database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-11-14 00:22:38 +03:00
Code Activity

Guard against excessive width and precision in floating-point conversions

Browse Source 
in the printf routines.

FossilOrigin-Name: c494171f77dc2e5e04cb6d865e688448f04e5920
This commit is contained in:
drh
2015-04-07 12:41:17 +00:00
parent e3cdbad274
commit 74b42275ec
4 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/printf.c
View File

@@ -450,7 +450,7 @@ void sqlite3VXPrintf(
else prefix = 0;
}
if( xtype==etGENERIC && precision>0 ) precision--;
for(idx=precision, rounder=0.5; idx>0; idx--, rounder*=0.1){}
for(idx=precision&0xfff, rounder=0.5; idx>0; idx--, rounder*=0.1){}
if( xtype==etFLOAT ) realvalue += rounder;
/* Normalize realvalue to within 10.0 > realvalue >= 1.0 */
exp = 0;
@@ -505,8 +505,9 @@ void sqlite3VXPrintf(
}else{
e2 = exp;
}
if( MAX(e2,0)+precision+width > etBUFSIZE - 15 ){
bufpt = zExtra = sqlite3Malloc( MAX(e2,0)+precision+width+15 );
if( MAX(e2,0)+(i64)precision+(i64)width > etBUFSIZE - 15 ){
bufpt = zExtra
= sqlite3Malloc( MAX(e2,0)+(i64)precision+(i64)width+15 );
if( bufpt==0 ){
setStrAccumError(pAccum, STRACCUM_NOMEM);
return;