SQLite Forum

integer overflow in pager.c
Login
I don't think so.

Both statements multiply two 32 bit integers yielding a 64 bit result. The values you claim as problematic both use 16 or 17 bits, which would overflow a 32bit result, but come nowhere near overflowing 64 bit integers.

i64 offset = (i64)pSavepoint->iSubRec*(4+pPager->pageSize);

i64 sz = (pPager->pageSize+4)*pRel->iSubRec;

Even multiplying the maximum pagesize (17 bits) by maxint (31 bits) only yields 48 bits of product, well within the 63 bits available for positive integers.