From 9365c6760af14a4b710f149939d1c1e58e379d2d Mon Sep 17 00:00:00 2001
From: danielk1977 <danielk1977@noemail.net>
Date: Fri, 13 Mar 2009 15:32:53 +0000
Subject: [PATCH] Do not overrun a buffer in the genfkey code (now part of
 shell.c). Fix for #3722. (CVS 6344)

FossilOrigin-Name: 943b11fb188835f0c62b6064b084192b1bbe1c0c
---
 manifest      | 12 ++++++------
 manifest.uuid |  2 +-
 src/shell.c   |  5 +++--
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/manifest b/manifest
index eb3f0fbafd..1f51465ab9 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Avoid\sfts3\scrash\son\s(MATCH\s'""')\sexpressions.\sTicket\s#3717.\s(CVS\s6343)
-D 2009-03-12T15:43:48
+C Do\snot\soverrun\sa\sbuffer\sin\sthe\sgenfkey\scode\s(now\spart\sof\sshell.c).\sFix\sfor\s#3722.\s(CVS\s6344)
+D 2009-03-13T15:32:53
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in d64baddbf55cdf33ff030e14da837324711a4ef7
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -155,7 +155,7 @@ F src/random.c 676b9d7ac820fe81e6fb2394ac8c10cff7f38628
 F src/resolve.c 094e44450371fb27869eb8bf679aacbe51fdc56d
 F src/rowset.c ba9375f37053d422dd76965a9c370a13b6e1aac4
 F src/select.c 4d0b77fd76ff80f09a798ee98953e344c9de8fbb
-F src/shell.c 0e2ebb9fa51ff56c9f0f19b80c3df7114d887c15
+F src/shell.c de2fef6f71c7fb52fb4066947149a0b562cc5534
 F src/sqlite.h.in 14f4d065bafed8500ea558a75a8e2be89c784d61
 F src/sqlite3ext.h 1db7d63ab5de4b3e6b83dd03d1a4e64fef6d2a17
 F src/sqliteInt.h ae2dc2e2a063edfae3043e725981e69855bd3c9c
@@ -704,7 +704,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P a1bb1aef0e06140a2d5d5e4b6c10c73ce95c89e0
-R b0f8f59bd683635e1f1ff253bc6bb4fd
+P 03679857a320517a7b89e5214e948bce9af896a9
+R 6c05748751f4494b7f4484ee342f5594
 U danielk1977
-Z eb05c44f6033ac0e625135603ee12138
+Z 81f620610e97249eb47012ea10670973
diff --git a/manifest.uuid b/manifest.uuid
index 88a636bc30..6c600ae9ae 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-03679857a320517a7b89e5214e948bce9af896a9
\ No newline at end of file
+943b11fb188835f0c62b6064b084192b1bbe1c0c
\ No newline at end of file
diff --git a/src/shell.c b/src/shell.c
index 64d286cde0..8a98357f00 100644
--- a/src/shell.c
+++ b/src/shell.c
@@ -12,7 +12,7 @@
 ** This file contains code to implement the "sqlite" command line
 ** utility for accessing SQLite databases.
 **
-** $Id: shell.c,v 1.205 2009/03/05 03:48:07 shane Exp $
+** $Id: shell.c,v 1.206 2009/03/13 15:32:53 danielk1977 Exp $
 */
 #if defined(_WIN32) || defined(WIN32)
 /* This needs to come before any includes for MSVC compiler */
@@ -625,9 +625,10 @@ static void multireplace(
       }
     }
     if( (nOut+nCopy)>nMalloc ){
-      nMalloc += (nMalloc + 16);
+      nMalloc = 16 + (nOut+nCopy)*2;
       zOut = (char *)sqlite3_realloc(zOut, nMalloc);
     }
+    assert( nMalloc>=(nOut+nCopy) );
     memcpy(&zOut[nOut], zCopy, nCopy);
     i += nReplace;
     nOut += nCopy;
-- 
2.47.2