Avoid the possibility of signed integer overflow with oversized precisions

author drh <drh@noemail.net>

Mon, 20 Mar 2017 16:34:18 +0000 (16:34 +0000)

committer drh <drh@noemail.net>

Mon, 20 Mar 2017 16:34:18 +0000 (16:34 +0000)
author drh <drh@noemail.net>
Mon, 20 Mar 2017 16:34:18 +0000 (16:34 +0000)
committer drh <drh@noemail.net>
Mon, 20 Mar 2017 16:34:18 +0000 (16:34 +0000)
diff --git a/manifest b/manifest

index 1c7dda125d0ea7101a1be1b5bfa3b7157fbc7f75..5c8fe108283d84a52232f98f853fdec5af28ac52 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Do\snot\srun\ssync2.test\sas\spart\sof\sthe\s"journaltest"\spermutation,\sas\sit\suses\n"PRAGMA\ssynchronous\s=\soff".
-D 2017-03-20T16:06:48.281
+C Avoid\sthe\spossibility\sof\ssigned\sinteger\soverflow\swith\soversized\sprecisions\nin\s%d\sconversions\sin\sthe\sprintf()\simplementation.
+D 2017-03-20T16:34:18.983
  F Makefile.in 1cc758ce3374a32425e4d130c2fe7b026b20de5b8843243de75f087c0a2661fb
  F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
  F Makefile.msc 1faf9f06aadc9284c212dea7bbc7c0dea7e8337f0287c81001eff500912c790a
@@ -396,7 +396,7 @@ F src/pcache1.c e3967219b2a92b9edcb9324a4ba75009090d3953
  F src/pragma.c 2b244434e76c7075edbcfd9e4d634899af0944ff01183b126d4671f7407c2368
  F src/pragma.h c9c763958fec92b04125571472c9500b351c5f7f
  F src/prepare.c b1140c3d0cf59bc85ace00ce363153041b424b7a
-F src/printf.c 67427bbee66d891fc6f6f5aada857e9cdb368c1c
+F src/printf.c 8757834f1b54dae512fb25eb1acc8e94a0d15dd2290b58f2563f65973265adb2
  F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
  F src/resolve.c 3e518b962d932a997fae373366880fc028c75706
  F src/rowset.c 7b7e7e479212e65b723bf40128c7b36dc5afdfac
@@ -1566,7 +1566,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 673a7b67c4828acaea3baebea500ef1f8ae763588b0d9c9f2ad6ed5ceb3cfee2
-R 547057b8e0709a92c08d29e340a54617
-U dan
-Z c38b0bcff9e9a77e6d2ca931cd7486d0
+P 285005a9bcb210bb2a9aa9fed6a19d4b78641a6e7622d469bd0d2a365b2c0735
+R d28630b090e29d249202016ad6a6d827
+U drh
+Z dd88d1a97157edc79245fb3d73eca0b6
diff --git a/manifest.uuid b/manifest.uuid

index 7f9fef56710ef38bc339f22806917f7d65ac9a0f..68447cc5501e7ab318f2eb7d6a12f0cf7fd0d1f3 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-285005a9bcb210bb2a9aa9fed6a19d4b78641a6e7622d469bd0d2a365b2c0735
-\ No newline at end of file
+ef3a7c877a7549b351aafd983cfa96c863eb2641b6218bdd5cb563f659f879d8
+\ No newline at end of file
diff --git a/src/printf.c b/src/printf.c

index 241338b266b3b4283d5266c8056c0c567d8fb760..a14e658875939d8d7706210f936883e54459fadb 100644 (file)
--- a/src/printf.c
+++ b/src/printf.c
@@ -400,12 +400,13 @@ void sqlite3VXPrintf(
            nOut = etBUFSIZE;
            zOut = buf;
          }else{
-          nOut = precision + 10 + precision/3;
-          zOut = zExtra = sqlite3Malloc( nOut );
+          u64 n = (u64)precision + 10 + precision/3;
+          zOut = zExtra = sqlite3Malloc( n );
            if( zOut==0 ){
              setStrAccumError(pAccum, STRACCUM_NOMEM);
              return;
            }
+          nOut = (int)n;
          }
          bufpt = &zOut[nOut-1];
          if( xtype==etORDINAL ){
author	drh <drh@noemail.net>
	Mon, 20 Mar 2017 16:34:18 +0000 (16:34 +0000)
committer	drh <drh@noemail.net>
	Mon, 20 Mar 2017 16:34:18 +0000 (16:34 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/printf.c		patch \| blob \| blame \| history