aaOutput[0][nDoclist], 0, FTS3_VARINT_MAX);
-     }else{
-       return SQLITE_NOMEM;
-     }
-- 
-1.8.3.1
-
@@ -1,28 +0,0 @@
-From 850b66a5848d73428951382ca909c3663b905a9e Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Tue, 29 Jan 2019 11:42:43 +0000
-Subject: [PATCH 0862/1009] Fix a buffer overrun triggered by a merge operation
- on a corrupt fts5 database.
-
-https://github.com/mackyle/sqlite/commit/850b66a5848d73428951382ca909c3663b905a9e
-
---
- ext/fts5/fts5_index.c           |   2 +-
- 1 files changed, 1 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index cec4415..e1bb8d4 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -4145,7 +4145,7 @@ static void fts5TrimSegments(Fts5Index *p, Fts5Iter *pIter){
-       u8 aHdr[4] = {0x00, 0x00, 0x00, 0x00};
- 
-       iLeafRowid = FTS5_SEGMENT_ROWID(iId, pSeg->iTermLeafPgno);
-      pData = fts5DataRead(p, iLeafRowid);
-+      pData = fts5LeafRead(p, iLeafRowid);
-       if( pData ){
-         if( iOff>pData->szLeaf ){
-           /* This can occur if the pages that the segments occupy overlap - if
-- 
-1.8.3.1
-
@@ -1,29 +0,0 @@
-From 06895c18a8afdfd7b46c09bb5623f1d68e82a955 Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Wed, 30 Jan 2019 12:15:27 +0000
-Subject: [PATCH 0868/1009] Fix another buffer overread in fts5 that may occur
- when accessing a corrupt database.
-
-https://github.com/mackyle/sqlite/commit/06895c18a8afdfd7b46c09bb5623f1d68e82a955
-
---
- ext/fts5/fts5_index.c           |   3 +-
- 1 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index e1bb8d4..32732b9 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -3104,7 +3104,8 @@ static void fts5SegiterPoslist(
-   Fts5Colset *pColset,
-   Fts5Buffer *pBuf
- ){
-  if( 0==fts5BufferGrow(&p->rc, pBuf, pSeg->nPos) ){
-+  if( 0==fts5BufferGrow(&p->rc, pBuf, pSeg->nPos+FTS5_DATA_ZERO_PADDING) ){
-+    memset(&pBuf->p[pBuf->n+pSeg->nPos], 0, FTS5_DATA_ZERO_PADDING);
-     if( pColset==0 ){
-       fts5ChunkIterate(p, pSeg, (void*)pBuf, fts5PoslistCallback);
-     }else{
-- 
-1.8.3.1
-
@@ -1,41 +0,0 @@
-From 536bdac3ff692d5ebf13d6b7ff129721444f281b Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Thu, 31 Jan 2019 14:37:18 +0000
-Subject: [PATCH 0878/1009] Fix another buffer overrun that could occur when
- quering a corrupt database using an fts5vocab table.
-
-https://github.com/mackyle/sqlite/commit/536bdac3ff692d5ebf13d6b7ff129721444f281b
-
---
- ext/fts5/fts5_index.c           |   2 +-
- ext/fts5/fts5_vocab.c           |   1 +
- 1 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index 32732b9..bb87714 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -1652,7 +1652,7 @@ static void fts5SegIterLoadTerm(Fts5Index *p, Fts5SegIter *pIter, int nKeep){
-   int nNew;                       /* Bytes of new data */
- 
-   iOff += fts5GetVarint32(&a[iOff], nNew);
-  if( iOff+nNew>pIter->pLeaf->szLeaf || nKeep>pIter->term.n ){
-+  if( iOff+nNew>pIter->pLeaf->szLeaf || nKeep>pIter->term.n || nNew==0 ){
-     p->rc = FTS5_CORRUPT;
-     return;
-   }
-diff --git a/ext/fts5/fts5_vocab.c b/ext/fts5/fts5_vocab.c
-index bfb6821..2550c9d 100644
--- a/ext/fts5/fts5_vocab.c
-+++ b/ext/fts5/fts5_vocab.c
-@@ -484,6 +484,7 @@ static int fts5VocabNextMethod(sqlite3_vtab_cursor *pCursor){
-       int nTerm;
- 
-       zTerm = sqlite3Fts5IterTerm(pCsr->pIter, &nTerm);
-+      assert( nTerm>=0 );
-       if( pCsr->nLeTerm>=0 ){
-         int nCmp = MIN(nTerm, pCsr->nLeTerm);
-         int bCmp = memcmp(pCsr->zLeTerm, zTerm, nCmp);
-- 
-1.8.3.1
-
@@ -1,37 +0,0 @@
-From 032f34b06b09b35542a7dd6242e2032cbed59b6e Mon Sep 17 00:00:00 2001
-From: Dan Kennedy <danielk1977@gmail.com>
-Date: Mon, 11 Feb 2019 16:12:09 +0000
-Subject: [PATCH 0939/1009] Fix another segfault that could occur in fts5 with
- a corrupted database.
-
-https://github.com/mackyle/sqlite/commit/032f34b06b09b35542a7dd6242e2032cbed59b6e
-
---
- ext/fts5/fts5_index.c           |   7 +-
- 1 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index 5ce75bd..741e579 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -4169,13 +4169,14 @@ static void fts5TrimSegments(Fts5Index *p, Fts5Iter *pIter){
-           /* Set up the new page-index array */
-           fts5BufferAppendVarint(&p->rc, &buf, 4);
-           if( pSeg->iLeafPgno==pSeg->iTermLeafPgno 
-              && pSeg->iEndofDoclist<pData->szLeaf 
-            ){
-+           && pSeg->iEndofDoclist<pData->szLeaf
-+           && pSeg->iPgidxOff<=pData->nn
-+          ){
-             int nDiff = pData->szLeaf - pSeg->iEndofDoclist;
-             fts5BufferAppendVarint(&p->rc, &buf, buf.n - 1 - nDiff - 4);
-             fts5BufferAppendBlob(&p->rc, &buf, 
-                 pData->nn - pSeg->iPgidxOff, &pData->p[pSeg->iPgidxOff]
-                );
-+            );
-           }
- 
-           pSeg->pSeg->pgnoFirst = pSeg->iTermLeafPgno;
-- 
-1.8.3.1
-
@@ -1,28 +0,0 @@
-From d651ad3b3d42dfe3fc26023ae2c61d04802cd721 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Tue, 19 Feb 2019 17:45:31 +0000
-Subject: [PATCH 0956/1009] Fix a potential memory leak in RBU if the
- rbu_fossil_delta() SQL function is misused.  Misuse never happens in a
- working RBU system, so this is not a particularly important fix.
-
-https://github.com/mackyle/sqlite/commit/d651ad3b3d42dfe3fc26023ae2c61d04802cd721
-
---
- ext/rbu/sqlite3rbu.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ext/rbu/sqlite3rbu.c b/ext/rbu/sqlite3rbu.c
-index e86606b..1a78adc 100644
--- a/ext/rbu/sqlite3rbu.c
-+++ b/ext/rbu/sqlite3rbu.c
-@@ -684,6 +684,7 @@ static void rbuFossilDeltaFunc(
-   }else{
-     nOut2 = rbuDeltaApply(aOrig, nOrig, aDelta, nDelta, aOut);
-     if( nOut2!=nOut ){
-+      sqlite3_free(aOut);
-       sqlite3_result_error(context, "corrupt fossil delta", -1);
-     }else{
-       sqlite3_result_blob(context, aOut, nOut, sqlite3_free);
-- 
-1.8.3.1
-
@@ -1,29 +0,0 @@
-From 7003b1922263ee4b6131fd458537808ccae22f41 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" <drh@hwaci.com>
-Date: Tue, 5 Mar 2019 23:49:17 +0000
-Subject: [PATCH 1002/1009] Fix a potential 32-bit integer overflow in the
- "showdb" utility program when it is trying to interpret a corrupt database
- file.
-
-https://github.com/mackyle/sqlite/commit/7003b1922263ee4b6131fd458537808ccae22f41
-
---
- tool/showdb.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tool/showdb.c b/tool/showdb.c
-index ba7a362..cb6ddab 100644
--- a/tool/showdb.c
-+++ b/tool/showdb.c
-@@ -828,7 +828,7 @@ static void page_usage_cell(
-     while( ovfl && (cnt++)<g.mxPage ){
-       page_usage_msg(ovfl, "overflow %d from cell %d of page %d",
-                      cnt, cellno, pgno);
-      a = fileRead((ovfl-1)*g.pagesize, 4);
-+      a = fileRead((ovfl-1)*(sqlite3_int64)g.pagesize, 4);
-       ovfl = decodeInt32(a);
-       sqlite3_free(a);
-     }
-- 
-1.8.3.1
-
@@ -1,86 +0,0 @@
-From 808d7ed1f82a24f7367006e43174c0c322e24590 Mon Sep 17 00:00:00 2001
-From: SQLite Maintainers
-Date: Thu, 15 Aug 2019 15:08:23 +0800
-Subject: [PATCH] fix out of bounds read
-
-Enhance the rtreenode() function of rtree (used for testing)
-so that it uses the newer sqlite3_str object for better performance and
-improved error reporting.
-
---
- ext/rtree/rtree.c | 35 ++++++++++++++++-------------------
- 1 file changed, 16 insertions(+), 19 deletions(-)
-
-diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c
-index 56bf836..53c7adf 100644
--- a/ext/rtree/rtree.c
-+++ b/ext/rtree/rtree.c
-@@ -3689,49 +3689,46 @@ rtreeInit_fail:
- ** <num-dimension>*2 coordinates.
