Additional changes making it easier to prove that integer overflow does not

occur. No problems found. FossilOrigin-Name: e846743a875430a5c51d41f00ac9532214f97d9925e6261113b63580f92369fc
author: drh <> 2025-02-17 18:09:24 +0000
committer: drh <> 2025-02-17 18:09:24 +0000
commit: 7bfa4452a3cc9b57d970938cbc642cb48024a2a7 (patch)
tree: b27fe9095a4605d69b77a27361b940b1127ff404 /src
parent: ef86b942b9ffbfc2086da7865effea3e7950c7a0 (diff)
download: sqlite-7bfa4452a3cc9b57d970938cbc642cb48024a2a7.tar.gz
sqlite-7bfa4452a3cc9b57d970938cbc642cb48024a2a7.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/src/json.c b/src/json.c
index 47a9c875e..97bf25b2d 100644
--- a/src/json.c
+++ b/src/json.c
@@ -1086,7 +1086,7 @@ static void jsonWrongNumArgs(
 */
 static int jsonBlobExpand(JsonParse *pParse, u32 N){
   u8 *aNew;
-  u32 t;
+  u64 t;
   assert( N>pParse->nBlobAlloc );
   if( pParse->nBlobAlloc==0 ){
     t = 100;
@@ -1096,8 +1096,9 @@ static int jsonBlobExpand(JsonParse *pParse, u32 N){
   if( t<N ) t = N+100;
   aNew = sqlite3DbRealloc(pParse->db, pParse->aBlob, t);
   if( aNew==0 ){ pParse->oom = 1; return 1; }
+  assert( t<0x7fffffff );
   pParse->aBlob = aNew;
-  pParse->nBlobAlloc = t;
+  pParse->nBlobAlloc = (u32)t;
   return 0;
 }
 
@@ -3116,7 +3117,7 @@ static void jsonReturnFromBlob(
       char *zOut;
       u32 nOut = sz;
       z = (const char*)&pParse->aBlob[i+n];
-      zOut = sqlite3DbMallocRaw(db, nOut+1);
+      zOut = sqlite3DbMallocRaw(db, ((u64)nOut)+1);
       if( zOut==0 ) goto returnfromblob_oom;
       for(iIn=iOut=0; iIn<sz; iIn++){
         char c = z[iIn];
author	drh <>	2025-02-17 18:09:24 +0000
committer	drh <>	2025-02-17 18:09:24 +0000
commit	7bfa4452a3cc9b57d970938cbc642cb48024a2a7 (patch)
tree	b27fe9095a4605d69b77a27361b940b1127ff404 /src
parent	ef86b942b9ffbfc2086da7865effea3e7950c7a0 (diff)
download	sqlite-7bfa4452a3cc9b57d970938cbc642cb48024a2a7.tar.gz sqlite-7bfa4452a3cc9b57d970938cbc642cb48024a2a7.zip