I notice that at https://github.com/sqlite/sqlite/blob/7601294ad3fe9f7e0db8eb2478dec0de293b8bb6/src/printf.c#L924, the addition is perform before conversion:
szNew += N + 1; ---> int32_t tmp = N + 1; szNew += tmp;
So if N == 0x7FFFFFFF, then an integer overflow might happen. I am not sure whether it is possible for N to be 0x7FFFFFFF.
When I use clang (version 7.0.1) to compile SQLite (clang -o sqlite3_O0 sqlite3.c shell.c -ldl -pthread). When adding -O0, the addition is:
.text:000000000043BF95 mov ecx, [rbp+N]
.text:000000000043BF98 add ecx, 1
.text:000000000043BF9B movsxd rax, ecx
.text:000000000043BF9E add rax, [rbp+szNew]
When using -O3, the addition is perform as the following:
.text:00000000004320FB szNew = rsi , N = r15 ; i64_0
.text:00000000004320FB movsxd rdx, r15d
.text:00000000004320FE lea rdi, [szNew+rdx]
.text:0000000000432102 add rdx, szNew
.text:0000000000432105 add rdx, 1
In the optimized version, the integer overflow will not happen.
I cannot figure out a query to test it, so I just put all the information I have here.