- */
- static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
-  char *zText = 0;
-   RtreeNode node;
-   Rtree tree;
-   int ii;
-+  int nData;
-+  int errCode;
-+  sqlite3_str *pOut;
- 
-   UNUSED_PARAMETER(nArg);
-   memset(&node, 0, sizeof(RtreeNode));
-   memset(&tree, 0, sizeof(Rtree));
-   tree.nDim = (u8)sqlite3_value_int(apArg[0]);
-+  if( tree.nDim<1 || tree.nDim>5 ) return;
-   tree.nDim2 = tree.nDim*2;
-   tree.nBytesPerCell = 8 + 8 * tree.nDim;
-   node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
-+  nData = sqlite3_value_bytes(apArg[1]);
-+  if( nData<4 ) return;
-+  if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
- 
-+  pOut = sqlite3_str_new(0);
-   for(ii=0; ii<NCELL(&node); ii++){
-    char zCell[512];
-    int nCell = 0;
-     RtreeCell cell;
-     int jj;
- 
-     nodeGetCell(&tree, &node, ii, &cell);
-    sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
-    nCell = (int)strlen(zCell);
-+    if( ii>0 ) sqlite3_str_append(pOut, " ", 1);
-+    sqlite3_str_appendf(pOut, "{%lld", cell.iRowid);
-     for(jj=0; jj<tree.nDim2; jj++){
- #ifndef SQLITE_RTREE_INT_ONLY
-      sqlite3_snprintf(512-nCell,&zCell[nCell], " %g",
-                       (double)cell.aCoord[jj].f);
-+      sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f);
- #else
-      sqlite3_snprintf(512-nCell,&zCell[nCell], " %d",
-                       cell.aCoord[jj].i);
-+      sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i);
- #endif
-      nCell = (int)strlen(zCell);
-    }
-
-    if( zText ){
-      char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
-      sqlite3_free(zText);
-      zText = zTextNew;
-    }else{
-      zText = sqlite3_mprintf("{%s}", zCell);
-     }
-+    sqlite3_str_append(pOut, "}", 1);
-   }
-   
-  sqlite3_result_text(ctx, zText, -1, sqlite3_free);
-+  errCode = sqlite3_str_errcode(pOut);
-+  sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
-+  sqlite3_result_error_code(ctx, errCode);
- }
- 
- /* This routine implements an SQL function that returns the "depth" parameter
-- 
-1.8.3.1
-
@@ -1,65 +0,0 @@
-From f555312151f716b54558776bce53bef9edb69d3a Mon Sep 17 00:00:00 2001
-From: guiyao <guiyao@huawei.com>
-Date: Mon, 14 Oct 2019 05:23:59 -0400
-Subject: [PATCH] fix CVE-2019-16168
-
---
- src/analyze.c      |  4 +++-
- src/where.c        |  1 +
- test/analyzeC.test | 13 +++++++++++++
- 3 files changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/src/analyze.c b/src/analyze.c
-index 48fd495..552330b 100644
--- a/src/analyze.c
-+++ b/src/analyze.c
-@@ -1497,7 +1497,9 @@ static void decodeIntArray(
-       if( sqlite3_strglob("unordered*", z)==0 ){
-         pIndex->bUnordered = 1;
-       }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
-        pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
-+        int sz = sqlite3Atoi(z+3);
-+        if( sz<2 ) sz = 2;
-+        pIndex->szIdxRow = sqlite3LogEst(sz);
-       }else if( sqlite3_strglob("noskipscan*", z)==0 ){
-         pIndex->noSkipScan = 1;
-       }
-diff --git a/src/where.c b/src/where.c
-index b83915e..1df9b46 100644
--- a/src/where.c
-+++ b/src/where.c
-@@ -2585,6 +2585,7 @@ static int whereLoopAddBtreeIndex(
-     ** it to pNew->rRun, which is currently set to the cost of the index
-     ** seek only. Then, if this is a non-covering index, add the cost of
-     ** visiting the rows in the main table.  */
-+    assert( pSrc->pTab->szTabRow>0 );
-     rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
-     pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
-     if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
-diff --git a/test/analyzeC.test b/test/analyzeC.test
-index 02faa9c..246da89 100644
--- a/test/analyzeC.test
-+++ b/test/analyzeC.test
-@@ -132,6 +132,19 @@ do_execsql_test 4.3 {
-   SELECT count(a) FROM t1;
- } {/.*INDEX t1ca.*/}
- 
-+# 2019-08-15.
-+# Ticket https://www.sqlite.org/src/tktview/e4598ecbdd18bd82945f602901
-+# The sz=N parameter in the sqlite_stat1 table needs to have a value of
-+# 2 or more to avoid a division by zero in the query planner.
-+#
-+do_execsql_test 4.4 {
-+  DROP TABLE IF EXISTS t44;
-+  CREATE TABLE t44(a PRIMARY KEY);
-+  INSERT INTO sqlite_stat1 VALUES('t44',null,'sz=0');
-+  ANALYZE sqlite_master;
-+  SELECT 0 FROM t44 WHERE a IN(1,2,3);
-+} {}
-+
- 
- # The sz=NNN parameter works even if there is other extraneous text
- # in the sqlite_stat1.stat column.
-- 
-1.8.3.1
-
@@ -1,27 +0,0 @@
-From b097449afefa53e05637aaa43197c66cece575c7 Mon Sep 17 00:00:00 2001
-From: guiyao <guiyao@huawei.com>
-Date: Tue, 17 Dec 2019 10:53:58 -0500
-Subject: [PATCH] Backport Fix CVE-2019-19646
-
---
- src/pragma.c  |  4 +++-
- 1 files changed, 3 insertions(+), 1 deletions(-)
-
-diff --git a/src/pragma.c b/src/pragma.c
-index 4699c96..eda1a16 100644
--- a/src/pragma.c
-+++ b/src/pragma.c
-@@ -1571,7 +1571,9 @@ void sqlite3Pragma(
-           if( j==pTab->iPKey ) continue;
-           if( pTab->aCol[j].notNull==0 ) continue;
-           sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3);
-          sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
-+          if( sqlite3VdbeGetOp(v,-1)->opcode==OP_Column ){
-+             sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
-+          }
-           jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v);
-           zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
-                               pTab->aCol[j].zName);
-- 
-1.8.3.1
-
@@ -1,50 +0,0 @@
-From abaf16dea291800e0f450c0b60d9da9f2149d6a9 Mon Sep 17 00:00:00 2001
-From: openEuler Buildteam <buildteam@openeuler.org>
-Date: Mon, 30 Dec 2019 16:17:34 -0500
-Subject: [PATCH] fix CVE-2019-9936
-
---
- ext/fts5/fts5_hash.c      |  3 ++-
- ext/fts5/test/fts5aa.test | 12 ++++++++++++
- 2 files changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c
-index 7e404a8..c35b5d5 100644
--- a/ext/fts5/fts5_hash.c
-+++ b/ext/fts5/fts5_hash.c
-@@ -445,7 +445,8 @@ static int fts5HashEntrySort(
-   for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
-     Fts5HashEntry *pIter;
-     for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
-      if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){
-+      if( pTerm==0
-+          || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm)) ){
-         Fts5HashEntry *pEntry = pIter;
-         pEntry->pScanNext = 0;
-         for(i=0; ap[i]; i++){
-diff --git a/ext/fts5/test/fts5aa.test b/ext/fts5/test/fts5aa.test
-index 6fa3ad8..5c9b894 100644
--- a/ext/fts5/test/fts5aa.test
-+++ b/ext/fts5/test/fts5aa.test
-@@ -603,6 +603,18 @@ do_execsql_test 23.2 {
-   SELECT * FROM t11, t10 WHERE t10.rowid IS NULL;
- }
- 
-+#-------------------------------------------------------------------------
-+do_execsql_test 25.0 {
-+  CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
-+}
-+do_execsql_test 25.1 {
-+  BEGIN;
-+  INSERT INTO t13 VALUES('AAAA');
-+SELECT * FROM t13('BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB*');
-+
-+  END;
-+}
-+
- }
- 
- expand_all_sql db
-- 
-1.8.3.1
-
@@ -1,236 +0,0 @@
-From cc12b9c512451199cacf89a999977886ba4f183e Mon Sep 17 00:00:00 2001
-From: openEuler Buildteam <buildteam@openeuler.org> 
-Date: Tue, 31 Dec 2019 21:45:30 -0500
-Subject: [PATCH] backport-fix-CVE-2019-9937
-
---
- ext/fts5/fts5Int.h        |  3 ++-
- ext/fts5/fts5_hash.c      | 55 ++++++++++++++++++++++++++++++++---------------
- ext/fts5/fts5_index.c     | 25 ++++++++++++++-------
- ext/fts5/test/fts5aa.test | 21 +++++++++++++++++-
- 4 files changed, 77 insertions(+), 27 deletions(-)
-
-diff --git a/ext/fts5/fts5Int.h b/ext/fts5/fts5Int.h
-index 1f8a297..984d625 100644
--- a/ext/fts5/fts5Int.h
-+++ b/ext/fts5/fts5Int.h
-@@ -565,8 +565,9 @@ void sqlite3Fts5HashClear(Fts5Hash*);
- 
- int sqlite3Fts5HashQuery(
-   Fts5Hash*,                      /* Hash table to query */
-+  int nPre,
-   const char *pTerm, int nTerm,   /* Query term */
-  const u8 **ppDoclist,           /* OUT: Pointer to doclist for pTerm */
-+  void **ppObj,                   /* OUT: Pointer to doclist for pTerm */
-   int *pnDoclist                  /* OUT: Size of doclist in bytes */
- );
- 
-diff --git a/ext/fts5/fts5_hash.c b/ext/fts5/fts5_hash.c
-index c35b5d5..eae785a 100644
--- a/ext/fts5/fts5_hash.c
-+++ b/ext/fts5/fts5_hash.c
-@@ -187,19 +187,25 @@ static int fts5HashResize(Fts5Hash *pHash){
-   return SQLITE_OK;
- }
- 
-static void fts5HashAddPoslistSize(Fts5Hash *pHash, Fts5HashEntry *p){
-+static int fts5HashAddPoslistSize(
-+  Fts5Hash *pHash,
-+  Fts5HashEntry *p,
-+  Fts5HashEntry *p2
-+){
-+  int nRet = 0;
-   if( p->iSzPoslist ){
-    u8 *pPtr = (u8*)p;
-+    u8 *pPtr = p2 ? (u8*)p2 : (u8*)p;
-+    int nData = p->nData;
-     if( pHash->eDetail==FTS5_DETAIL_NONE ){
-      assert( p->nData==p->iSzPoslist );
-+      assert( nData==p->iSzPoslist );
-       if( p->bDel ){
-        pPtr[p->nData++] = 0x00;
-+        pPtr[nData++] = 0x00;
-         if( p->bContent ){
-          pPtr[p->nData++] = 0x00;
-+          pPtr[nData++] = 0x00;
-         }
-       }
-     }else{
