MFH: Fixed possible crash inside sqlite_escape_string() and

sqlite_udf_encode_binary().
author: Ilia Alshanetsky <iliaa@php.net> 2004-02-27 00:30:45 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2004-02-27 00:30:45 +0000
commit: 8080b6bbd370d3056d98e816b31b2ff31d5b77ae (patch)
tree: 63e51be203a17cda712c6495c5c546d3d427cd77
parent: 3d08abbc7722b2eaa9ae9ce3e8fcb5f63dd8abbb (diff)
download: php-git-8080b6bbd370d3056d98e816b31b2ff31d5b77ae.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index d8348daca4..1db8528f36 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -1736,7 +1736,7 @@ PHP_FUNCTION(sqlite_escape_string)
 		/* binary string */
 		int enclen;
 		
-		ret = emalloc( 1 + ((256 * stringlen + 1262) / 253) );
+		ret = emalloc( 1 + 5 + stringlen * (256 / 253) );
 		ret[0] = '\x01';
 		enclen = sqlite_encode_binary((const unsigned char*)string, stringlen, ret+1);
 		RETVAL_STRINGL(ret, enclen+1, 0);
@@ -1941,7 +1941,7 @@ PHP_FUNCTION(sqlite_udf_encode_binary)
 		int enclen;
 		char *ret;
 		
-		ret = emalloc( 1 + ((256 * datalen + 1262) / 253) );
+		ret = emalloc( 1 + 5 + datalen * (256 / 253) );
 		ret[0] = '\x01';
 		enclen = sqlite_encode_binary((const unsigned char*)data, datalen, ret+1);
 		RETVAL_STRINGL(ret, enclen+1, 0);
author	Ilia Alshanetsky <iliaa@php.net>	2004-02-27 00:30:45 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2004-02-27 00:30:45 +0000
commit	8080b6bbd370d3056d98e816b31b2ff31d5b77ae (patch)
tree	63e51be203a17cda712c6495c5c546d3d427cd77
parent	3d08abbc7722b2eaa9ae9ce3e8fcb5f63dd8abbb (diff)
download	php-git-8080b6bbd370d3056d98e816b31b2ff31d5b77ae.tar.gz