[Pkg-chromium-maint] [PATCH] Fix Chromium's third_party/sqlite deferencing an out-of-scope pointer.

Tue Jun 12 00:09:55 UTC 2012

Patch directly applied from http://codereview.chromium.org/10387026/ Patch Set 2.
Upstream patch author: Evangelos Foutras <evangelos at foutrelis.com>

Remove this patch when upstream is fixed.

The use of g++ 4.7 by Debian seems to make the crashes more frequent
than on upstream's pre-4.6 gcc.
---
 debian/patches/series                              |    1 +
 ...thirdparty-sqlite-invalid-stack-reference.patch |  119 ++++++++++++++++++++
 2 files changed, 120 insertions(+)
 create mode 100644 debian/patches/thirdparty-sqlite-invalid-stack-reference.patch

diff --git a/debian/patches/series b/debian/patches/series
index 2d4bcc8..064a03d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,3 +22,4 @@ arm-no-float-abi.patch
 vpx.patch
 pulseaudio.patch
 gcc4.7.patch
+thirdparty-sqlite-invalid-stack-reference.patch
diff --git a/debian/patches/thirdparty-sqlite-invalid-stack-reference.patch b/debian/patches/thirdparty-sqlite-invalid-stack-reference.patch
new file mode 100644
index 0000000..ffabfaf
--- /dev/null
+++ b/debian/patches/thirdparty-sqlite-invalid-stack-reference.patch
@@ -0,0 +1,119 @@
+Fix Chromium's third_party/sqlite deferencing an out-of-scope pointer.
+
+Patch applied from http://codereview.chromium.org/10387026/ Patch Set 2.
+Index: chromium-browser-20.0.1132.21~r139451/src/AUTHORS
+===================================================================
+--- chromium-browser-20.0.1132.21~r139451.orig/src/AUTHORS	2012-06-10 20:55:50.534940299 -0700
++++ chromium-browser-20.0.1132.21~r139451/src/AUTHORS	2012-06-10 20:55:54.721607126 -0700
+@@ -177,3 +177,4 @@
+ Alexandre Abreu <wiss1976 at gmail.com>
+ Erik Sjölund <erik.sjolund at gmail.com>
+ Simon Arlott <simon.arlott at gmail.com>
++Evangelos Foutras <evangelos at foutrelis.com>
+Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/README.chromium
+===================================================================
+--- chromium-browser-20.0.1132.21~r139451.orig/src/third_party/sqlite/README.chromium	2012-06-10 20:55:50.534940299 -0700
++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/README.chromium	2012-06-10 20:55:54.721607126 -0700
+@@ -70,6 +70,7 @@
+ test.patch
+ mac_time_machine.patch
+ system-sqlite.patch
++sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch
+ 
+ So, e.g. you could do this to apply all our patches to vanilla SQLite:
+ 
+@@ -84,6 +85,7 @@
+ patch -p0 < ../sqlite/test.patch
+ patch -p0 < ../sqlite/mac_time_machine.patch
+ patch -p0 < ../sqlite/system-sqlite.patch
++patch -p0 < ../sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch
+ 
+ This will only be the case if all changes we make also update the corresponding
+ patch files. Therefore please remember to do that whenever you make a change!
+Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/amalgamation/sqlite3.c
+===================================================================
+--- chromium-browser-20.0.1132.21~r139451.orig/src/third_party/sqlite/amalgamation/sqlite3.c	2012-06-10 20:55:50.534940299 -0700
++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/amalgamation/sqlite3.c	2012-06-10 20:55:54.734940460 -0700
+@@ -119149,13 +119149,13 @@
+   Fts3SegReader **ppReader        /* OUT: SegReader for pending-terms */
+ ){
+   Fts3SegReader *pReader = 0;     /* Fts3SegReader object to return */
++  Fts3HashElem *pE;               /* Iterator variable */
+   Fts3HashElem **aElem = 0;       /* Array of term hash entries to scan */
+   int nElem = 0;                  /* Size of array at aElem */
+   int rc = SQLITE_OK;             /* Return Code */
+ 
+   if( isPrefix ){
+     int nAlloc = 0;               /* Size of allocated array at aElem */
+-    Fts3HashElem *pE = 0;         /* Iterator variable */
+ 
+     for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
+       char *zKey = (char *)fts3HashKey(pE);
+@@ -119187,7 +119187,7 @@
+     }
+ 
+   }else{
+-    Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
++    pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
+     if( pE ){
+       aElem = &pE;
+       nElem = 1;
+Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/src/ext/fts3/fts3_write.c
+===================================================================
+--- chromium-browser-20.0.1132.21~r139451.orig/src/third_party/sqlite/src/ext/fts3/fts3_write.c	2012-06-10 20:55:50.534940299 -0700
++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/src/ext/fts3/fts3_write.c	2012-06-10 20:55:54.734940460 -0700
+@@ -1238,13 +1238,13 @@
+   Fts3SegReader **ppReader        /* OUT: SegReader for pending-terms */
+ ){
+   Fts3SegReader *pReader = 0;     /* Fts3SegReader object to return */
++  Fts3HashElem *pE;               /* Iterator variable */
+   Fts3HashElem **aElem = 0;       /* Array of term hash entries to scan */
+   int nElem = 0;                  /* Size of array at aElem */
+   int rc = SQLITE_OK;             /* Return Code */
+ 
+   if( isPrefix ){
+     int nAlloc = 0;               /* Size of allocated array at aElem */
+-    Fts3HashElem *pE = 0;         /* Iterator variable */
+ 
+     for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
+       char *zKey = (char *)fts3HashKey(pE);
+@@ -1276,7 +1276,7 @@
+     }
+ 
+   }else{
+-    Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
++    pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
+     if( pE ){
+       aElem = &pE;
+       nElem = 1;
+Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch	2012-06-10 20:53:44.224936831 -0700
+@@ -0,0 +1,26 @@
++--- ext/fts3/fts3_write.c.orig	2012-05-08 21:05:03.000000000 +0300
+++++ ext/fts3/fts3_write.c	2012-05-08 21:07:08.000000000 +0300
++@@ -1238,13 +1238,13 @@ int sqlite3Fts3SegReaderPending(
++   Fts3SegReader **ppReader        /* OUT: SegReader for pending-terms */
++ ){
++   Fts3SegReader *pReader = 0;     /* Fts3SegReader object to return */
+++  Fts3HashElem *pE;               /* Iterator variable */
++   Fts3HashElem **aElem = 0;       /* Array of term hash entries to scan */
++   int nElem = 0;                  /* Size of array at aElem */
++   int rc = SQLITE_OK;             /* Return Code */
++ 
++   if( isPrefix ){
++     int nAlloc = 0;               /* Size of allocated array at aElem */
++-    Fts3HashElem *pE = 0;         /* Iterator variable */
++ 
++     for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
++       char *zKey = (char *)fts3HashKey(pE);
++@@ -1276,7 +1276,7 @@ int sqlite3Fts3SegReaderPending(
++     }
++ 
++   }else{
++-    Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
+++    pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
++     if( pE ){
++       aElem = &pE;
++       nElem = 1;
-- 
1.7.10