-      int nSz = (p->nData - p->iSzPoslist - 1);       /* Size in bytes */
-+      int nSz = (nData - p->iSzPoslist - 1);       /* Size in bytes */
-       int nPos = nSz*2 + p->bDel;                     /* Value of nPos field */
- 
-       assert( p->bDel==0 || p->bDel==1 );
-@@ -209,14 +215,19 @@ static void fts5HashAddPoslistSize(Fts5Hash *pHash, Fts5HashEntry *p){
-         int nByte = sqlite3Fts5GetVarintLen((u32)nPos);
-         memmove(&pPtr[p->iSzPoslist + nByte], &pPtr[p->iSzPoslist + 1], nSz);
-         sqlite3Fts5PutVarint(&pPtr[p->iSzPoslist], nPos);
-        p->nData += (nByte-1);
-+        nData += (nByte-1);
-       }
-     }
- 
-    p->iSzPoslist = 0;
-    p->bDel = 0;
-    p->bContent = 0;
-+    nRet = nData - p->nData;
-+    if( p2==0 ){
-+        p->iSzPoslist = 0;
-+        p->bDel = 0;
-+        p->bContent = 0;
-+        p->nData = nData;
-+    }
-   }
-+  return nRet;
- }
- 
- /*
-@@ -328,7 +339,7 @@ int sqlite3Fts5HashWrite(
-   /* If this is a new rowid, append the 4-byte size field for the previous
-   ** entry, and the new rowid for this entry.  */
-   if( iRowid!=p->iRowid ){
-    fts5HashAddPoslistSize(pHash, p);
-+    fts5HashAddPoslistSize(pHash, p, 0);
-     p->nData += sqlite3Fts5PutVarint(&pPtr[p->nData], iRowid - p->iRowid);
-     p->iRowid = iRowid;
-     bNew = 1;
-@@ -474,8 +485,9 @@ static int fts5HashEntrySort(
- */
- int sqlite3Fts5HashQuery(
-   Fts5Hash *pHash,                /* Hash table to query */
-+  int nPre,
-   const char *pTerm, int nTerm,   /* Query term */
-  const u8 **ppDoclist,           /* OUT: Pointer to doclist for pTerm */
-+  void **ppOut,                   /* OUT: Pointer to new object */
-   int *pnDoclist                  /* OUT: Size of doclist in bytes */
- ){
-   unsigned int iHash = fts5HashKey(pHash->nSlot, (const u8*)pTerm, nTerm);
-@@ -489,11 +501,20 @@ int sqlite3Fts5HashQuery(
-   }
- 
-   if( p ){
-    fts5HashAddPoslistSize(pHash, p);
-    *ppDoclist = (const u8*)&zKey[nTerm+1];
-    *pnDoclist = p->nData - (sizeof(Fts5HashEntry) + nTerm + 1);
-+    int nHashPre = sizeof(Fts5HashEntry) + nTerm + 1;
-+    int nList = p->nData - nHashPre;
-+    u8 *pRet = (u8*)(*ppOut = sqlite3_malloc64(nPre + nList + 10));
-+    if( pRet ){
-+      Fts5HashEntry *pFaux = (Fts5HashEntry*)&pRet[nPre-nHashPre];
-+      memcpy(&pRet[nPre], &((u8*)p)[nHashPre], nList);
-+      nList += fts5HashAddPoslistSize(pHash, p, pFaux);
-+      *pnDoclist = nList;
-+    }else{
-+      *pnDoclist = 0;
-+      return SQLITE_NOMEM;
-+    }
-   }else{
-    *ppDoclist = 0;
-+    *ppOut = 0;
-     *pnDoclist = 0;
-   }
- 
-@@ -526,7 +547,7 @@ void sqlite3Fts5HashScanEntry(
-   if( (p = pHash->pScan) ){
-     char *zKey = fts5EntryKey(p);
-     int nTerm = (int)strlen(zKey);
-    fts5HashAddPoslistSize(pHash, p);
-+    fts5HashAddPoslistSize(pHash, p, 0);
-     *pzTerm = zKey;
-     *ppDoclist = (const u8*)&zKey[nTerm+1];
-     *pnDoclist = p->nData - (sizeof(Fts5HashEntry) + nTerm + 1);
-diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c
-index ddad6c8..37ef61d 100644
--- a/ext/fts5/fts5_index.c
-+++ b/ext/fts5/fts5_index.c
-@@ -2452,31 +2452,40 @@ static void fts5SegIterHashInit(
-   int flags,                      /* Mask of FTS5INDEX_XXX flags */
-   Fts5SegIter *pIter              /* Object to populate */
- ){
-  const u8 *pList = 0;
-   int nList = 0;
-   const u8 *z = 0;
-   int n = 0;
-+  Fts5Data *pLeaf = 0;
- 
-   assert( p->pHash );
-   assert( p->rc==SQLITE_OK );
- 
-   if( pTerm==0 || (flags & FTS5INDEX_QUERY_SCAN) ){
-+    const u8 *pList = 0;
-+
-     p->rc = sqlite3Fts5HashScanInit(p->pHash, (const char*)pTerm, nTerm);
-     sqlite3Fts5HashScanEntry(p->pHash, (const char**)&z, &pList, &nList);
-     n = (z ? (int)strlen((const char*)z) : 0);
-+    if( pList ){
-+      pLeaf = fts5IdxMalloc(p, sizeof(Fts5Data));
-+      if( pLeaf ){
-+        pLeaf->p = pList;
-+      }
-+    }
-   }else{
-    pIter->flags |= FTS5_SEGITER_ONETERM;
-    sqlite3Fts5HashQuery(p->pHash, (const char*)pTerm, nTerm, &pList, &nList);
-+    p->rc = sqlite3Fts5HashQuery(p->pHash, sizeof(Fts5Data),
-+        (const char*)pTerm, nTerm, (void**)&pLeaf, &nList
-+    );
-+    if( pLeaf ){
-+      pLeaf->p = (u8*)&pLeaf[1];
-+    }
-     z = pTerm;
-     n = nTerm;
-+    pIter->flags |= FTS5_SEGITER_ONETERM;
-   }
- 
-  if( pList ){
-    Fts5Data *pLeaf;
-+  if( pLeaf ){
-     sqlite3Fts5BufferSet(&p->rc, &pIter->term, n, z);
-    pLeaf = fts5IdxMalloc(p, sizeof(Fts5Data));
-    if( pLeaf==0 ) return;
-    pLeaf->p = (u8*)pList;
-     pLeaf->nn = pLeaf->szLeaf = nList;
-     pIter->pLeaf = pLeaf;
-     pIter->iLeafOffset = fts5GetVarint(pLeaf->p, (u64*)&pIter->iRowid);
-diff --git a/ext/fts5/test/fts5aa.test b/ext/fts5/test/fts5aa.test
-index 5c9b894..b76a7f6 100644
--- a/ext/fts5/test/fts5aa.test
-+++ b/ext/fts5/test/fts5aa.test
-@@ -427,7 +427,7 @@ proc funk {} {
-   db eval { UPDATE n1_config SET v=50 WHERE k='version' }
-   set fd [db incrblob main n1_data block 10]
-   fconfigure $fd -encoding binary -translation binary
-  puts -nonewline $fd "\x44\x45"
-+#  puts -nonewline $fd "\x44\x45"
-   close $fd
- }
- db func funk funk
-@@ -604,6 +604,25 @@ do_execsql_test 23.2 {
- }
- 
- #-------------------------------------------------------------------------
-+do_execsql_test 24.0 {
-+  CREATE VIRTUAL TABLE t12 USING fts5(x, detail=%DETAIL%);
-+  INSERT INTO t12 VALUES('aaaa');
-+}
-+do_execsql_test 24.1 {
-+  BEGIN;
-+    DELETE FROM t12 WHERE rowid=1;
-+    SELECT * FROM t12('aaaa');
-+    INSERT INTO t12 VALUES('aaaa');
-+  END;
-+}
-+do_execsql_test 24.2 {
-+  INSERT INTO t12(t12) VALUES('integrity-check');
-+}
-+do_execsql_test 24.3 {
-+    SELECT * FROM t12('aaaa');
-+} {aaaa}
-+
-+#-------------------------------------------------------------------------
- do_execsql_test 25.0 {
-   CREATE VIRTUAL TABLE t13 USING fts5(x, detail=%DETAIL%);
- }
-- 
-1.8.3.1
-
@@ -1,72 +0,0 @@
-From 396afe6f6aa90a31303c183e11b2b2d4b7956b35 Mon Sep 17 00:00:00 2001
-From: drh <drh@noemail.net>
-Date: Wed, 18 Dec 2019 20:51:58 +0000
-Subject: [PATCH] Fix CVE-2019-19923
- Continue to back away from the LEFT JOIN optimization of
- check-in [41c27bc0ff1d3135] by disallowing query flattening if the outer
- query is DISTINCT.  Without this fix, if an index scan is run on the table
- within the view on the right-hand side of the LEFT JOIN, stale result
- registers might be accessed yielding incorrect results, and/or an
- OP_IfNullRow opcode might be invoked on the un-opened table, resulting in a
- NULL-pointer dereference.  This problem was found by the Yongheng and Rui
- fuzzer.
-
-FossilOrigin-Name: 862974312edf00e9d1068115d1a39b7235b7db68b6d86b81d38a12f025a4748e
-
-Change by Weifeng <suweifeng1@huawei.com>:
-    Fit for version 3.24.0
---
- src/select.c   |  8 ++++++--
- test/join.test | 13 +++++++++++++
- 2 files changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/src/select.c b/src/select.c
-index 529df0f..4510b77 100644
--- a/src/select.c
-+++ b/src/select.c
-@@ -3582,6 +3582,7 @@ static void substSelect(
- **        (3b) the FROM clause of the subquery may not contain a virtual
- **             table and
- **        (3c) the outer query may not be an aggregate.
-+**        (3d) the outer query may not be DISTINCT.
- **
- **   (4)  The subquery can not be DISTINCT.
- **
-@@ -3770,8 +3771,11 @@ static int flattenSubquery(
-   */
-   if( (pSubitem->fg.jointype & JT_OUTER)!=0 ){
-     isLeftJoin = 1;
-    if( pSubSrc->nSrc>1 || isAgg || IsVirtual(pSubSrc->a[0].pTab) ){
-      /*  (3a)             (3c)     (3b) */
-+    if( pSubSrc->nSrc>1                   /* (3a) */
-+     || isAgg                             /* (3b) */
-+     || IsVirtual(pSubSrc->a[0].pTab)     /* (3c) */
-+     || (p->selFlags & SF_Distinct)!=0    /* (3d) */
-+    ){
-       return 0;
-     }
-   }
-diff --git a/test/join.test b/test/join.test
-index 8c6f463..8c6a53d 100644
--- a/test/join.test
-+++ b/test/join.test
-@@ -844,4 +844,17 @@ do_execsql_test join-15.110 {
-    ORDER BY a1, a2, a3, a4, a5;
- } {1 {} {} {} {} 1 11 {} {} {} 1 12 {} {} {} 1 12 121 {} {} 1 13 {} {} {}}
- 
-+# 2019-12-18 problem with a LEFT JOIN where the RHS is a view.
-+# Detected by Yongheng and Rui.
-+# Follows from the optimization attempt of check-in 41c27bc0ff1d3135
-+# on 2017-04-18
-+#
-+reset_db
-+do_execsql_test join-22.10 {
-+  CREATE TABLE t0(a, b);
-+  CREATE INDEX t0a ON t0(a);
-+  INSERT INTO t0 VALUES(10,10),(10,11),(10,12);
-+  SELECT DISTINCT c FROM t0 LEFT JOIN (SELECT a+1 AS c FROM t0) ORDER BY c ;
-+} {11}
-+
- finish_test
-- 
-2.19.1 
@@ -1,50 +0,0 @@
-From 8654186b0236d556aa85528c2573ee0b6ab71be3 Mon Sep 17 00:00:00 2001
-From: drh <drh@noemail.net>
-Date: Thu, 19 Dec 2019 20:37:32 +0000
-Subject: [PATCH] Fix CVE-2019-19924
- When an error occurs while rewriting the parser tree for
- window functions in the sqlite3WindowRewrite() routine, make sure that
- pParse->nErr is set, and make sure that this shuts down any subsequent code
- generation that might depend on the transformations that were implemented. 
- This fixes a problem discovered by the Yongheng and Rui fuzzer.
