SQLite Forum

integer overflow in pager.c
> Both statements multiply two 32 bit integers yielding a 64 bit result.

That would be a reasonable result, (and conforms to what many/most hardware multipliers do), but does not conform to C rules. In C, this:<code>
    i64 sz = (pPager-\>pageSize+4)*pRel-\>iSubRec;
</code>, where the pageSize and iSubRec members are both 32-bit objects, means: Multiply these 32-bit integers to produce a 32-bit integer, then promote that integer to 64 bits (by sign bit extension or 0-fill according to signedness of the operands) and transfer into the 64-bit assignee.

This is counter-intuitive, but it avoids a language design issue where type must flow toward leaves of expression trees.