Fix a bug in sqlite3_realloc() - if called with a size of more than

2147483392 it returns 0 but it also releases the prior allocation. (CVS 6827) FossilOrigin-Name: 653df0afcc58de82c8c1b5f6a7b2f4829ff69792
2025-11-09 14:21:03 +03:00 · 2009-06-27 00:48:33 +00:00
parent e08ed7e71b
commit b6063cf823
3 changed files with 13 additions and 10 deletions
--- a/src/malloc.c
+++ b/src/malloc.c
@@ -12,7 +12,7 @@
 **
 ** Memory allocation functions used throughout sqlite.
 **
-** $Id: malloc.c,v 1.63 2009/06/26 18:35:17 drh Exp $
+** $Id: malloc.c,v 1.64 2009/06/27 00:48:33 drh Exp $
 */
 #include "sqliteInt.h"
 #include <stdarg.h>
@@ -473,11 +473,14 @@ void *sqlite3Realloc(void *pOld, int nBytes){
  if( pOld==0 ){
    return sqlite3Malloc(nBytes);
  }
-  if( nBytes<=0 || nBytes>=0x7fffff00 ){
-    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
+  if( nBytes<=0 ){
    sqlite3_free(pOld);
    return 0;
  }
+  if( nBytes>=0x7fffff00 ){
+    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
+    return 0;
+  }
  nOld = sqlite3MallocSize(pOld);
  if( sqlite3GlobalConfig.bMemstat ){
    sqlite3_mutex_enter(mem0.mutex);