-
-FossilOrigin-Name: e2bddcd4c55ba3cbe0130332679ff4b048630d0ced9a8899982edb5a3569ba7f
-
-Change by Weifeng <suweifeng1@huawei.com>:
-    Fit for version 3.24.0
---
- src/expr.c    | 2 ++
- src/vdbeaux.c | 3 ++-
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/expr.c b/src/expr.c
-index 36ca515..8fd8af9 100644
--- a/src/expr.c
-+++ b/src/expr.c
-@@ -344,6 +344,8 @@ static int codeCompare(
-   int addr;
-   CollSeq *p4;
- 
-+  if( pParse->nErr ) return 0;
-+
-   p4 = sqlite3BinaryCompareCollSeq(pParse, pLeft, pRight);
-   p5 = binaryCompareP5(pLeft, pRight, jumpIfNull);
-   addr = sqlite3VdbeAddOp4(pParse->pVdbe, opcode, in2, dest, in1,
-diff --git a/src/vdbeaux.c b/src/vdbeaux.c
-index ba2396c..df8bcc2 100644
--- a/src/vdbeaux.c
-+++ b/src/vdbeaux.c
-@@ -1171,7 +1171,8 @@ void sqlite3VdbeSetP4KeyInfo(Parse *pParse, Index *pIdx){
- */
- static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){
-   assert( p->nOp>0 || p->aOp==0 );
-  assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed );
-+  assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed
-+          || p->pParse->nErr>0 );
-   if( p->nOp ){
-     assert( p->aOp );
-     sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment);
-- 
-2.19.1
-
-
@@ -1,55 +0,0 @@
-From 54d501092d88c0cf89bec4279951f548fb0b8618 Mon Sep 17 00:00:00 2001
-From: drh <drh@noemail.net>
-Date: Thu, 19 Dec 2019 15:15:40 +0000
-Subject: [PATCH] Fix CVE-2019-19925
- Fix the zipfile extension so that INSERT works even if the
- pathname of the file being inserted is a NULL.  Bug discovered by the
- Yongheng and Rui fuzzer.
-
-FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06
-
-Change by Weifeng <suweifeng1@huawei.com>:
-    Fit for version 3.24.0
---
- ext/misc/zipfile.c |  1 +
- test/zipfile.test  | 13 +++++++++++++
- 2 files changed, 14 insertions(+)
-
-diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
-index 9f2258e..01cd0ca 100644
--- a/ext/misc/zipfile.c
-+++ b/ext/misc/zipfile.c
-@@ -1617,6 +1617,7 @@ static int zipfileUpdate(
- 
-     if( rc==SQLITE_OK ){
-       zPath = (const char*)sqlite3_value_text(apVal[2]);
-+      if( zPath==0 ) zPath = "";
-       nPath = (int)strlen(zPath);
-       mTime = zipfileGetTime(apVal[4]);
-     }
-diff --git a/test/zipfile.test b/test/zipfile.test
-index ebc4977..abf432c 100644
--- a/test/zipfile.test
-+++ b/test/zipfile.test
-@@ -761,4 +761,17 @@ do_execsql_test 11.11 {
-   SELECT name, data FROM z ORDER BY name;
- } {b0suffix two b2suffix one}
- 
-+# 2019-12-18 Yongheng and Rui fuzzer
-+#
-+do_execsql_test 13.10 {
-+  DROP TABLE IF EXISTS t0;
-+  DROP TABLE IF EXISTS t1;
-+  CREATE TABLE t0(a,b,c,d,e,f,g);
-+  REPLACE INTO t0(c,b,f) VALUES(10,10,10);
-+  CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
-+  REPLACE INTO t1 SELECT * FROM t0;
-+  SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
-+         quote(data),quote(method) FROM t1;
-+} {'' 10 10 2 X'3130' X'3130' 0}
-+
- finish_test
-- 
-2.19.1
-
-
@@ -1,39 +0,0 @@
-From 396afe6f6aa90a31303c183e11b2b2d4b7956b35 Mon Sep 17 00:00:00 2001
-From: drh <drh@noemail.net>
-Date: Wed, 18 Dec 2019 20:51:58 +0000
-Subject: [PATCH] Fix CVE-2019-19926
- Continue to back away from the LEFT JOIN optimization of
- check-in [41c27bc0ff1d3135] by disallowing query flattening if the outer
- query is DISTINCT.  Without this fix, if an index scan is run on the table
- within the view on the right-hand side of the LEFT JOIN, stale result
- registers might be accessed yielding incorrect results, and/or an
- OP_IfNullRow opcode might be invoked on the un-opened table, resulting in a
- NULL-pointer dereference.  This problem was found by the Yongheng and Rui
- fuzzer.
-
-FossilOrigin-Name: 862974312edf00e9d1068115d1a39b7235b7db68b6d86b81d38a12f025a4748e
-
-Change by Weifeng <suweifeng1@huawei.com>:
-    Fit for version 3.24.0
---
- src/select.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/select.c b/src/select.c
-index 4510b77..f78c8a5 100644
--- a/src/select.c
-+++ b/src/select.c
-@@ -2813,7 +2813,8 @@ static int multiSelect(
-     }
-   #endif
-   }
-  
-+  if( pParse->nErr ) goto multi_select_end;
-+
-   /* Compute collating sequences used by 
-   ** temporary tables needed to implement the compound select.
-   ** Attach the KeyInfo structure to all temporary tables.
-- 
-2.19.1
-
-
@@ -1,32 +0,0 @@
-From a6c1a71cde082e09750465d5675699062922e387 Mon Sep 17 00:00:00 2001
-From: dan <dan@noemail.net>
-Date: Fri, 27 Dec 2019 20:54:42 +0000
-Subject: [PATCH] Fix CVE-2019-20218
- Do not attempt to unwind the WITH stack in the Parse object
- following an error. This fixes a separate case to [de6e6d68].
-
-FossilOrigin-Name: d29edef93451cc67a5d69c1cce1b1832d9ca8fff1f600afdd51338b74d077b92
-
-Change by Weifeng <suweifeng1@huawei.com>:
-    Fit for version 3.24.0
---
- src/select.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/select.c b/src/select.c
-index f78c8a5..3bb98ad 100644
--- a/src/select.c
-+++ b/src/select.c
-@@ -4717,7 +4717,7 @@ static int selectExpander(Walker *pWalker, Select *p){
- 
-   /* Process NATURAL keywords, and ON and USING clauses of joins.
-   */
-  if( db->mallocFailed || sqliteProcessJoin(pParse, p) ){
-+  if( pParse->nErr || db->mallocFailed || sqliteProcessJoin(pParse, p) ){
-     return WRC_Abort;
-   }
- 
-- 
-2.19.1
-
-
@@ -1,43 +0,0 @@
-From d8f2d46cbc9925e034a68aaaf60aad788d9373c1 Mon Sep 17 00:00:00 2001
-From: drh <drh@noemail.net>
-Date: Mon, 23 Dec 2019 21:04:33 +0000
-Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that
- it is able to deal with goofy filenames that contain embedded zeros.
-
-Code for CVE-2019-19959 fixing
-Modified by openEuler build team
-Removed manifest changes and adapt to old code.
-
-FossilOrigin-Name: cc0fb00a128fd0773db5ff7891f7aa577a3671d570166d2cbb30df922344adcf
---
- ext/misc/zipfile.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
-index 9f2258e..3a87ec2 100644
--- a/ext/misc/zipfile.c
-+++ b/ext/misc/zipfile.c
-@@ -1631,7 +1631,7 @@ static int zipfileUpdate(
-         zFree = sqlite3_mprintf("%s/", zPath);
-         if( zFree==0 ){ rc = SQLITE_NOMEM; }
-         zPath = (const char*)zFree;
-        nPath++;
-+        nPath = (int)strlen(zPath);
-       }
-     }
-
-@@ -2032,11 +2032,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){
-   }else{
-     if( zName[nName-1]!='/' ){
-       zName = zFree = sqlite3_mprintf("%s/", zName);
-      nName++;
-       if( zName==0 ){
-         rc = SQLITE_NOMEM;
-         goto zipfile_step_out;
-       }
-+      nName = (int)strlen(zName);
-     }else{
-       while( nName>1 && zName[nName-2]=='/' ) nName--;
-     }
-- 
-1.8.3.1
@@ -1,19 +1,21 @@
-diff -up sqlite-src-3120200/configure.ac.malloc_usable_size sqlite-src-3120200/configure.ac
--- sqlite-src-3120200/configure.ac.malloc_usable_size	2016-04-25 09:46:48.134690570 +0200
-+++ sqlite-src-3120200/configure.ac	2016-04-25 09:48:41.622637181 +0200
-@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h s
- #########
- # Figure out whether or not we have these functions
- #
-AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
-+AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
- 
- #########
- # By default, we use the amalgamation (this may be changed below...)
-diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/configure
--- sqlite-src-3120200/configure.malloc_usable_size	2016-04-25 09:47:12.594679063 +0200
-+++ sqlite-src-3120200/configure	2016-04-25 09:49:28.684615042 +0200
-@@ -10275,7 +10275,7 @@ done
+From 6a7c9be9502ea2023c4b5cf39a0d5a5a55b320f7 Mon Sep 17 00:00:00 2001
+From: Lixiaokeng <lixiaokeng@huawei.com>
+Date: Wed, 17 Jul 2024 10:31:56 +0800
+Subject: [PATCH] sqlite no malloc_usable_size
+
+Reference:https://gitee.com/src-openeuler/sqlite/blob/openEuler-22.03-LTS-SP3/0001-sqlite-no-malloc-usable-size.patch
+Conflict:NA
+
+---
+ configure    | 2 +-
+ configure.ac | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure b/configure
+index 29ca76b..d67183a 100755
+--- a/configure
+++ b/configure
+@@ -10292,7 +10292,7 @@ done
 #########
 # Figure out whether or not we have these functions
 #
@@ -22,3 +24,18 @@ diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/conf
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.ac b/configure.ac
+index 53be0a6..6f9b1e1 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h stdint.h inttypes.h malloc.h])
+ #########
+ # Figure out whether or not we have these functions
+ #
+-AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
+AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
+ 
+ #########
+ # By default, we use the amalgamation (this may be changed below...)
+-- 
+2.33.0
@@ -3,6 +3,9 @@ From: eulerstorage <eulerstoragemt@huawei.com>
 Date: Sat, 11 Jan 2020 11:33:54 +0800
 Subject: [PATCH] remove fail testcase in no free fd situation

+Reference:https://gitee.com/src-openeuler/sqlite/blob/openEuler-22.03-LTS-SP3/0002-remove-fail-testcase-in-no-free-fd-situation.patch
+Conflict:NA
+
 Remove testcase 1.1.1, 1.1.2 and 1.1.3, since it can not success in
 some situation if there is no enough fd resource.
 ---
@@ -10,10 +13,10 @@ some situation if there is no enough fd resource.
