$OpenBSD: patch-sqlite3_c,v 1.1 2018/03/21 20:28:47 landry Exp $

Backport https://www.sqlite.org/cgi/src/info/d75e67654aa9620b to fix CVE-2018-8740.
"In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE
TABLE AS statement could cause a NULL pointer dereference"

Cf https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349

Index: sqlite3.c
--- sqlite3.c.orig
+++ sqlite3.c
@@ -103474,7 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable(
   p = pParse->pNewTable;
   if( p==0 ) return;
 
-  assert( !db->init.busy || !pSelect );
 
   /* If the db->init.busy is 1 it means we are reading the SQL off the
   ** "sqlite_master" or "sqlite_temp_master" table on the disk.
@@ -103486,6 +103485,10 @@ SQLITE_PRIVATE void sqlite3EndTable(
   ** table itself.  So mark it read-only.
   */
   if( db->init.busy ){
+    if( pSelect ){
+      sqlite3ErrorMsg(pParse, "");
+      return;
+    }
     p->tnum = db->init.newTnum;
     if( p->tnum==1 ) p->tabFlags |= TF_Readonly;
   }
@@ -117813,7 +117816,7 @@ static void corruptSchema(
     char *z;
     if( zObj==0 ) zObj = "?";
     z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
-    if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
+    if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
     sqlite3DbFree(db, *pData->pzErrMsg);
     *pData->pzErrMsg = z;
   }
