More robust handling of zeroblob() with oversized arguments. Fix fuzzcheck

so that it can be run with limited heap memory.

FossilOrigin-Name: 4e3e516a42059c97f42a7eb59bdf5cded0ff843a

3 files changed, 3 insertions, 2 deletions

diff --git a/src/func.c b/src/func.c
index d0565357d..151a09f29 100644
--- a/src/func.c
+++ b/src/func.c
@@ -1131,6 +1131,7 @@ static void zeroblobFunc(
   if( n>db->aLimit[SQLITE_LIMIT_LENGTH] ){
     sqlite3_result_error_toobig(context);
   }else{
+    if( n<0 ) n = 0;
     sqlite3_result_zeroblob(context, (int)n); /* IMP: R-00293-64994 */
   }
 }
diff --git a/src/vdbe.c b/src/vdbe.c
index 296a12bc9..fe97087c0 100644
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -2702,7 +2702,7 @@ case OP_MakeRecord: {
     len = sqlite3VdbeSerialTypeLen(serial_type);
     if( pRec->flags & MEM_Zero ){
       if( nData ){
-        sqlite3VdbeMemExpandBlob(pRec);
+        if( sqlite3VdbeMemExpandBlob(pRec) ) goto no_mem;
       }else{
         nZero += pRec->u.nZero;
         len -= pRec->u.nZero;
diff --git a/src/vdbeapi.c b/src/vdbeapi.c
index 4687aac51..391e3adb0 100644
--- a/src/vdbeapi.c
+++ b/src/vdbeapi.c
@@ -162,7 +162,7 @@ int sqlite3_clear_bindings(sqlite3_stmt *pStmt){
 const void *sqlite3_value_blob(sqlite3_value *pVal){
   Mem *p = (Mem*)pVal;
   if( p->flags & (MEM_Blob|MEM_Str) ){
-    sqlite3VdbeMemExpandBlob(p);
+    if( sqlite3VdbeMemExpandBlob(p)!=SQLITE_OK ) return 0;
     p->flags |= MEM_Blob;
     return p->n ? p->z : 0;
   }else{