 1 file changed, 27 deletions(-)

 diff --git a/test/oserror.test b/test/oserror.test
-index 271163a..d46218f 100644
+index a51301c..d46218f 100644
 --- a/test/oserror.test
 +++ b/test/oserror.test
-@@ -40,33 +40,6 @@ proc do_re_test {tn script expression} {
+@@ -40,47 +40,6 @@ proc do_re_test {tn script expression} {
   
 }
 
@@ -29,18 +32,32 @@ index 271163a..d46218f 100644
 -# an error may be reported for either open() or getcwd() here.
 -#
 -if {![clang_sanitize_address]} {
+-  unset -nocomplain rc
+-  unset -nocomplain nOpen
+-  set nOpen 20000
 -  do_test 1.1.1 {
 -    set ::log [list]
-    list [catch {
-      for {set i 0} {$i < 20000} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
-    } msg] $msg
-  } {1 {unable to open database file}}
+-    set ::rc [catch {
+-      for {set i 0} {$i < $::nOpen} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
+-    } msg]
+-    if {$::rc==0} {
+-      # Some system (ex: Debian) are able to create 20000+ file descriptiors
+-      # such systems will not fail here
+-      set x ok
+-    } elseif {$::rc==1 && $msg=="unable to open database file"} {
+-      set x ok
+-    } else {
+-      set x [list $::rc $msg]
+-    }
+-  } {ok}
 -  do_test 1.1.2 {
-    catch { for {set i 0} {$i < 20000} {incr i} { dbh_$i close } }
-  } {1}
-  do_re_test 1.1.3 { 
-    lindex $::log 0 
-  } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
+-    catch { for {set i 0} {$i < $::nOpen} {incr i} { dbh_$i close } }
+-  } $::rc
+-  if {$rc} {
+-    do_re_test 1.1.3 { 
+-      lindex $::log 0 
+-    } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
+-  }
 -}
 -
 -
@@ -49,4 +66,3 @@ index 271163a..d46218f 100644
 do_test 1.2.1 {
 -- 
 1.8.3.1
-
@@ -0,0 +1,26 @@
+From 26ea25aacc1e70f4d142d8f041da2065509c0b51 Mon Sep 17 00:00:00 2001
+From: zwtmichael <zhuwentao5@huawei.com>
+Date: Tue, 30 Aug 2022 17:02:04 +0800
+Subject: [PATCH] fix memory problem in the rtree test suite
+
+Reference:https://gitee.com/src-openeuler/sqlite/blob/openEuler-22.03-LTS-SP3/0004-fix-memory-problem-in-the-rtree-test-suite.patch
+Conflict: BoxQueryCtx change to BoxGeomCtx
+---
+ ext/rtree/test_rtreedoc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/rtree/test_rtreedoc.c b/ext/rtree/test_rtreedoc.c
+index cdbcb2e..59a7942 100644
+--- a/ext/rtree/test_rtreedoc.c
+++ b/ext/rtree/test_rtreedoc.c
+@@ -188,7 +188,7 @@ static int SQLITE_TCLAPI register_box_geom(
+   }
+   if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ) return TCL_ERROR;
+ 
+-  pCtx = (BoxGeomCtx*)ckalloc(sizeof(BoxGeomCtx*));
+  pCtx = (BoxGeomCtx*)ckalloc(sizeof(BoxGeomCtx));
+   pCtx->interp = interp;
+   pCtx->pScript = Tcl_DuplicateObj(objv[2]);
+   Tcl_IncrRefCount(pCtx->pScript);
+-- 
+2.33.0
@@ -0,0 +1,34 @@
+From c5c8e025ff6cf0f7400b17aec73014e9cdc00935 Mon Sep 17 00:00:00 2001
+From: zwtmichael <zhuwentao5@huawei.com>
+Date: Mon, 7 Aug 2023 15:10:32 +0800
+Subject: [PATCH] fix segmentation violation
+
+Reference:https://gitee.com/src-openeuler/sqlite/blob/openEuler-22.03-LTS-SP3/0007-CVE-2023-36191.patch
+Conflict:context adaptation
+
+Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
+---
+ src/shell.c.in | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/shell.c.in b/src/shell.c.in
+index 72e4498..355b4bb 100644
+--- a/src/shell.c.in
+++ b/src/shell.c.in
+@@ -12219,8 +12219,12 @@ int SQLITE_CDECL wmain(int argc, wchar_t **wargv){
+     }else if( cli_strcmp(z,"-bail")==0 ){
+       bail_on_error = 1;
+     }else if( cli_strcmp(z,"-nonce")==0 ){
+-      free(data.zNonce);
+-      data.zNonce = strdup(argv[++i]);
+      if( data.zNonce ) free(data.zNonce);
+      if( i + 1 < argc ) data.zNonce = strdup(argv[++i]);
+      else{
+	      data.zNonce = 0;
+	      break;
+      }
+     }else if( cli_strcmp(z,"-unsafe-testing")==0 ){
+       ShellSetFlag(&data,SHFLG_TestingMode);
+     }else if( cli_strcmp(z,"-safe")==0 ){
+-- 
+2.33.0
@@ -0,0 +1,46 @@
+From 310e27eec4eb0e6c5cbc7bad6d3c0ad71619cb44 Mon Sep 17 00:00:00 2001
+From: dan <Dan Kennedy>
+Date: Thu, 7 Sep 2023 13:53:09 +0000
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could
+ occur when processing a corrupt changeset.
+
+Reference:https://sqlite.org/src/info/0e4e7a05c4204b47
+Conflict:NA
+
+---
+ ext/session/sqlite3session.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index a892804..72ad427 100644
+--- a/ext/session/sqlite3session.c
+++ b/ext/session/sqlite3session.c
+@@ -3050,15 +3050,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
+        if( (pIn->nData-pIn->iNext)<8 ){
+          rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
+          sqlite3_int64 v = sessionGetI64(aVal);
+          if( eType==SQLITE_INTEGER ){
+            sqlite3VdbeMemSetInt64(apOut[i], v);
+          }else{
+            double d;
+            memcpy(&d, &v, 8);
+            sqlite3VdbeMemSetDouble(apOut[i], d);
+          }
+          pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.33.0
@@ -1,84 +1,29 @@
 %bcond_without check

-%global extver 3240000
+%global extver 3420000
 %global tcl_version 8.6
 %global tcl_sitearch %{_libdir}/tcl%{tcl_version}

 Name:    sqlite
-Version: 3.24.0
-Release: 8
+Version: 3.42.0
+Release: 3
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/

-Source0: http://www.sqlite.org/2018/sqlite-src-%{extver}.zip
-Source1: http://www.sqlite.org/2018/sqlite-doc-%{extver}.zip
-Source2: https://www.sqlite.org/2018/sqlite-autoconf-%{extver}.tar.gz
+Source0: https://www.sqlite.org/2023/sqlite-src-%{extver}.zip
+Source1: http://www.sqlite.org/2023/sqlite-doc-%{extver}.zip
+Source2: https://www.sqlite.org/2023/sqlite-autoconf-%{extver}.tar.gz

-Patch0000: 0000-sqlite-no-malloc-usable-size.patch
-Patch0001: 0001-sqlite-CVE-2018-20346.patch
-Patch0002: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
-
-Patch6000: 6000-Fix-the-sqlite3BeginTrans-calls-within-the-snapshot-.patch
-Patch6001: 6001-Change-a-comma-into-a-logically-equivalent-but-seman.patch
-Patch6002: 6002-Fix-a-typo-in-the-amalgamation-autoconf-file.patch
-Patch6003: 6003-Fix-typo-in-the-normalize-extension.patch
-Patch6004: 6004-Fix-a-minor-problem-in-the-code-for-determining-whet.patch
-Patch6005: 6005-Quick-patch-to-the-Lemon-parser-template-to-avoid-an.patch
-Patch6006: 6006-Fix-typo-in-the-Win32-specific-code-for-the-fileio-e.patch
-Patch6007: 6007-Fix-a-problem-causing-ENABLE_CURSOR_HINTS-builds-to-.patch
-Patch6008: 6008-Fix-a-potential-crash-that-can-occur-while-reading-a.patch
-Patch6009: 6009-In-the-CLI-fix-a-file-descriptor-leak-following-OOM-.patch
-Patch6010: 6010-Take-steps-to-avoid-a-potential-integer-overflow-in-.patch
-Patch6011: 6011-Fix-minor-memory-leak-in-the-dbstat-extension-that-c.patch
-Patch6012: 6012-Fix-a-failing-assert-in-sqlite3ResetAllSchemasOfConn.patch
-Patch6013: 6013-Fix-a-parser-bug-in-the-use-of-parentheses-around-ta.patch
-Patch6014: 6014-Fix-possible-integer-overflow-while-running-PRAGMA-i.patch
-Patch6015: 6015-Fix-a-segfault-caused-by-using-the-RAISE-function-in.patch
-Patch6016: 6016-Fix-another-problem-with-corrupt-database-handling-i.patch
-Patch6017: 6017-Fix-a-buffer-overwrite-in-fts5-triggered-by-a-corrup.patch
-Patch6018: 6018-Fix-another-case-in-fts5-where-a-corrupt-database-co.patch
-Patch6019: 6019-Fix-another-potential-buffer-overread-in-fts5.patch
-Patch6020: 6020-Fix-a-possible-memory-leak-when-trying-to-UPDATE-a-c.patch
-Patch6021: 6021-Fix-an-out-of-bounds-read-in-SQL-function-fts5_decod.patch
-Patch6022: 6022-Fix-a-segfault-in-fts3-prompted-by-a-corrupted-datab.patch
-Patch6023: 6023-Prevent-unsigned-32-bit-integer-overflow-from-leadin.patch
-Patch6024: 6024-Fix-a-problem-causing-a-crash-if-an-fts5vocab-table-.patch
-Patch6025: 6025-Fix-a-harmless-memory-leak-in-the-Lemon-parser-gener.patch
-Patch6026: 6026-Handle-SQL-NULL-values-without-crashing-in-the-fts5-.patch
-Patch6027: 6027-Fix-a-memory-leak-that-could-occur-in-fts3-when-hand.patch
-Patch6028: 6028-Fix-a-buffer-overwrite-that-could-occur-when-running.patch
-Patch6029: 6029-Fix-another-corruption-related-crash-in-fts5.patch
-Patch6030: 6030-Avoid-integer-overflow-when-computing-the-array-of-a.patch
-Patch6031: 6031-Fix-another-segfault-caused-by-a-corrupt-fts3-databa.patch
-Patch6032: 6032-Fix-a-buffer-overrun-that-could-occur-in-fts5-if-a-p.patch
-Patch6033: 6033-Fix-another-fts5-crash-that-can-occur-if-the-databas.patch
-Patch6034: 6034-Fix-an-assert-in-vdbemem.c-that-could-fire-if-the-da.patch
-Patch6035: 6035-Fix-a-potential-problem-with-INSERT-INTO-.-SELECT-FR.patch
-Patch6036: 6036-Fix-a-segfault-that-could-follow-an-OOM-when-queryin.patch
-Patch6037: 6037-Fix-a-buffer-overread-in-fts3-that-could-occur-when-.patch
-Patch6038: 6038-Fix-a-buffer-overrun-triggered-by-a-merge-operation-.patch
-Patch6039: 6039-Fix-another-buffer-overread-in-fts5-that-may-occur-w.patch
-Patch6040: 6040-Fix-another-buffer-overrun-that-could-occur-when-que.patch
-Patch6041: 6041-Fix-another-segfault-that-could-occur-in-fts5-with-a.patch
-Patch6042: 6042-Fix-a-potential-memory-leak-in-RBU-if-the-rbu_fossil.patch
-Patch6043: 6043-Fix-a-potential-32-bit-integer-overflow-in-the-showd.patch
-Patch6044: 6044-sqlite-CVE-2019-8457-out-of-bounds-read.patch
-Patch6045: 6045-sqlite-CVE-2019-16168.patch
-Patch6046: 6046-Fix-CVE-2019-19646.patch
-Patch6047: 6047-Fix-CVE-2019-9936.patch
-Patch6048: 6048-Fix-CVE-2019-9937.patch
-Patch6049: 6049-Fix-CVE-2019-19923-Continue-to-back-away-from-the-LEFT-JOIN-optimizatio.patch
-Patch6050: 6050-Fix-CVE-2019-19924-When-an-error-occurs-while-rewriting-the-parser-tree.patch
-Patch6051: 6051-Fix-CVE-2019-19925-Fix-the-zipfile-extension-so-that-INSERT-works-even-.patch
-Patch6052: 6052-Fix-CVE-2019-19926-Continuation-of-e2bddcd4c55ba3cb-Add-another-spot-wh.patch
-Patch6053: 6053-Fix-CVE-2019-20218-Do-not-attempt-to-unwind-the-WITH-stack-in-the-Parse.patch
-Patch6054: 6054-Fix-the-zipfile-function-in-the-zipfile-extension-so.patch
+Patch6000: backport-0001-sqlite-no-malloc-usable-size.patch
+Patch6001: backport-0002-remove-fail-testcase-in-no-free-fd-situation.patch 
+Patch6002: backport-0003-fix-memory-problem-in-the-rtree-test-suite.patch
+Patch6003: backport-0004-CVE-2023-36191.patch
+Patch6004: backport-CVE-2023-7104.patch

 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel

-
 Provides:  %{name}-libs
 Obsoletes: %{name}-libs
 Provides:  lemon
@@ -116,70 +61,17 @@ This contains man files and HTML files for the using of sqlite.
