From 087b5a73943851e607beb6db8d2fe21a77eccabc Mon Sep 17 00:00:00 2001
From: wbq_sky <wangbingquan@huawei.com>
Date: Thu, 18 Aug 2022 14:52:54 +0800
Subject: [PATCH] fix the CVE-2022-35737

Signed-off-by: wbq_sky <wangbingquan@huawei.com>
Change-Id: I4e3851a8b685f0c8bdcda3a685c6341759616e75
---
 src/sqlite3.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sqlite3.c b/src/sqlite3.c
index b1b1702..38bba87 100644
--- a/src/sqlite3.c
+++ b/src/sqlite3.c
@@ -151018,7 +151018,7 @@ static int whereKeyStats(
 #endif
   assert( pRec!=0 );
   assert( pIdx->nSample>0 );
-  assert( pRec->nField>0 && pRec->nField<=pIdx->nSampleCol );
+  assert( pRec->nField>0 );
 
   /* Do a binary search to find the first sample greater than or equal
   ** to pRec. If pRec contains a single field, the set of samples to search
@@ -151064,7 +151064,7 @@ static int whereKeyStats(
   ** it is extended to two fields. The duplicates that this creates do not
   ** cause any problems.
   */
-  nField = pRec->nField;
+  nField = MIN(pRec->nField, pIdx->nSample);
   iCol = 0;
   iSample = pIdx->nSample * nField;
   do{
-- 
Gitee