[Pkg-chromium-maint] Bug#676636: [PATCH] Fix Chromium's third_party/sqlite deferencing an out-of-scope pointer.
Andrew Chant
achant at google.com
Tue Jun 12 01:12:55 UTC 2012
Patch directly applied from http://codereview.chromium.org/10387026/ Patch Set 2.
Upstream patch author: Evangelos Foutras <evangelos at foutrelis.com>
Remove this patch when upstream is fixed.
The use of g++ 4.7 by Debian seems to make the crashes more frequent
than on upstream's pre-4.6 gcc.
---
debian/patches/series | 2 +-
debian/patches/sqlite.patch | 28 -----
...thirdparty-sqlite-invalid-stack-reference.patch | 119 ++++++++++++++++++++
3 files changed, 120 insertions(+), 29 deletions(-)
delete mode 100644 debian/patches/sqlite.patch
create mode 100644 debian/patches/thirdparty-sqlite-invalid-stack-reference.patch
diff --git a/debian/patches/series b/debian/patches/series
index 311b071..064a03d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,4 +22,4 @@ arm-no-float-abi.patch
vpx.patch
pulseaudio.patch
gcc4.7.patch
-sqlite.patch
+thirdparty-sqlite-invalid-stack-reference.patch
diff --git a/debian/patches/sqlite.patch b/debian/patches/sqlite.patch
deleted file mode 100644
index 95abf36..0000000
--- a/debian/patches/sqlite.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Index: sid/src/third_party/sqlite/src/ext/fts3/fts3_write.c
-===================================================================
---- sid.orig/src/third_party/sqlite/src/ext/fts3/fts3_write.c 2012-05-19 16:54:33.000000000 +0200
-+++ sid/src/third_party/sqlite/src/ext/fts3/fts3_write.c 2012-06-11 16:16:11.607585285 +0200
-@@ -1238,13 +1238,13 @@
- Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
- ){
- Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
-+ Fts3HashElem *pE; /* Iterator variable */
- Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
- int nElem = 0; /* Size of array at aElem */
- int rc = SQLITE_OK; /* Return Code */
-
- if( isPrefix ){
- int nAlloc = 0; /* Size of allocated array at aElem */
-- Fts3HashElem *pE = 0; /* Iterator variable */
-
- for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
- char *zKey = (char *)fts3HashKey(pE);
-@@ -1276,7 +1276,7 @@
- }
-
- }else{
-- Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
-+ pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
- if( pE ){
- aElem = &pE;
- nElem = 1;
diff --git a/debian/patches/thirdparty-sqlite-invalid-stack-reference.patch b/debian/patches/thirdparty-sqlite-invalid-stack-reference.patch
new file mode 100644
index 0000000..ffabfaf
--- /dev/null
+++ b/debian/patches/thirdparty-sqlite-invalid-stack-reference.patch
@@ -0,0 +1,119 @@
+Fix Chromium's third_party/sqlite deferencing an out-of-scope pointer.
+
+Patch applied from http://codereview.chromium.org/10387026/ Patch Set 2.
+Index: chromium-browser-20.0.1132.21~r139451/src/AUTHORS
+===================================================================
+--- chromium-browser-20.0.1132.21~r139451.orig/src/AUTHORS 2012-06-10 20:55:50.534940299 -0700
++++ chromium-browser-20.0.1132.21~r139451/src/AUTHORS 2012-06-10 20:55:54.721607126 -0700
+@@ -177,3 +177,4 @@
+ Alexandre Abreu <wiss1976 at gmail.com>
+ Erik Sjölund <erik.sjolund at gmail.com>
+ Simon Arlott <simon.arlott at gmail.com>
++Evangelos Foutras <evangelos at foutrelis.com>
+Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/README.chromium
+===================================================================
+--- chromium-browser-20.0.1132.21~r139451.orig/src/third_party/sqlite/README.chromium 2012-06-10 20:55:50.534940299 -0700
++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/README.chromium 2012-06-10 20:55:54.721607126 -0700
+@@ -70,6 +70,7 @@
+ test.patch
+ mac_time_machine.patch
+ system-sqlite.patch
++sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch
+
+ So, e.g. you could do this to apply all our patches to vanilla SQLite:
+
+@@ -84,6 +85,7 @@
+ patch -p0 < ../sqlite/test.patch
+ patch -p0 < ../sqlite/mac_time_machine.patch
+ patch -p0 < ../sqlite/system-sqlite.patch
++patch -p0 < ../sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch
+
+ This will only be the case if all changes we make also update the corresponding
+ patch files. Therefore please remember to do that whenever you make a change!
+Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/amalgamation/sqlite3.c
+===================================================================
+--- chromium-browser-20.0.1132.21~r139451.orig/src/third_party/sqlite/amalgamation/sqlite3.c 2012-06-10 20:55:50.534940299 -0700
++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/amalgamation/sqlite3.c 2012-06-10 20:55:54.734940460 -0700
+@@ -119149,13 +119149,13 @@
+ Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
+ ){
+ Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
++ Fts3HashElem *pE; /* Iterator variable */
+ Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
+ int nElem = 0; /* Size of array at aElem */
+ int rc = SQLITE_OK; /* Return Code */
+
+ if( isPrefix ){
+ int nAlloc = 0; /* Size of allocated array at aElem */
+- Fts3HashElem *pE = 0; /* Iterator variable */
+
+ for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
+ char *zKey = (char *)fts3HashKey(pE);
+@@ -119187,7 +119187,7 @@
+ }
+
+ }else{
+- Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
++ pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
+ if( pE ){
+ aElem = &pE;
+ nElem = 1;
+Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/src/ext/fts3/fts3_write.c
+===================================================================
+--- chromium-browser-20.0.1132.21~r139451.orig/src/third_party/sqlite/src/ext/fts3/fts3_write.c 2012-06-10 20:55:50.534940299 -0700
++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/src/ext/fts3/fts3_write.c 2012-06-10 20:55:54.734940460 -0700
+@@ -1238,13 +1238,13 @@
+ Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
+ ){
+ Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
++ Fts3HashElem *pE; /* Iterator variable */
+ Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
+ int nElem = 0; /* Size of array at aElem */
+ int rc = SQLITE_OK; /* Return Code */
+
+ if( isPrefix ){
+ int nAlloc = 0; /* Size of allocated array at aElem */
+- Fts3HashElem *pE = 0; /* Iterator variable */
+
+ for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
+ char *zKey = (char *)fts3HashKey(pE);
+@@ -1276,7 +1276,7 @@
+ }
+
+ }else{
+- Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
++ pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
+ if( pE ){
+ aElem = &pE;
+ nElem = 1;
+Index: chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ chromium-browser-20.0.1132.21~r139451/src/third_party/sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch 2012-06-10 20:53:44.224936831 -0700
+@@ -0,0 +1,26 @@
++--- ext/fts3/fts3_write.c.orig 2012-05-08 21:05:03.000000000 +0300
+++++ ext/fts3/fts3_write.c 2012-05-08 21:07:08.000000000 +0300
++@@ -1238,13 +1238,13 @@ int sqlite3Fts3SegReaderPending(
++ Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
++ ){
++ Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
+++ Fts3HashElem *pE; /* Iterator variable */
++ Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
++ int nElem = 0; /* Size of array at aElem */
++ int rc = SQLITE_OK; /* Return Code */
++
++ if( isPrefix ){
++ int nAlloc = 0; /* Size of allocated array at aElem */
++- Fts3HashElem *pE = 0; /* Iterator variable */
++
++ for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
++ char *zKey = (char *)fts3HashKey(pE);
++@@ -1276,7 +1276,7 @@ int sqlite3Fts3SegReaderPending(
++ }
++
++ }else{
++- Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
+++ pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
++ if( pE ){
++ aElem = &pE;
++ nElem = 1;
--
1.7.10
More information about the Pkg-chromium-maint
mailing list