 %prep
 #autosetup will fail because of 2 zip files
 %setup -q -a1 -n %{name}-src-%{extver}
-%patch0000 -p1
-%patch0001 -p0
-%patch0002 -p1
 %patch6000 -p1
 %patch6001 -p1
 %patch6002 -p1
 %patch6003 -p1
 %patch6004 -p1
-%patch6005 -p1
-%patch6006 -p1
-%patch6007 -p1
-%patch6008 -p1
-%patch6009 -p1
-%patch6010 -p1
-%patch6011 -p1
-%patch6012 -p1
-%patch6013 -p1
-%patch6014 -p1
-%patch6015 -p1
-%patch6016 -p1
-%patch6017 -p1
-%patch6018 -p1
-%patch6019 -p1
-%patch6020 -p1
-%patch6021 -p1
-%patch6022 -p1
-%patch6023 -p1
-%patch6024 -p1
-%patch6025 -p1
-%patch6026 -p1
-%patch6027 -p1
-%patch6028 -p1
-%patch6029 -p1
-%patch6030 -p1
-%patch6031 -p1
-%patch6032 -p1
-%patch6033 -p1
-%patch6034 -p1
-%patch6035 -p1
-%patch6036 -p1
-%patch6037 -p1
-%patch6038 -p1
-%patch6039 -p1
-%patch6040 -p1
-%patch6041 -p1
-%patch6042 -p1
-%patch6043 -p1
-%patch6044 -p1
-%patch6045 -p1
-%patch6046 -p1
-%patch6047 -p1
-%patch6048 -p1
-%patch6049 -p1
-%patch6050 -p1
-%patch6051 -p1
-%patch6052 -p1
-%patch6053 -p1
-%patch6054 -p1

 rm -f %{name}-doc-%{extver}/sqlite.css~ || :

-autoconf
-
 %build
+
+autoconf
 export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
               -DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=3 \
               -DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 \
@@ -220,6 +112,10 @@ export MALLOC_CHECK_=3
 %else
 rm test/csv01.test
 %endif
+%ifarch loongarch64
+rm -rf test/thread1.test
+rm -rf test/thread2.test
+%endif

 make test
 %endif # with check
@@ -244,6 +140,90 @@ make test
 %{_mandir}/man*/*

 %changelog
+* Mon Nov 11 2024 wangmian <wangmian19@h-partners.com> - 3.42.0-3
+- sync the patch from 2203
+
+* Wed Sep 4 2024 wangmian <wangmian19@h-partners.com> - 3.42.0-2
+- sync the CVE-2023-7104 from 2203
+
+* Tue Feb 27 2024 Zheng Zhenyu <zheng.zhenyu@outlook.com> - 3.42.0-1
+- Bump version to fix CVE-2024-0232
+
+* Wed Jan 3 2024 mazhao <mazhao12@huawei.com> - 3.37.2-7
+- fix the CVE-2023-7104
+
+* Mon Aug 7 2023 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-6
+- fix the CVE-2023-36191
+
+* Fri Jan 13 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.37.2-5
+- remove fail testcase for loongarch
+
+* Wed Dec 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-4
+- fix the CVE-2022-46908
+
+* Wed Sep 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-3
+- fix build problem
+
+* Mon Sep 5 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-2
+- fix integer overflow on gigabyte string
+
+* Mon Aug 29 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-1
+- update to 3.37.2
+
+* Tue Aug 16 2022 liusirui <liusirui@huawei.com> - 3.36.0-3
+- fix the CVE-2022-35737.
+
+* Sat Nov 27 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-2
+- fix the CVE-2021-36690.
+
+* Fri Nov 25 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-1
+- update to 3.36.0.
+
+* Fri Sep 26 2021 wbq_sky <wangbingquan@huawei.com> - 3.34.0-4
+- fix the uninitialized value used in pattern match.
+
+* Fri Sep 3 2021 wbq_sky <wangbingquan@huawei.com> - 3.34.0-3
+- fix the null reference in the tigger statement.
+
+* Fri Sep 3 2021 wbq_sky <wangbingquan@huawei.com> - 3.34.0-2
+- fix the infinite loop problem in the trim function while the pattern is well formed.
+
+* Thu Jan 14 2021 yanglongkang <yanglongkang@huawei.com> - 3.34.0-1
+- update package to 3.34.0
+
+* Thu Sep 3 2020 lihaotian<lihaotian9@huawei.com> - 3.32.3-3
+- update source0 url
+
+* Tue Jul 21 2020 jixinjie <jixinjie@huawei.com> - 3.32.3-2
+- update yaml file
+
+* Tue Jul 21 2020 jixinjie <jixinjie@huawei.com> - 3.32.3-1
+- update package to 3.32.3
+
+* Tue Jun 30 2020 volcanodragon <linfeilong@huawei.com> - 3.24.0-12
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:rename patches
+
+* Tue Jun 23 2020 yanglongkang <yanglongkang@huawei.com> - 3.24.0-11
+- Type:cves
+- ID:CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13632
+- SUG:NA
+- DESC:fix CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13632
+
+* Sun Apr 19 2020 ethan848 <mingfangsen@huawei.com>
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:CVE-2020-11655 fixed
+
+* Tue Mar 10 2020 steven <steven_ygui@163.com> - 3.24.0-9
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:CVE-2018-20505, CVE-2020-9327 fixed
+
 * Wed Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-8
 - Type:enhancement
 - ID:NA
@@ -0,0 +1,4 @@
+version_control: fossil
+src_repo: https://www.sqlite.org/src
+tag_prefix: "version-"
+seperator: "."
