diff options
| author | drh <> | 2023-03-24 21:35:48 +0000 |
|---|---|---|
| committer | drh <> | 2023-03-24 21:35:48 +0000 |
| commit | 338ff1ceca6890ff068110b125ce1ed837b07660 (patch) | |
| tree | 478fa89ab409874408872fb10a74cd8aadd4fc94 /src | |
| parent | ed8e12e97bddf094e3435a5c7ea80d1119dc6ca7 (diff) | |
| download | sqlite-338ff1ceca6890ff068110b125ce1ed837b07660.tar.gz sqlite-338ff1ceca6890ff068110b125ce1ed837b07660.zip | |
Fix possible integer overflow in bounds checking for the debugging function
"shell_int32()" found in the CLI. This change does not affect the core
SQLite. [forum:/forumpost/be9c294ee0|Forum post be9c294ee0].
FossilOrigin-Name: 6211471138a654641a4cf4831cfa3b470e06f29a2b77e4d58177c8e065bec11e
Diffstat (limited to 'src')
| -rw-r--r-- | src/shell.c.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/shell.c.in b/src/shell.c.in index 340dc13ce..75de1bc2f 100644 --- a/src/shell.c.in +++ b/src/shell.c.in @@ -5130,7 +5130,7 @@ static void shellInt32( pBlob = (const unsigned char*)sqlite3_value_blob(argv[0]); iInt = sqlite3_value_int(argv[1]); - if( iInt>=0 && (iInt+1)*4<=nBlob ){ + if( iInt>=0 && iInt<(nBlob/4) ){ const unsigned char *a = &pBlob[iInt*4]; sqlite3_int64 iVal = ((sqlite3_int64)a[0]<<24) + ((sqlite3_int64)a[1]<<16) |