/ Check-in [5af49a57]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a bug in sqlite3_mprintf() which could have caused a buffer overrun if malloc() failed. (CVS 3998)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 5af49a57d4866be21c0206f34584bcc63adc1315
User & Date: drh 2007-05-15 02:34:09
Context
2007-05-15
02:45
Fix a typo in a comment. Ticket #2359. (CVS 3999) check-in: 1fbbc108 user: drh tags: trunk
02:34
Fix a bug in sqlite3_mprintf() which could have caused a buffer overrun if malloc() failed. (CVS 3998) check-in: 5af49a57 user: drh tags: trunk
01:13
The built-in substr() function applied to a BLOB counts bytes, not characters. (CVS 3997) check-in: 75d57308 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/printf.c.

   725    725   static void mout(void *arg, const char *zNewText, int nNewChar){
   726    726     struct sgMprintf *pM = (struct sgMprintf*)arg;
   727    727     pM->nTotal += nNewChar;
   728    728     if( pM->nChar + nNewChar + 1 > pM->nAlloc ){
   729    729       if( pM->xRealloc==0 ){
   730    730         nNewChar =  pM->nAlloc - pM->nChar - 1;
   731    731       }else{
   732         -      pM->nAlloc = pM->nChar + nNewChar*2 + 1;
          732  +      int nAlloc = pM->nChar + nNewChar*2 + 1;
   733    733         if( pM->zText==pM->zBase ){
   734         -        pM->zText = pM->xRealloc(0, pM->nAlloc);
          734  +        pM->zText = pM->xRealloc(0, nAlloc);
   735    735           if( pM->zText && pM->nChar ){
   736    736             memcpy(pM->zText, pM->zBase, pM->nChar);
   737    737           }
   738    738         }else{
   739    739           char *zNew;
   740         -        zNew = pM->xRealloc(pM->zText, pM->nAlloc);
          740  +        zNew = pM->xRealloc(pM->zText, nAlloc);
   741    741           if( zNew ){
   742    742             pM->zText = zNew;
          743  +        }else{
          744  +          return;
   743    745           }
   744    746         }
          747  +      pM->nAlloc = nAlloc;
   745    748       }
   746    749     }
   747    750     if( pM->zText ){
   748    751       if( nNewChar>0 ){
   749    752         memcpy(&pM->zText[pM->nChar], zNewText, nNewChar);
   750    753         pM->nChar += nNewChar;
   751    754       }