From f7790961bef5d259b71a75c216290575808dd62a Mon Sep 17 00:00:00 2001
From: Packit Service <user-cont-team+packit-service@redhat.com>
Date: Jan 05 2021 22:28:47 +0000
Subject: Apply patch sqlite-3.26.0-CVE-2019-19925.patch


patch_name: sqlite-3.26.0-CVE-2019-19925.patch
present_in_specfile: true

---

diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index e57dc38..6f48d0f 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1618,6 +1618,7 @@ static int zipfileUpdate(
 
     if( rc==SQLITE_OK ){
       zPath = (const char*)sqlite3_value_text(apVal[2]);
+      if( zPath==0 ) zPath = "";
       nPath = (int)strlen(zPath);
       mTime = zipfileGetTime(apVal[4]);
     }
diff --git a/test/zipfile.test b/test/zipfile.test
index 2bab066..5bca10b 100644
--- a/test/zipfile.test
+++ b/test/zipfile.test
@@ -795,4 +795,17 @@ if {$tcl_platform(platform)!="windows"} {
   } {. ./x1.txt ./x2.txt}
 }
 
+# 2019-12-18 Yongheng and Rui fuzzer
+#
+do_execsql_test 13.10 {
+  DROP TABLE IF EXISTS t0;
+  DROP TABLE IF EXISTS t1;
+  CREATE TABLE t0(a,b,c,d,e,f,g);
+  REPLACE INTO t0(c,b,f) VALUES(10,10,10);
+  CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
+  REPLACE INTO t1 SELECT * FROM t0;
+  SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
+         quote(data),quote(method) FROM t1;
+} {'' 10 10 2 X'3130' X'3130' 0}
+
 finish_test