diff options
| author | drh <drh@noemail.net> | 2015-04-07 12:41:17 +0000 |
|---|---|---|
| committer | drh <drh@noemail.net> | 2015-04-07 12:41:17 +0000 |
| commit | 74b42275eca70ba323730c5a1088f1baf9937383 (patch) | |
| tree | c965435ce26ce9dba0b3669ef0fb79668c2e95cc /src/printf.c | |
| parent | e3cdbad2748af9bb6002693efdd231d3dceeb74a (diff) | |
| download | sqlite-74b42275eca70ba323730c5a1088f1baf9937383.tar.gz sqlite-74b42275eca70ba323730c5a1088f1baf9937383.zip | |
Guard against excessive width and precision in floating-point conversions
in the printf routines.
FossilOrigin-Name: c494171f77dc2e5e04cb6d865e688448f04e5920
Diffstat (limited to 'src/printf.c')
| -rw-r--r-- | src/printf.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/printf.c b/src/printf.c index 81efa057f..0ff9887eb 100644 --- a/src/printf.c +++ b/src/printf.c @@ -450,7 +450,7 @@ void sqlite3VXPrintf( else prefix = 0; } if( xtype==etGENERIC && precision>0 ) precision--; - for(idx=precision, rounder=0.5; idx>0; idx--, rounder*=0.1){} + for(idx=precision&0xfff, rounder=0.5; idx>0; idx--, rounder*=0.1){} if( xtype==etFLOAT ) realvalue += rounder; /* Normalize realvalue to within 10.0 > realvalue >= 1.0 */ exp = 0; @@ -505,8 +505,9 @@ void sqlite3VXPrintf( }else{ e2 = exp; } - if( MAX(e2,0)+precision+width > etBUFSIZE - 15 ){ - bufpt = zExtra = sqlite3Malloc( MAX(e2,0)+precision+width+15 ); + if( MAX(e2,0)+(i64)precision+(i64)width > etBUFSIZE - 15 ){ + bufpt = zExtra + = sqlite3Malloc( MAX(e2,0)+(i64)precision+(i64)width+15 ); if( bufpt==0 ){ setStrAccumError(pAccum, STRACCUM_NOMEM); return; |