SQLite

Check-in [5af49a57d4]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a bug in sqlite3_mprintf() which could have caused a buffer overrun if malloc() failed. (CVS 3998)
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 5af49a57d4866be21c0206f34584bcc63adc1315
User & Date: drh 2007-05-15 02:34:09.000
Context
2007-05-15
02:45
Fix a typo in a comment. Ticket #2359. (CVS 3999) (check-in: 1fbbc108a9 user: drh tags: trunk)
02:34
Fix a bug in sqlite3_mprintf() which could have caused a buffer overrun if malloc() failed. (CVS 3998) (check-in: 5af49a57d4 user: drh tags: trunk)
01:13
The built-in substr() function applied to a BLOB counts bytes, not characters. (CVS 3997) (check-in: 75d573080d user: drh tags: trunk)
Changes
Unified Diff Show Whitespace Changes Patch
Changes to src/printf.c.
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742


743
744

745
746
747
748
749
750
751
static void mout(void *arg, const char *zNewText, int nNewChar){
  struct sgMprintf *pM = (struct sgMprintf*)arg;
  pM->nTotal += nNewChar;
  if( pM->nChar + nNewChar + 1 > pM->nAlloc ){
    if( pM->xRealloc==0 ){
      nNewChar =  pM->nAlloc - pM->nChar - 1;
    }else{
      pM->nAlloc = pM->nChar + nNewChar*2 + 1;
      if( pM->zText==pM->zBase ){
        pM->zText = pM->xRealloc(0, pM->nAlloc);
        if( pM->zText && pM->nChar ){
          memcpy(pM->zText, pM->zBase, pM->nChar);
        }
      }else{
        char *zNew;
        zNew = pM->xRealloc(pM->zText, pM->nAlloc);
        if( zNew ){
          pM->zText = zNew;


        }
      }

    }
  }
  if( pM->zText ){
    if( nNewChar>0 ){
      memcpy(&pM->zText[pM->nChar], zNewText, nNewChar);
      pM->nChar += nNewChar;
    }







|

|





|


>
>


>







725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
static void mout(void *arg, const char *zNewText, int nNewChar){
  struct sgMprintf *pM = (struct sgMprintf*)arg;
  pM->nTotal += nNewChar;
  if( pM->nChar + nNewChar + 1 > pM->nAlloc ){
    if( pM->xRealloc==0 ){
      nNewChar =  pM->nAlloc - pM->nChar - 1;
    }else{
      int nAlloc = pM->nChar + nNewChar*2 + 1;
      if( pM->zText==pM->zBase ){
        pM->zText = pM->xRealloc(0, nAlloc);
        if( pM->zText && pM->nChar ){
          memcpy(pM->zText, pM->zBase, pM->nChar);
        }
      }else{
        char *zNew;
        zNew = pM->xRealloc(pM->zText, nAlloc);
        if( zNew ){
          pM->zText = zNew;
        }else{
          return;
        }
      }
      pM->nAlloc = nAlloc;
    }
  }
  if( pM->zText ){
    if( nNewChar>0 ){
      memcpy(&pM->zText[pM->nChar], zNewText, nNewChar);
      pM->nChar += nNewChar;
    }