sqlite3: patch CVE-2025-7458

Pick patch [1] listed in [2]. Also pick another patch which is precondition to this one introducing variable needed for the check. [1] https://sqlite.org/src/info/12ad822d9b827777 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-7458 (From OE-Core rev: 4d5093e5103016c08b3a32fd83b1ec9edd87cd5a) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-08-03 10:52:07 +0200
committer: Steve Sakoman <steve@sakoman.com> 2025-08-08 06:30:56 -0700
commit: bedacbb603d377c4b615fb86e3bcee2dac6ca117 (patch)
tree: fb3e71470189d36b791e3c18bb0e83a3885f363c
parent: 9e416e05f6af7a97d0a589dbc687f743180e2bb0 (diff)
download: poky-bedacbb603d377c4b615fb86e3bcee2dac6ca117.tar.gz
3 files changed, 125 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
new file mode 100644
index 0000000000..8fb037bb0f
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
@@ -0,0 +1,91 @@
+From f55a7dad195994f2bb24db7df0a0515502386fe2 Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Sat, 22 Oct 2022 14:16:02 +0000
+Subject: [PATCH] This branch attempts to improve the detection of covering
+ indexes.  This first check-in merely improves a parameter name to
+ sqlite3WhereBegin() to be more descriptive of what it contains, and ensures
+ that a subroutine is not inlines so that sqlite3WhereBegin() runs slightly
+ faster.
+FossilOrigin-Name: cadf5f6bb1ce0492ef858ada476288e8057afd3609caa18b09c818d3845d7244
+Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/f55a7dad195994f2bb24db7df0a0515502386fe2]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ sqlite3.c | 28 +++++++++++++---------------
+ 1 file changed, 13 insertions(+), 15 deletions(-)
+diff --git a/sqlite3.c b/sqlite3.c
+index 4cbc2d0..b7ed991 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -147371,9 +147371,7 @@ struct WhereInfo {
+   ExprList *pOrderBy;       /* The ORDER BY clause or NULL */
+   ExprList *pResultSet;     /* Result set of the query */
+   Expr *pWhere;             /* The complete WHERE clause */
+-#ifndef SQLITE_OMIT_VIRTUALTABLE
+-  Select *pLimit;           /* Used to access LIMIT expr/registers for vtabs */
+-#endif
+  Select *pSelect;          /* The entire SELECT statement containing WHERE */
+   int aiCurOnePass[2];      /* OP_OpenWrite cursors for the ONEPASS opt */
+   int iContinue;            /* Jump here to continue with next record */
+   int iBreak;               /* Jump here to break out of the loop */
+@@ -149070,9 +149068,9 @@ SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
+          && pLoop->u.vtab.bOmitOffset
+         ){
+           assert( pTerm->eOperator==WO_AUX );
+-          assert( pWInfo->pLimit!=0 );
+-          assert( pWInfo->pLimit->iOffset>0 );
+-          sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pLimit->iOffset);
+          assert( pWInfo->pSelect!=0 );
+          assert( pWInfo->pSelect->iOffset>0 );
+          sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pSelect->iOffset);
+           VdbeComment((v,"Zero OFFSET counter"));
+         }
+       }
+@@ -151830,10 +151828,10 @@ static void whereAddLimitExpr(
+ ** exist only so that they may be passed to the xBestIndex method of the
+ ** single virtual table in the FROM clause of the SELECT.
