iliaa Sat Mar 6 13:11:59 2004 EDT
Modified files:
/php-src/ext/sqlite sess_sqlite.c
Log:
Fixed possible crash due to an integer overflow.
http://cvs.php.net/diff.php/php-src/ext/sqlite/sess_sqlite.c?r1=1.13&r2=1.14&ty=u
Index: php-src/ext/sqlite/sess_sqlite.c
diff -u php-src/ext/sqlite/sess_sqlite.c:1.13 php-src/ext/sqlite/sess_sqlite.c:1.14
--- php-src/ext/sqlite/sess_sqlite.c:1.13 Tue Jan 13 00:23:07 2004
+++ php-src/ext/sqlite/sess_sqlite.c Sat Mar 6 13:11:59 2004
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: sess_sqlite.c,v 1.13 2004/01/13 05:23:07 john Exp $ */
+/* $Id: sess_sqlite.c,v 1.14 2004/03/06 18:11:59 iliaa Exp $ */
#include "php.h"
@@ -142,7 +142,7 @@
t = time(NULL);
- binary = emalloc((256 * vallen + 1262) / 253);
+ binary = emalloc(1 + 5 + vallen * (256 / 253));
binlen = sqlite_encode_binary((const unsigned char*)val, vallen, binary);
rv = sqlite_exec_printf(db, "REPLACE INTO session_data VALUES('%q', '%q',
%d)", NULL, NULL, &error, key, binary, t);
@@ -177,7 +177,7 @@
/* because SQLite does not actually clear the deleted data from the database
* we need to occassionaly do so manually to prevent the sessions database
- * from endlessly growing.
+ * from growing endlessly.
*/
if ((int) ((float) PS(gc_divisor) * PS(gc_divisor) *
php_combined_lcg(TSRMLS_C)) < PS(gc_probability)) {
rv = sqlite_exec_printf(db, "VACUUM", NULL, NULL, NULL);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
