1 files changed, 31 insertions, 0 deletions
diff --git a/chromium/third_party/sqlite/patches/0021-Avoid-invalid-pointer-dereference-in-ORDER-BY.patch b/chromium/third_party/sqlite/patches/0021-Avoid-invalid-pointer-dereference-in-ORDER-BY.patch
new file mode 100644
index 00000000000..75e5507ed7d
--- /dev/null
+++ b/chromium/third_party/sqlite/patches/0021-Avoid-invalid-pointer-dereference-in-ORDER-BY.patch
@@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Darwin Huang <huangdarwin@chromium.org>
+Date: Tue, 7 Jan 2020 13:42:03 -0800
+Subject: [PATCH 21/25] Avoid invalid pointer dereference in ORDER BY
+
+Backports https://sqlite.org/src/info/1ca0bd982ab1183bbafce0d260e4dceda5eb766ed2e7793374a88d1ae0bdd2ca
+
+Bug: 1038863
+---
+ third_party/sqlite/patched/src/window.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/third_party/sqlite/patched/src/window.c b/third_party/sqlite/patched/src/window.c
+index c251cd01974d..2d79ffe63d6d 100644
+--- a/third_party/sqlite/patched/src/window.c
++++ b/third_party/sqlite/patched/src/window.c
+@@ -883,9 +883,11 @@ static ExprList *exprListAppendList(
+     int nInit = pList ? pList->nExpr : 0;
+     for(i=0; i<pAppend->nExpr; i++){
+       Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
++      assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
+       if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
+         pDup->op = TK_NULL;
+         pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
++        pDup->u.zToken = 0;
+       }
+       pList = sqlite3ExprListAppend(pParse, pList, pDup);
+       if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
+-- 
+2.25.0.rc1.283.g88dfdc4193-goog
+