diff options
| author | dan <Dan Kennedy> | 2023-05-05 19:36:13 +0000 |
|---|---|---|
| committer | dan <Dan Kennedy> | 2023-05-05 19:36:13 +0000 |
| commit | 77eb3e305c7cdee10e69426def6fa0cd0116fbe2 (patch) | |
| tree | 6934e81e334ebdd1993ce69f7ab8bf62bc873723 /src | |
| parent | ed96436f23a0b42e2a83e66272ce93dc1f18d4d1 (diff) | |
| download | sqlite-77eb3e305c7cdee10e69426def6fa0cd0116fbe2.tar.gz sqlite-77eb3e305c7cdee10e69426def6fa0cd0116fbe2.zip | |
Fix a buffer overrun that could occur when using the format() function to format a very small real value with the "," modifier.
FossilOrigin-Name: 910e770ad4d8e8e45bf069af963f2e975bfcfb882578dc5fe714cd2396258934
Diffstat (limited to 'src')
| -rw-r--r-- | src/printf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/printf.c b/src/printf.c index 0cbd4c3c6..3e1782d46 100644 --- a/src/printf.c +++ b/src/printf.c @@ -649,7 +649,7 @@ void sqlite3_str_vappendf( { i64 szBufNeeded; /* Size of a temporary buffer needed */ szBufNeeded = MAX(e2,0)+(i64)precision+(i64)width+15; - if( cThousand ) szBufNeeded += (e2+2)/3; + if( cThousand && e2>0 ) szBufNeeded += (e2+2)/3; if( szBufNeeded > etBUFSIZE ){ bufpt = zExtra = printfTempBuf(pAccum, szBufNeeded); if( bufpt==0 ) return; |