+ */
+-SQLITE_PRIVATE void sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
+-  assert( p==0 || (p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0) );
+-  if( (p && p->pLimit)                                          /* 1 */
+-   && (p->selFlags & (SF_Distinct|SF_Aggregate))==0             /* 2 */
+SQLITE_PRIVATE void SQLITE_NOINLINE sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
+  assert( p!=0 && p->pLimit!=0 );                 /* 1 -- checked by caller */
+  assert( p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0 );
+  if( (p->selFlags & (SF_Distinct|SF_Aggregate))==0             /* 2 */
+    && (p->pSrc->nSrc==1 && IsVirtual(p->pSrc->a[0].pTab))       /* 3 */
+   ){
+     ExprList *pOrderBy = p->pOrderBy;
+@@ -157427,7 +157425,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
+   Expr *pWhere,           /* The WHERE clause */
+   ExprList *pOrderBy,     /* An ORDER BY (or GROUP BY) clause, or NULL */
+   ExprList *pResultSet,   /* Query result set.  Req'd for DISTINCT */
+-  Select *pLimit,         /* Use this LIMIT/OFFSET clause, if any */
+  Select *pSelect,        /* The entire SELECT statement */
+   u16 wctrlFlags,         /* The WHERE_* flags defined in sqliteInt.h */
+   int iAuxArg             /* If WHERE_OR_SUBCLAUSE is set, index cursor number
+                           ** If WHERE_USE_LIMIT, then the limit amount */
+@@ -157504,9 +157502,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
+   pWInfo->wctrlFlags = wctrlFlags;
+   pWInfo->iLimit = iAuxArg;
+   pWInfo->savedNQueryLoop = pParse->nQueryLoop;
+-#ifndef SQLITE_OMIT_VIRTUALTABLE
+-  pWInfo->pLimit = pLimit;
+-#endif
+  pWInfo->pSelect = pSelect;
+   memset(&pWInfo->nOBSat, 0,
+          offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
+   memset(&pWInfo->a[0], 0, sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
+@@ -157575,7 +157571,9 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
+ 
+   /* Analyze all of the subexpressions. */
+   sqlite3WhereExprAnalyze(pTabList, &pWInfo->sWC);
+-  sqlite3WhereAddLimit(&pWInfo->sWC, pLimit);
+  if( pSelect && pSelect->pLimit ){
+    sqlite3WhereAddLimit(&pWInfo->sWC, pSelect);
+  }
+   if( db->mallocFailed ) goto whereBeginError;
+ 
+   /* Special case: WHERE terms that do not refer to any tables in the join
diff --git a/meta/recipes-support/sqlite/files/CVE-2025-7458.patch b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
new file mode 100644
index 0000000000..6b041d9332
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
@@ -0,0 +1,32 @@
+From b816ca9994e03a8bc829b49452b8158a731e81a9 Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Thu, 16 Mar 2023 20:54:29 +0000
+Subject: [PATCH] Correctly handle SELECT DISTINCT ... ORDER BY when all of the
+ result set terms are constant and there are more result set terms than ORDER
+ BY terms. Fix for these tickets: [c36cdb4afd504dc1], [4051a7f931d9ba24],
+ [d6fd512f50513ab7].
+FossilOrigin-Name: 12ad822d9b827777526ca5ed5bf3e678d600294fc9b5c25482dfff2a021328a4
+CVE: CVE-2025-7458
+Upstream-Status: Backport [github.com/sqlite/sqlite/commit/b816ca9994e03a8bc829b49452b8158a731e81a9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ sqlite3.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/sqlite3.c b/sqlite3.c
+index 19d0438..6d92184 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -156989,6 +156989,10 @@ static int wherePathSolver(WhereInfo *pWInfo, LogEst nRowEst){
+       if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
+         pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
+       }
+      if( pWInfo->pSelect->pOrderBy
+       && pWInfo->nOBSat > pWInfo->pSelect->pOrderBy->nExpr ){
+        pWInfo->nOBSat = pWInfo->pSelect->pOrderBy->nExpr;
+      }
+     }else{
+       pWInfo->nOBSat = pFrom->isOrdered;
+       pWInfo->revMask = pFrom->revLoop;
diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
index 656e2d8bd8..86d9b4b33b 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -10,6 +10,8 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
           file://CVE-2023-7104.patch \
           file://CVE-2025-29088.patch \
           file://CVE-2025-6965.patch \
+           file://0001-This-branch-attempts-to-improve-the-detection-of-cov.patch \
+           file://CVE-2025-7458.patch \
           "
 SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
author	Peter Marko <peter.marko@siemens.com>	2025-08-03 10:52:07 +0200
committer	Steve Sakoman <steve@sakoman.com>	2025-08-08 06:30:56 -0700
commit	bedacbb603d377c4b615fb86e3bcee2dac6ca117 (patch)
tree	fb3e71470189d36b791e3c18bb0e83a3885f363c
parent	9e416e05f6af7a97d0a589dbc687f743180e2bb0 (diff)
download	poky-bedacbb603d377c4b615fb86e3bcee2dac6ca117.tar.gz

diff --git a/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch new file mode 100644 index 0000000000..8fb037bb0f --- /dev/null +++ b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
@@ -0,0 +1,91 @@
		1	From f55a7dad195994f2bb24db7df0a0515502386fe2 Mon Sep 17 00:00:00 2001
		2	From: drh <>
		3	Date: Sat, 22 Oct 2022 14:16:02 +0000
		4	Subject: [PATCH] This branch attempts to improve the detection of covering
		5	indexes. This first check-in merely improves a parameter name to
		6	sqlite3WhereBegin() to be more descriptive of what it contains, and ensures
		7	that a subroutine is not inlines so that sqlite3WhereBegin() runs slightly
		8	faster.