Author	SHA1	Message	Date
openeuler-ci-bot	627d03fd2b	!118 同步社区补丁 From: @noodlesland Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen	2024-11-11 09:29:06 +00:00
Wang_M	b3b1fcc0b6	sync the patch from 2203 Signed-off-by: Wang_M <815543835@qq.com> Signed-off-by: Wang_M <815543835@qq.com> Signed-off-by: Wang_M <815543835@qq.com>	2024-11-11 09:06:50 +00:00
openeuler-ci-bot	2fa21f5c8c	!116 [sync] PR-115: sync the CVE-2023-7104 from 22.03 From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen	2024-09-06 02:29:15 +00:00
Wang_M	1d602bd3ae	sync the patch from 22.03 (cherry picked from commit `347848fa14`)	2024-09-05 18:10:18 +08:00
openeuler-ci-bot	928f32f54d	!110 Bump to 3.42.0 From: @zhengzhenyu Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen	2024-02-29 06:06:11 +00:00
Zhenyu Zheng	56bc0cbcce	Bump to 3.42.0 Bump to 3.42.0 to fix CVE-2024-0232 Signed-off-by: Zhenyu Zheng <zheng.zhenyu@outlook.com>	2024-02-28 18:11:48 +08:00
openeuler-ci-bot	418511d548	!99 fix issue CVE-2023-7104 From: @Jeremyzz Reviewed-by: @zwtmichael, @dillon_chen Signed-off-by: @dillon_chen	2024-01-04 08:26:39 +00:00
mazhao	a4cd646a0c	fix the CVE-2023-7104 Signed-off-by: mazhao <mazhao12@huawei.com>	2024-01-03 12:02:25 +08:00
openeuler-ci-bot	40cd9b59ce	!92 fix issue CVE-2023-36191 From: @zwtmichael Reviewed-by: @wbq_sky, @slovezt Signed-off-by: @wbq_sky	2023-08-08 03:08:44 +00:00
zwtmichael	d5a9995a67	fix CVE-2023-36191 Signed-off-by: zwtmichael <zhuwentao5@huawei.com>	2023-08-07 15:17:42 +08:00
openeuler-ci-bot	3b8ef70260	!86 remove fail testcase for loongarch From: @zhangwenlong01 Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen	2023-02-02 03:26:14 +00:00
Wenlong Zhang	29347b1527	remove fail testcase for loongarch	2023-01-14 09:38:22 +08:00
openeuler-ci-bot	36052db9a0	!83 Fix CVE-2022-46908 From: @zwtmichael Reviewed-by: @wbq_sky Signed-off-by: @wbq_sky	2022-12-16 05:05:55 +00:00
zwtmichael	d5bf7b294a	Fix safe mode authorizer callback to reject disallowed UDFs Signed-off-by: zwtmichael <zhuwentao5@huawei.com>	2022-12-15 11:43:09 +08:00
openeuler-ci-bot	4255fd05db	!81 [sync] PR-80: fix build problem From: @openeuler-sync-bot Reviewed-by: @wbq_sky Signed-off-by: @wbq_sky	2022-09-15 02:00:39 +00:00
zwtmichael	8222faba44	fix build problem Signed-off-by: zwtmichael <zhuwentao5@huawei.com> (cherry picked from commit `4287815f16`)	2022-09-14 15:44:43 +08:00
openeuler-ci-bot	b6baf940d4	!71 fix integer overflow on gigabyte string From: @zwtmichael Reviewed-by: @wbq_sky Signed-off-by: @wbq_sky	2022-09-05 09:35:02 +00:00
zwtmichael	76b8dd730a	fix integer overflow on multi-gigabyte string Signed-off-by: zwtmichael <zhuwentao5@huawei.com>	2022-09-05 16:55:54 +08:00
zwtmichael	7d7e9e3d73	update to 3.37.2 Signed-off-by: zwtmichael <zhuwentao5@huawei.com>	2022-09-05 15:36:34 +08:00
openeuler-ci-bot	7cae1352c1	!65 update to 3.37.2 From: @zwtmichael Reviewed-by: @wbq_sky Signed-off-by: @wbq_sky	2022-08-31 12:46:15 +00:00
zwtmichael	d8002ef402	update to 3.37.2 Signed-off-by: zwtmichael <zhuwentao5@huawei.com>	2022-08-30 17:08:29 +08:00
openeuler-ci-bot	538587881d	!60 修复 CVE-2022-35737 From: @liusirui91 Reviewed-by: @shikemeng, @dillon_chen Signed-off-by: @dillon_chen	2022-08-16 04:13:35 +00:00
liusirui	419bd31973	fix CVE-2022-35737	2022-08-16 10:08:56 +08:00
openeuler-ci-bot	c135d8d9cf	!54 【轻量级 PR】：fix spec changelog date error From: @jxy_git Reviewed-by: @bzhaoop Signed-off-by: @bzhaoop	2022-06-14 00:52:52 +00:00
jiangxinyu	a5ad049268	fix spec changelog date error	2022-06-08 06:56:04 +00:00
openeuler-ci-bot	ae04b38c7e	!49 Fix the CVE-2021-36690. From: @wbq_sky Reviewed-by: @bzhaoop Signed-off-by: @bzhaoop	2021-11-27 09:13:46 +00:00
wbq_sky	281ace3ce4	fix the CVE-2021-36690 Signed-off-by: wbq_sky <wangbingquan@huawei.com>	2021-11-27 14:08:25 +08:00
openeuler-ci-bot	fa6537c498	!47 Update the sqlite to 3.36 From: @wbq_sky Reviewed-by: @bzhaoop Signed-off-by: @bzhaoop	2021-11-25 07:34:38 +00:00
wbq_sky	70773bbab5	update to 3.36.0 Signed-off-by: wbq_sky <wangbingquan@huawei.com>	2021-11-25 08:45:52 +08:00
openeuler-ci-bot	17f47bf553	!40 Fix the uninitialized value used in pattern compare function. From: @wbq_sky Reviewed-by: @bzhaoop Signed-off-by: @bzhaoop	2021-09-27 12:01:15 +00:00
wbq_sky	c7b6d9b65f	fix the uninitialized value used in pattern match Signed-off-by: wbq_sky <wangbingquan@huawei.com>	2021-09-26 16:28:27 +08:00
openeuler-ci-bot	80491f4558	!39 Fix a problem caused by using an SQL variable in an over clause within a trigger. From: @wbq_sky Reviewed-by: @bzhaoop Signed-off-by: @bzhaoop	2021-09-13 12:28:19 +00:00
wbq_sky	b5acf1da61	fix the null reference in the over clause within trigger Signed-off-by: wbq_sky <wangbingquan@huawei.com>	2021-09-10 14:19:45 +08:00
openeuler-ci-bot	4cbaf5da18	!38 fix the problem of the infinite loop in trim function. From: @wbq_sky Reviewed-by: @bzhaoop Signed-off-by: @bzhaoop	2021-09-10 02:59:56 +00:00
wbq_sky	d81186e427	fix the infinite loop in the trim function while the pattern is well formed. Signed-off-by: wbq_sky <wangbingquan@huawei.com>	2021-09-10 10:54:13 +08:00
openeuler-ci-bot	d0aa7d2f6e	!30 update 3.34.0 From: @markeryang Reviewed-by: @liuzhiqiang26 Signed-off-by: @volcanodragon	2021-02-01 09:54:48 +08:00
markeryang	518b78e0c5	update to 3.34.0	2021-01-28 16:06:55 +08:00
openeuler-ci-bot	e27e46aeb6	!27 update source0 url in spec file Merge pull request !27 from lihaotian/master	2020-09-03 11:57:20 +08:00
lihaotian9	77937f0d9f	Update the source0 url in spec file	2020-09-03 10:21:16 +08:00
openeuler-ci-bot	52f8d4d496	!25 更新yaml文件 Merge pull request !25 from linfeilong835/master	2020-08-11 14:28:42 +08:00
linfeilong835	9e1b3629dc	update sqlite.spec.	2020-08-10 15:37:33 +08:00
linfeilong835	5442a2c86a	update sqlite.yaml.	2020-08-10 15:36:27 +08:00
openeuler-ci-bot	062ced1b4f	!22 update package to 3.32.3 Merge pull request !22 from 季新杰/master	2020-07-22 09:45:03 +08:00
ji_xinjie	c37816cdfa	update package to 3.32.3	2020-07-21 14:52:38 +08:00
openeuler-ci-bot	9fa98ae7c4	!21 add yaml file for ci Merge pull request !21 from liuzhiqiang/master	2020-07-02 17:09:33 +08:00
Zhiqiang Liu	f60035837d	add yaml file for ci	2020-07-02 12:49:42 +08:00
openeuler-ci-bot	c96547d1e4	!20 rename patches Merge pull request !20 from lfl/master	2020-06-30 21:30:45 +08:00
lfl	b3265a3d45	重命名 6061-Fix-CVE-2020-13632.patch 为 0064-Fix-CVE-2020-13632.patch	2020-06-30 11:21:35 +08:00
lfl	71e9ac7753	重命名 6060-Fix-CVE-2020-13630.patch 为 0063-Fix-CVE-2020-13630.patch	2020-06-30 11:21:22 +08:00
lfl	ead4e2dcb8	重命名 6059-Fix-CVE-2020-13435.patch 为 0062-Fix-CVE-2020-13435.patch	2020-06-30 11:21:08 +08:00
lfl	4814a7cc8c	重命名 6058-Fix-CVE-2020-13434.patch 为 0061-Fix-CVE-2020-13434.patch	2020-06-30 11:20:57 +08:00
lfl	c1061356e6	重命名 6057-Fix-CVE-2020-11655.patch 为 0060-Fix-CVE-2020-11655.patch	2020-06-30 11:20:31 +08:00
lfl	6a69bd9a2b	重命名 6056-Fix-CVE-2020-9327.patch 为 0059-Fix-CVE-2020-9327.patch	2020-06-30 11:20:17 +08:00
lfl	fbd7b589dc	重命名 6055-Fix-CVE-2018-20505.patch 为 0058-Fix-CVE-2018-20505.patch	2020-06-30 11:20:05 +08:00
lfl	1510f8e16c	重命名 6054-Fix-the-zipfile-function-in-the-zipfile-extension-so.patch 为 0057-Fix-the-zipfile-function-in-the-zipfile-extension-so.patch	2020-06-30 11:19:48 +08:00
lfl	4028658d2d	重命名 6053-Fix-CVE-2019-20218-Do-not-attempt-to-unwind-the-WITH-stack-in-the-Parse.patch 为 0056-Fix-CVE-2019-20218-Do-not-attempt-to-unwind-the-WITH-stack-in-the-Parse.patch	2020-06-30 11:19:34 +08:00
lfl	6478b567f5	重命名 6052-Fix-CVE-2019-19926-Continuation-of-e2bddcd4c55ba3cb-Add-another-spot-wh.patch 为 0055-Fix-CVE-2019-19926-Continuation-of-e2bddcd4c55ba3cb-Add-another-spot-wh.patch	2020-06-30 11:19:20 +08:00
lfl	4db92c1188	重命名 6051-Fix-CVE-2019-19925-Fix-the-zipfile-extension-so-that-INSERT-works-even-.patch 为 0054-Fix-CVE-2019-19925-Fix-the-zipfile-extension-so-that-INSERT-works-even-.patch	2020-06-30 11:19:07 +08:00
lfl	8b8c74476d	重命名 6050-Fix-CVE-2019-19924-When-an-error-occurs-while-rewriting-the-parser-tree.patch 为 0053-Fix-CVE-2019-19924-When-an-error-occurs-while-rewriting-the-parser-tree.patch	2020-06-30 11:18:51 +08:00
lfl	75b921ed90	重命名 6049-Fix-CVE-2019-19923-Continue-to-back-away-from-the-LEFT-JOIN-optimizatio.patch 为 0052-Fix-CVE-2019-19923-Continue-to-back-away-from-the-LEFT-JOIN-optimizatio.patch	2020-06-30 11:18:38 +08:00
lfl	59d947b664	重命名 6048-Fix-CVE-2019-9937.patch 为 0051-Fix-CVE-2019-9937.patch	2020-06-30 11:18:22 +08:00
lfl	0e1075aa90	重命名 6047-Fix-CVE-2019-9936.patch 为 0050-Fix-CVE-2019-9936.patch	2020-06-30 11:18:05 +08:00
lfl	8a03c1f269	重命名 6046-Fix-CVE-2019-19646.patch 为 0049-Fix-CVE-2019-19646.patch	2020-06-30 11:17:50 +08:00
