From becd68ba0dac41904aa817d96a67fb4685734b41 Mon Sep 17 00:00:00 2001 From: dan Date: Sat, 16 May 2020 17:26:58 +0000 Subject: [PATCH] Fix a use-after-free bug in the fts3 snippet() function. FossilOrigin-Name: 0d69f76f0865f9626078bee087a22fb826407279e78cf9d5382e1c985c9f64a9 Upstream-Status: Backport CVE: CVE-2020-13630 Reference to upstream patch: https://github.com/sqlite/sqlite/commit/becd68ba0dac41904aa817d96a67fb4685734b41 Patch converted to amalgamation format Signed-off-by: Steve Sakoman --- sqlite3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sqlite3.c b/sqlite3.c index 02892f8..e72fabb 100644 --- a/sqlite3.c +++ b/sqlite3.c @@ -170257,6 +170257,7 @@ static void fts3EvalNextRow( fts3EvalNextRow(pCsr, pLeft, pRc); } } + pRight->bEof = pLeft->bEof = 1; } } break;