Fix a bug in sqlite3_mprintf() which could have caused a buffer

overrun if malloc() failed. (CVS 3998) FossilOrigin-Name: 5af49a57d4866be21c0206f34584bcc63adc1315
author: drh <drh@noemail.net> 2007-05-15 02:34:09 +0000
committer: drh <drh@noemail.net> 2007-05-15 02:34:09 +0000
commit: eaad32b1df677f7f3f6fabb863a341c98383bc66 (patch)
tree: ff0b21c51831d822f1518825026ba6b7e5b33de9 /src/printf.c
parent: f764e6fc3dce190cde24c3685744148a9e144dad (diff)
download: sqlite-eaad32b1df677f7f3f6fabb863a341c98383bc66.tar.gz
sqlite-eaad32b1df677f7f3f6fabb863a341c98383bc66.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/src/printf.c b/src/printf.c
index 31c929830..92073991d 100644
--- a/src/printf.c
+++ b/src/printf.c
@@ -729,19 +729,22 @@ static void mout(void *arg, const char *zNewText, int nNewChar){
     if( pM->xRealloc==0 ){
       nNewChar =  pM->nAlloc - pM->nChar - 1;
     }else{
-      pM->nAlloc = pM->nChar + nNewChar*2 + 1;
+      int nAlloc = pM->nChar + nNewChar*2 + 1;
       if( pM->zText==pM->zBase ){
-        pM->zText = pM->xRealloc(0, pM->nAlloc);
+        pM->zText = pM->xRealloc(0, nAlloc);
         if( pM->zText && pM->nChar ){
           memcpy(pM->zText, pM->zBase, pM->nChar);
         }
       }else{
         char *zNew;
-        zNew = pM->xRealloc(pM->zText, pM->nAlloc);
+        zNew = pM->xRealloc(pM->zText, nAlloc);
         if( zNew ){
           pM->zText = zNew;
+        }else{
+          return;
         }
       }
+      pM->nAlloc = nAlloc;
     }
   }
   if( pM->zText ){
author	drh <drh@noemail.net>	2007-05-15 02:34:09 +0000
committer	drh <drh@noemail.net>	2007-05-15 02:34:09 +0000
commit	eaad32b1df677f7f3f6fabb863a341c98383bc66 (patch)
tree	ff0b21c51831d822f1518825026ba6b7e5b33de9 /src/printf.c
parent	f764e6fc3dce190cde24c3685744148a9e144dad (diff)
download	sqlite-eaad32b1df677f7f3f6fabb863a341c98383bc66.tar.gz sqlite-eaad32b1df677f7f3f6fabb863a341c98383bc66.zip