[Pkg-chromium-maint] Bug#676636: [PATCH] Fix Chromium's third_party/sqlite deferencing an out-of-scope pointer.
Andrew Chant
achant at google.com
Tue Jun 12 00:14:33 UTC 2012
The other patch failed and this one works because the other patch
fixes sources that are used to generate the sqlite.c file which is
elsewhere in the source tree. The debian source build process doesn't
regenerate src/third_party/sqlite/amalgamation/sqlite3.c/h so the
patch had no effect.
This patch also adds more attribution. I tested this patch over the
last day and no more annoying crashes, at least not on amd64.
Please apply a revert of the original and use this one.
-Andrew
On Mon, Jun 11, 2012 at 5:09 PM, Andrew Chant <achant at google.com> wrote:
> Patch directly applied from http://codereview.chromium.org/10387026/ Patch Set 2.
> Upstream patch author: Evangelos Foutras <evangelos at foutrelis.com>
>
> Remove this patch when upstream is fixed.
>
> The use of g++ 4.7 by Debian seems to make the crashes more frequent
> than on upstream's pre-4.6 gcc.
> ---
> debian/patches/series | 1 +
> ...thirdparty-sqlite-invalid-stack-reference.patch | 119 ++++++++++++++++++++
> 2 files changed, 120 insertions(+)
> create mode 100644 debian/patches/thirdparty-sqlite-invalid-stack-reference.patch
>
> diff --git a/debian/patches/series b/debian/patches/series
> index 2d4bcc8..064a03d 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -22,3 +22,4 @@ arm-no-float-abi.patch
> vpx.patch
> pulseaudio.patch
> gcc4.7.patch
> +thirdparty-sqlite-invalid-stack-reference.patch
> diff --git a/debian/patches/thirdparty-sqlite-invalid-stack-reference.patch b/debian/patches/thirdparty-sqlite-invalid-stack-reference.patch
> new file mode 100644
> index 0000000..ffabfaf
> --- /dev/null
> +++ b/debian/patches/thirdparty-sqlite-invalid-stack-reference.patch
> @@ -0,0 +1,119 @@
> +Fix Chromium's third_party/sqlite deferencing an out-of-scope pointer.
> +
> +Patch applied from http://codereview.chromium.org/10387026/ Patch Set 2.
> +Index: chromium-browser-20.0.1132.21~r139451/src/AUTHORS
> +===================================================================
> +--- chromium-browser-20.0.1132.21~r139451.orig/src/AUTHORS 2012-06-10 20:55:50.534940299 -0700
> ++++ chromium-browser-20.0.1132.21~r139451/src/AUTHORS 2012-06-10 20:55:54.721607126 -0700
> +@@ -177,3 +177,4 @@
> + Alexandre Abreu <wiss1976 at gmail.com>
> + Erik Sjölund <erik.sjolund at gmail.com>
> + Simon Arlott <simon.arlott at gmail.com>
> ++Evangelos Foutras <evangelos at foutrelis.com>
> +Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/README.chromium
> +===================================================================
> +--- chromium-browser-20.0.1132.21~r139451.orig/src/third_party/sqlite/README.chromium 2012-06-10 20:55:50.534940299 -0700
> ++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/README.chromium 2012-06-10 20:55:54.721607126 -0700
> +@@ -70,6 +70,7 @@
> + test.patch
> + mac_time_machine.patch
> + system-sqlite.patch
> ++sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch
> +
> + So, e.g. you could do this to apply all our patches to vanilla SQLite:
> +
> +@@ -84,6 +85,7 @@
> + patch -p0 < ../sqlite/test.patch
> + patch -p0 < ../sqlite/mac_time_machine.patch
> + patch -p0 < ../sqlite/system-sqlite.patch
> ++patch -p0 < ../sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch
> +
> + This will only be the case if all changes we make also update the corresponding
> + patch files. Therefore please remember to do that whenever you make a change!
> +Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/amalgamation/sqlite3.c
> +===================================================================
> +--- chromium-browser-20.0.1132.21~r139451.orig/src/third_party/sqlite/amalgamation/sqlite3.c 2012-06-10 20:55:50.534940299 -0700
> ++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/amalgamation/sqlite3.c 2012-06-10 20:55:54.734940460 -0700
> +@@ -119149,13 +119149,13 @@
> + Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
> + ){
> + Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
> ++ Fts3HashElem *pE; /* Iterator variable */
> + Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
> + int nElem = 0; /* Size of array at aElem */
> + int rc = SQLITE_OK; /* Return Code */
> +
> + if( isPrefix ){
> + int nAlloc = 0; /* Size of allocated array at aElem */
> +- Fts3HashElem *pE = 0; /* Iterator variable */
> +
> + for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
> + char *zKey = (char *)fts3HashKey(pE);
> +@@ -119187,7 +119187,7 @@
> + }
> +
> + }else{
> +- Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
> ++ pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
> + if( pE ){
> + aElem = &pE;
> + nElem = 1;
> +Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/src/ext/fts3/fts3_write.c
> +===================================================================
> +--- chromium-browser-20.0.1132.21~r139451.orig/src/third_party/sqlite/src/ext/fts3/fts3_write.c 2012-06-10 20:55:50.534940299 -0700
> ++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/src/ext/fts3/fts3_write.c 2012-06-10 20:55:54.734940460 -0700
> +@@ -1238,13 +1238,13 @@
> + Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
> + ){
> + Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
> ++ Fts3HashElem *pE; /* Iterator variable */
> + Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
> + int nElem = 0; /* Size of array at aElem */
> + int rc = SQLITE_OK; /* Return Code */
> +
> + if( isPrefix ){
> + int nAlloc = 0; /* Size of allocated array at aElem */
> +- Fts3HashElem *pE = 0; /* Iterator variable */
> +
> + for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
> + char *zKey = (char *)fts3HashKey(pE);
> +@@ -1276,7 +1276,7 @@
> + }
> +
> + }else{
> +- Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
> ++ pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
> + if( pE ){
> + aElem = &pE;
> + nElem = 1;
> +Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch
> +===================================================================
> +--- /dev/null 1970-01-01 00:00:00.000000000 +0000
> ++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch 2012-06-10 20:53:44.224936831 -0700
> +@@ -0,0 +1,26 @@
> ++--- ext/fts3/fts3_write.c.orig 2012-05-08 21:05:03.000000000 +0300
> +++++ ext/fts3/fts3_write.c 2012-05-08 21:07:08.000000000 +0300
> ++@@ -1238,13 +1238,13 @@ int sqlite3Fts3SegReaderPending(
> ++ Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
> ++ ){
> ++ Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
> +++ Fts3HashElem *pE; /* Iterator variable */
> ++ Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
> ++ int nElem = 0; /* Size of array at aElem */
> ++ int rc = SQLITE_OK; /* Return Code */
> ++
> ++ if( isPrefix ){
> ++ int nAlloc = 0; /* Size of allocated array at aElem */
> ++- Fts3HashElem *pE = 0; /* Iterator variable */
> ++
> ++ for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
> ++ char *zKey = (char *)fts3HashKey(pE);
> ++@@ -1276,7 +1276,7 @@ int sqlite3Fts3SegReaderPending(
> ++ }
> ++
> ++ }else{
> ++- Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
> +++ pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
> ++ if( pE ){
> ++ aElem = &pE;
> ++ nElem = 1;
> --
> 1.7.10
>
More information about the Pkg-chromium-maint
mailing list