/ Check-in [1aee70d6]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Slight adjustment to the printf formatter large memory allocation detector so that it does not overestimate the amount of space needed for oversize %d conversions.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 1aee70d6de8a9b17ebb74a7cb1dad65139cde1b615dcce4d15d3a476fda8676b
User & Date: drh 2019-02-01 21:08:27
Context
2019-02-02
01:27
Fix harmless compiler warning. check-in: dddda685 user: mistachkin tags: trunk
2019-02-01
21:08
Slight adjustment to the printf formatter large memory allocation detector so that it does not overestimate the amount of space needed for oversize %d conversions. check-in: 1aee70d6 user: drh tags: trunk
20:29
Prevent the printf formatter from doing large memory allocations - larger than either the size of the static buffer for interfaces like sqlite3_snprintf(), or larger than SQLITE_LIMIT_LENGTH for interfaces that are associated with a database connection. This helps to prevent DOS attacks on products that let hostile sources inject arbitrary SQL. It also helps fuzzers run faster and more effectively. check-in: 179e5d46 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Show Whitespace Changes Patch

Changes to src/printf.c.

   438    438           if( flag_zeropad && precision<width-(prefix!=0) ){
   439    439             precision = width-(prefix!=0);
   440    440           }
   441    441           if( precision<etBUFSIZE-10-etBUFSIZE/3 ){
   442    442             nOut = etBUFSIZE;
   443    443             zOut = buf;
   444    444           }else{
   445         -          u64 n = (u64)precision + 10 + precision/3;
          445  +          u64 n;
          446  +          n = (u64)precision + 10;
          447  +          if( cThousand ) n += precision/3;
   446    448             zOut = zExtra = printfTempBuf(pAccum, n);
   447    449             if( zOut==0 ) return;
   448    450             nOut = (int)n;
   449    451           }
   450    452           bufpt = &zOut[nOut-1];
   451    453           if( xtype==etORDINAL ){
   452    454             static const char zOrd[] = "thstndrd";