diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2004-02-27 00:30:45 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2004-02-27 00:30:45 +0000 |
commit | 8080b6bbd370d3056d98e816b31b2ff31d5b77ae (patch) | |
tree | 63e51be203a17cda712c6495c5c546d3d427cd77 | |
parent | 3d08abbc7722b2eaa9ae9ce3e8fcb5f63dd8abbb (diff) | |
download | php-git-8080b6bbd370d3056d98e816b31b2ff31d5b77ae.tar.gz |
MFH: Fixed possible crash inside sqlite_escape_string() and
sqlite_udf_encode_binary().
-rw-r--r-- | ext/sqlite/sqlite.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index d8348daca4..1db8528f36 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -1736,7 +1736,7 @@ PHP_FUNCTION(sqlite_escape_string) /* binary string */ int enclen; - ret = emalloc( 1 + ((256 * stringlen + 1262) / 253) ); + ret = emalloc( 1 + 5 + stringlen * (256 / 253) ); ret[0] = '\x01'; enclen = sqlite_encode_binary((const unsigned char*)string, stringlen, ret+1); RETVAL_STRINGL(ret, enclen+1, 0); @@ -1941,7 +1941,7 @@ PHP_FUNCTION(sqlite_udf_encode_binary) int enclen; char *ret; - ret = emalloc( 1 + ((256 * datalen + 1262) / 253) ); + ret = emalloc( 1 + 5 + datalen * (256 / 253) ); ret[0] = '\x01'; enclen = sqlite_encode_binary((const unsigned char*)data, datalen, ret+1); RETVAL_STRINGL(ret, enclen+1, 0); |