lfl	cfca7355f4	重命名 6045-sqlite-CVE-2019-16168.patch 为 0048-sqlite-CVE-2019-16168.patch	2020-06-30 11:17:38 +08:00
lfl	a4d5eb0835	重命名 6044-sqlite-CVE-2019-8457-out-of-bounds-read.patch 为 0047-sqlite-CVE-2019-8457-out-of-bounds-read.patch	2020-06-30 11:17:25 +08:00
lfl	6753ad4ed1	重命名 6043-Fix-a-potential-32-bit-integer-overflow-in-the-showd.patch 为 0046-Fix-a-potential-32-bit-integer-overflow-in-the-showd.patch	2020-06-30 11:17:11 +08:00
lfl	b5cab30fb5	重命名 6042-Fix-a-potential-memory-leak-in-RBU-if-the-rbu_fossil.patch 为 0045-Fix-a-potential-memory-leak-in-RBU-if-the-rbu_fossil.patch	2020-06-30 11:17:01 +08:00
lfl	225eb74dcc	重命名 6041-Fix-another-segfault-that-could-occur-in-fts5-with-a.patch 为 0044-Fix-another-segfault-that-could-occur-in-fts5-with-a.patch	2020-06-30 11:16:47 +08:00
lfl	792bda3e5d	重命名 6040-Fix-another-buffer-overrun-that-could-occur-when-que.patch 为 0043-Fix-another-buffer-overrun-that-could-occur-when-que.patch	2020-06-30 11:16:35 +08:00
lfl	08b565203c	重命名 6039-Fix-another-buffer-overread-in-fts5-that-may-occur-w.patch 为 0042-Fix-another-buffer-overread-in-fts5-that-may-occur-w.patch	2020-06-30 11:16:21 +08:00
lfl	2a93fbb21a	重命名 6038-Fix-a-buffer-overrun-triggered-by-a-merge-operation-.patch 为 0041-Fix-a-buffer-overrun-triggered-by-a-merge-operation-.patch	2020-06-30 11:16:08 +08:00
lfl	4006bb682f	重命名 6037-Fix-a-buffer-overread-in-fts3-that-could-occur-when-.patch 为 0040-Fix-a-buffer-overread-in-fts3-that-could-occur-when-.patch	2020-06-30 11:15:57 +08:00
lfl	652f547f01	重命名 6036-Fix-a-segfault-that-could-follow-an-OOM-when-queryin.patch 为 0039-Fix-a-segfault-that-could-follow-an-OOM-when-queryin.patch	2020-06-30 11:15:44 +08:00
lfl	413e0d5513	重命名 6035-Fix-a-potential-problem-with-INSERT-INTO-.-SELECT-FR.patch 为 0038-Fix-a-potential-problem-with-INSERT-INTO-.-SELECT-FR.patch	2020-06-30 11:15:32 +08:00
lfl	0f8d7798cc	重命名 6034-Fix-an-assert-in-vdbemem.c-that-could-fire-if-the-da.patch 为 0037-Fix-an-assert-in-vdbemem.c-that-could-fire-if-the-da.patch	2020-06-30 11:15:20 +08:00
lfl	5103e7ac1b	重命名 6033-Fix-another-fts5-crash-that-can-occur-if-the-databas.patch 为 0036-Fix-another-fts5-crash-that-can-occur-if-the-databas.patch	2020-06-30 11:15:07 +08:00
lfl	63a1641d18	重命名 6032-Fix-a-buffer-overrun-that-could-occur-in-fts5-if-a-p.patch 为 0035-Fix-a-buffer-overrun-that-could-occur-in-fts5-if-a-p.patch	2020-06-30 11:14:56 +08:00
lfl	2ea491f1ad	重命名 6031-Fix-another-segfault-caused-by-a-corrupt-fts3-databa.patch 为 0034-Fix-another-segfault-caused-by-a-corrupt-fts3-databa.patch	2020-06-30 11:14:44 +08:00
lfl	46c4a5f8e1	重命名 6030-Avoid-integer-overflow-when-computing-the-array-of-a.patch 为 0033-Avoid-integer-overflow-when-computing-the-array-of-a.patch	2020-06-30 11:14:31 +08:00
lfl	a60b72dcee	重命名 6029-Fix-another-corruption-related-crash-in-fts5.patch 为 0032-Fix-another-corruption-related-crash-in-fts5.patch	2020-06-30 11:14:21 +08:00
lfl	66e0a9f9ab	重命名 6028-Fix-a-buffer-overwrite-that-could-occur-when-running.patch 为 0031-Fix-a-buffer-overwrite-that-could-occur-when-running.patch	2020-06-30 11:14:07 +08:00
lfl	89bb662185	重命名 6027-Fix-a-memory-leak-that-could-occur-in-fts3-when-hand.patch 为 0030-Fix-a-memory-leak-that-could-occur-in-fts3-when-hand.patch	2020-06-30 11:13:58 +08:00
lfl	7afff9642a	重命名 6026-Handle-SQL-NULL-values-without-crashing-in-the-fts5-.patch 为 0029-Handle-SQL-NULL-values-without-crashing-in-the-fts5-.patch	2020-06-30 11:13:45 +08:00
lfl	0554359353	重命名 6025-Fix-a-harmless-memory-leak-in-the-Lemon-parser-gener.patch 为 0028-Fix-a-harmless-memory-leak-in-the-Lemon-parser-gener.patch	2020-06-30 11:13:34 +08:00
lfl	2b5ada67a2	重命名 6024-Fix-a-problem-causing-a-crash-if-an-fts5vocab-table-.patch 为 0027-Fix-a-problem-causing-a-crash-if-an-fts5vocab-table-.patch	2020-06-30 11:13:21 +08:00
lfl	b35e4e0c54	重命名 6023-Prevent-unsigned-32-bit-integer-overflow-from-leadin.patch 为 0026-Prevent-unsigned-32-bit-integer-overflow-from-leadin.patch	2020-06-30 11:13:11 +08:00
lfl	3eff60e85b	重命名 6022-Fix-a-segfault-in-fts3-prompted-by-a-corrupted-datab.patch 为 0025-Fix-a-segfault-in-fts3-prompted-by-a-corrupted-datab.patch	2020-06-30 11:12:59 +08:00
lfl	473daf27c6	重命名 6021-Fix-an-out-of-bounds-read-in-SQL-function-fts5_decod.patch 为 0024-Fix-an-out-of-bounds-read-in-SQL-function-fts5_decod.patch	2020-06-30 11:12:50 +08:00
lfl	7832687b71	重命名 6020-Fix-a-possible-memory-leak-when-trying-to-UPDATE-a-c.patch 为 0023-Fix-a-possible-memory-leak-when-trying-to-UPDATE-a-c.patch	2020-06-30 11:12:40 +08:00
lfl	9430f7cf88	重命名 6019-Fix-another-potential-buffer-overread-in-fts5.patch 为 0022-Fix-another-potential-buffer-overread-in-fts5.patch	2020-06-30 11:12:26 +08:00
lfl	a819b3de95	重命名 6018-Fix-another-case-in-fts5-where-a-corrupt-database-co.patch 为 0021-Fix-another-case-in-fts5-where-a-corrupt-database-co.patch	2020-06-30 11:12:14 +08:00
lfl	3d5464b54d	重命名 6017-Fix-a-buffer-overwrite-in-fts5-triggered-by-a-corrup.patch 为 0020-Fix-a-buffer-overwrite-in-fts5-triggered-by-a-corrup.patch	2020-06-30 11:12:03 +08:00
lfl	d2a61aa711	重命名 6016-Fix-another-problem-with-corrupt-database-handling-i.patch 为 0019-Fix-another-problem-with-corrupt-database-handling-i.patch	2020-06-30 11:11:48 +08:00
lfl	5b5d5b1659	重命名 6015-Fix-a-segfault-caused-by-using-the-RAISE-function-in.patch 为 0018-Fix-a-segfault-caused-by-using-the-RAISE-function-in.patch	2020-06-30 11:11:38 +08:00
lfl	7ee0070701	重命名 6014-Fix-possible-integer-overflow-while-running-PRAGMA-i.patch 为 0017-Fix-possible-integer-overflow-while-running-PRAGMA-i.patch	2020-06-30 11:11:25 +08:00
lfl	71f22b755f	重命名 6013-Fix-a-parser-bug-in-the-use-of-parentheses-around-ta.patch 为 0016-Fix-a-parser-bug-in-the-use-of-parentheses-around-ta.patch	2020-06-30 11:11:16 +08:00
lfl	1824ba27bc	重命名 6012-Fix-a-failing-assert-in-sqlite3ResetAllSchemasOfConn.patch 为 0015-Fix-a-failing-assert-in-sqlite3ResetAllSchemasOfConn.patch	2020-06-30 11:11:06 +08:00
lfl	711bbde7d6	重命名 6011-Fix-minor-memory-leak-in-the-dbstat-extension-that-c.patch 为 0014-Fix-minor-memory-leak-in-the-dbstat-extension-that-c.patch	2020-06-30 11:10:56 +08:00
lfl	b992f29a9a	重命名 6010-Take-steps-to-avoid-a-potential-integer-overflow-in-.patch 为 0013-Take-steps-to-avoid-a-potential-integer-overflow-in-.patch	2020-06-30 11:10:45 +08:00
lfl	c0f54fe29c	重命名 6009-In-the-CLI-fix-a-file-descriptor-leak-following-OOM-.patch 为 0012-In-the-CLI-fix-a-file-descriptor-leak-following-OOM-.patch	2020-06-30 11:10:36 +08:00
lfl	2164e96e5f	重命名 6008-Fix-a-potential-crash-that-can-occur-while-reading-a.patch 为 0011-Fix-a-potential-crash-that-can-occur-while-reading-a.patch	2020-06-30 11:10:26 +08:00
lfl	3b33a01f77	重命名 6007-Fix-a-problem-causing-ENABLE_CURSOR_HINTS-builds-to-.patch 为 0010-Fix-a-problem-causing-ENABLE_CURSOR_HINTS-builds-to-.patch	2020-06-30 11:10:16 +08:00
lfl	acd3c50c05	重命名 6006-Fix-typo-in-the-Win32-specific-code-for-the-fileio-e.patch 为 0009-Fix-typo-in-the-Win32-specific-code-for-the-fileio-e.patch	2020-06-30 11:10:05 +08:00
lfl	dbff5d10d5	重命名 6005-Quick-patch-to-the-Lemon-parser-template-to-avoid-an.patch 为 0008-Quick-patch-to-the-Lemon-parser-template-to-avoid-an.patch	2020-06-30 11:09:52 +08:00
lfl	0d8d10ac3a	重命名 6004-Fix-a-minor-problem-in-the-code-for-determining-whet.patch 为 0007-Fix-a-minor-problem-in-the-code-for-determining-whet.patch	2020-06-30 11:09:40 +08:00
lfl	08a95f0783	重命名 6003-Fix-typo-in-the-normalize-extension.patch 为 0006-Fix-typo-in-the-normalize-extension.patch	2020-06-30 11:09:31 +08:00
lfl	eb2261ef91	重命名 6002-Fix-a-typo-in-the-amalgamation-autoconf-file.patch 为 0005-Fix-a-typo-in-the-amalgamation-autoconf-file.patch	2020-06-30 11:09:21 +08:00
lfl	12eadfb580	重命名 6001-Change-a-comma-into-a-logically-equivalent-but-seman.patch 为 0004-Change-a-comma-into-a-logically-equivalent-but-seman.patch	2020-06-30 11:09:10 +08:00
lfl	b6d95a9924	重命名 6000-Fix-the-sqlite3BeginTrans-calls-within-the-snapshot-.patch 为 0003-Fix-the-sqlite3BeginTrans-calls-within-the-snapshot-.patch	2020-06-30 11:08:53 +08:00
lfl	fef5deb7a0	update sqlite.spec.	2020-06-30 11:07:44 +08:00
openeuler-ci-bot	014003e808	!19 fix CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13632 Merge pull request !19 from Markeryang/master	2020-06-23 22:37:24 +08:00
xinghe_1	8ea2df76f6	1	2020-06-23 16:33:32 +08:00
openeuler-ci-bot	c960a67ab3	!15 Fix CVE-2020-11655 Merge pull request !15 from ethan848/master	2020-04-19 10:43:45 +08:00
ethan848	70009f31e0	fix CVE-2020-11655	2020-04-19 10:27:49 +08:00
openeuler-ci-bot	b3bfc53d7e	!14 修复cve Merge pull request !14 from steven/master	2020-03-11 16:05:08 +08:00
eulerstorage	5909c3024d	fix cves	2020-03-10 17:39:01 +08:00