		9
		10	FossilOrigin-Name: cadf5f6bb1ce0492ef858ada476288e8057afd3609caa18b09c818d3845d7244
		11
		12	Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/f55a7dad195994f2bb24db7df0a0515502386fe2]
		13	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		14	---
		15	sqlite3.c \| 28 +++++++++++++---------------
		16	1 file changed, 13 insertions(+), 15 deletions(-)
		17
		18	diff --git a/sqlite3.c b/sqlite3.c
		19	index 4cbc2d0..b7ed991 100644
		20	--- a/sqlite3.c
		21	+++ b/sqlite3.c
		22	@@ -147371,9 +147371,7 @@ struct WhereInfo {
		23	ExprList pOrderBy; / The ORDER BY clause or NULL */
		24	ExprList pResultSet; / Result set of the query */
		25	Expr pWhere; / The complete WHERE clause */
		26	-#ifndef SQLITE_OMIT_VIRTUALTABLE
		27	- Select pLimit; / Used to access LIMIT expr/registers for vtabs */
		28	-#endif
		29	+ Select pSelect; / The entire SELECT statement containing WHERE */
		30	int aiCurOnePass[2]; /* OP_OpenWrite cursors for the ONEPASS opt */
		31	int iContinue; /* Jump here to continue with next record */
		32	int iBreak; /* Jump here to break out of the loop */
		33	@@ -149070,9 +149068,9 @@ SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
		34	&& pLoop->u.vtab.bOmitOffset
		35	){
		36	assert( pTerm->eOperator==WO_AUX );
		37	- assert( pWInfo->pLimit!=0 );
		38	- assert( pWInfo->pLimit->iOffset>0 );
		39	- sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pLimit->iOffset);
		40	+ assert( pWInfo->pSelect!=0 );
		41	+ assert( pWInfo->pSelect->iOffset>0 );
		42	+ sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pSelect->iOffset);
		43	VdbeComment((v,"Zero OFFSET counter"));
		44	}
		45	}
		46	@@ -151830,10 +151828,10 @@ static void whereAddLimitExpr(
		47	** exist only so that they may be passed to the xBestIndex method of the
		48	** single virtual table in the FROM clause of the SELECT.
