Fix a bug in sqlite3_mprintf() which could have caused a buffer

author drh <drh@noemail.net>

Tue, 15 May 2007 02:34:09 +0000 (02:34 +0000)

committer drh <drh@noemail.net>

Tue, 15 May 2007 02:34:09 +0000 (02:34 +0000)
author drh <drh@noemail.net>
Tue, 15 May 2007 02:34:09 +0000 (02:34 +0000)
committer drh <drh@noemail.net>
Tue, 15 May 2007 02:34:09 +0000 (02:34 +0000)
diff --git a/manifest b/manifest

index e4afb5261e6511c26b26a4287e8907aab58da709..139255ea5774c989b7b7715023239278e93d763c 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C The\sbuilt-in\ssubstr()\sfunction\sapplied\sto\sa\sBLOB\scounts\sbytes,\snot\scharacters.\s(CVS\s3997)
-D 2007-05-15T01:13:47
+C Fix\sa\sbug\sin\ssqlite3_mprintf()\swhich\scould\shave\scaused\sa\sbuffer\noverrun\sif\smalloc()\sfailed.\s(CVS\s3998)
+D 2007-05-15T02:34:09
  F Makefile.in 87b200ad9970907f76df734d29dff3d294c10935
  F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935
  F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -97,7 +97,7 @@ F src/pager.h 94110a5570dca30d54a883e880a3633b2e4c05ae
  F src/parse.y 5d4d60e7e1beb1ad134835ee0624d35617f36c4e
  F src/pragma.c 6d5eb19feef9e84117b9b17a4c38b12b8c1c6897
  F src/prepare.c 87c23644986b5e41a58bc76f05abebd899e00089
-F src/printf.c 05b233c7a39aec4c54c79ef87af24f0a6591175d
+F src/printf.c cd91e057fa7e2661673eecd4eeecf4900b1e5cfe
  F src/random.c 6119474a6f6917f708c1dee25b9a8e519a620e88
  F src/select.c c10b98aeccc67a9724c37bbecd6553e5a8da5bf6
  F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
@@ -491,7 +491,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9
  F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
  F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
  F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5
-P d07cdd3c096c120d104ae13f7932c0a955324517
-R 2be0a4c9f659ac8ba502f4d27f744853
+P 75d573080d03ee48fe88710f70c6875ff9cae19c
+R b07b9e5fab6d7eaa0b8188e0005d371e
  U drh
-Z 429140db9719a9a8e8c56d1f7aa1fad7
+Z afee1df567f28ceb1f5fd286b893c976
diff --git a/manifest.uuid b/manifest.uuid

index 56819ee5d615e3fd78b12ad1b4571f1080d91424..4538bc85378f18e0bfff349e49710b80878ae9e3 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-75d573080d03ee48fe88710f70c6875ff9cae19c
-\ No newline at end of file
+5af49a57d4866be21c0206f34584bcc63adc1315
+\ No newline at end of file
diff --git a/src/printf.c b/src/printf.c

index 31c929830f3804ca407d32f22e1557bd4e05f6a5..92073991d8235998a3a44f0a83771509b4d230bc 100644 (file)
--- a/src/printf.c
+++ b/src/printf.c
@@ -729,19 +729,22 @@ static void mout(void *arg, const char *zNewText, int nNewChar){
      if( pM->xRealloc==0 ){
        nNewChar =  pM->nAlloc - pM->nChar - 1;
      }else{
-      pM->nAlloc = pM->nChar + nNewChar*2 + 1;
+      int nAlloc = pM->nChar + nNewChar*2 + 1;
        if( pM->zText==pM->zBase ){
-        pM->zText = pM->xRealloc(0, pM->nAlloc);
+        pM->zText = pM->xRealloc(0, nAlloc);
          if( pM->zText && pM->nChar ){
            memcpy(pM->zText, pM->zBase, pM->nChar);
          }
        }else{
          char *zNew;
-        zNew = pM->xRealloc(pM->zText, pM->nAlloc);
+        zNew = pM->xRealloc(pM->zText, nAlloc);
          if( zNew ){
            pM->zText = zNew;
+        }else{
+          return;
          }
        }
+      pM->nAlloc = nAlloc;
      }
    }
    if( pM->zText ){
author	drh <drh@noemail.net>
	Tue, 15 May 2007 02:34:09 +0000 (02:34 +0000)
committer	drh <drh@noemail.net>
	Tue, 15 May 2007 02:34:09 +0000 (02:34 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/printf.c		patch \| blob \| blame \| history