		49	*/
		50	-SQLITE_PRIVATE void sqlite3WhereAddLimit(WhereClause pWC, Select p){
		51	- assert( p==0 \|\| (p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0) );
		52	- if( (p && p->pLimit) /* 1 */
		53	- && (p->selFlags & (SF_Distinct\|SF_Aggregate))==0 /* 2 */
		54	+SQLITE_PRIVATE void SQLITE_NOINLINE sqlite3WhereAddLimit(WhereClause pWC, Select p){
		55	+ assert( p!=0 && p->pLimit!=0 ); /* 1 -- checked by caller */
		56	+ assert( p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0 );
		57	+ if( (p->selFlags & (SF_Distinct\|SF_Aggregate))==0 /* 2 */
		58	&& (p->pSrc->nSrc==1 && IsVirtual(p->pSrc->a[0].pTab)) /* 3 */
		59	){
		60	ExprList *pOrderBy = p->pOrderBy;
		61	@@ -157427,7 +157425,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
		62	Expr pWhere, / The WHERE clause */
		63	ExprList pOrderBy, / An ORDER BY (or GROUP BY) clause, or NULL */
		64	ExprList pResultSet, / Query result set. Req'd for DISTINCT */
		65	- Select pLimit, / Use this LIMIT/OFFSET clause, if any */
		66	+ Select pSelect, / The entire SELECT statement */
		67	u16 wctrlFlags, /* The WHERE_* flags defined in sqliteInt.h */
		68	int iAuxArg /* If WHERE_OR_SUBCLAUSE is set, index cursor number
		69	** If WHERE_USE_LIMIT, then the limit amount */
		70	@@ -157504,9 +157502,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
		71	pWInfo->wctrlFlags = wctrlFlags;
		72	pWInfo->iLimit = iAuxArg;
		73	pWInfo->savedNQueryLoop = pParse->nQueryLoop;
		74	-#ifndef SQLITE_OMIT_VIRTUALTABLE
		75	- pWInfo->pLimit = pLimit;
		76	-#endif
		77	+ pWInfo->pSelect = pSelect;
		78	memset(&pWInfo->nOBSat, 0,
		79	offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
		80	memset(&pWInfo->a[0], 0, sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
		81	@@ -157575,7 +157571,9 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
		82
		83	/* Analyze all of the subexpressions. */
		84	sqlite3WhereExprAnalyze(pTabList, &pWInfo->sWC);
		85	- sqlite3WhereAddLimit(&pWInfo->sWC, pLimit);
		86	+ if( pSelect && pSelect->pLimit ){
		87	+ sqlite3WhereAddLimit(&pWInfo->sWC, pSelect);
		88	+ }
		89	if( db->mallocFailed ) goto whereBeginError;
		90
		91	/* Special case: WHERE terms that do not refer to any tables in the join


diff --git a/meta/recipes-support/sqlite/files/CVE-2025-7458.patch b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch new file mode 100644 index 0000000000..6b041d9332 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
@@ -0,0 +1,32 @@
		1	From b816ca9994e03a8bc829b49452b8158a731e81a9 Mon Sep 17 00:00:00 2001
		2	From: drh <>
		3	Date: Thu, 16 Mar 2023 20:54:29 +0000
		4	Subject: [PATCH] Correctly handle SELECT DISTINCT ... ORDER BY when all of the
		5	result set terms are constant and there are more result set terms than ORDER
		6	BY terms. Fix for these tickets: [c36cdb4afd504dc1], [4051a7f931d9ba24],
		7	[d6fd512f50513ab7].
		8
		9	FossilOrigin-Name: 12ad822d9b827777526ca5ed5bf3e678d600294fc9b5c25482dfff2a021328a4
		10
		11	CVE: CVE-2025-7458
		12	Upstream-Status: Backport [github.com/sqlite/sqlite/commit/b816ca9994e03a8bc829b49452b8158a731e81a9]
		13	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		14	---
		15	sqlite3.c \| 4 ++++
		16	1 file changed, 4 insertions(+)
		17
		18	diff --git a/sqlite3.c b/sqlite3.c
		19	index 19d0438..6d92184 100644
		20	--- a/sqlite3.c
		21	+++ b/sqlite3.c
		22	@@ -156989,6 +156989,10 @@ static int wherePathSolver(WhereInfo *pWInfo, LogEst nRowEst){
		23	if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
		24	pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
		25	}
		26	+ if( pWInfo->pSelect->pOrderBy
		27	+ && pWInfo->nOBSat > pWInfo->pSelect->pOrderBy->nExpr ){
		28	+ pWInfo->nOBSat = pWInfo->pSelect->pOrderBy->nExpr;
		29	+ }
		30	}else{
		31	pWInfo->nOBSat = pFrom->isOrdered;
		32	pWInfo->revMask = pFrom->revLoop;


diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index 656e2d8bd8..86d9b4b33b 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -10,6 +10,8 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
10	file://CVE-2023-7104.patch \	10	file://CVE-2023-7104.patch \
11	file://CVE-2025-29088.patch \	11	file://CVE-2025-29088.patch \
12	file://CVE-2025-6965.patch \	12	file://CVE-2025-6965.patch \
		13	file://0001-This-branch-attempts-to-improve-the-detection-of-cov.patch \
		14	file://CVE-2025-7458.patch \
13	"	15	"
14	SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"	16	SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
15		17