iliaa Sat Mar 6 13:11:59 2004 EDT Modified files: /php-src/ext/sqlite sess_sqlite.c Log: Fixed possible crash due to an integer overflow. http://cvs.php.net/diff.php/php-src/ext/sqlite/sess_sqlite.c?r1=1.13&r2=1.14&ty=u Index: php-src/ext/sqlite/sess_sqlite.c diff -u php-src/ext/sqlite/sess_sqlite.c:1.13 php-src/ext/sqlite/sess_sqlite.c:1.14 --- php-src/ext/sqlite/sess_sqlite.c:1.13 Tue Jan 13 00:23:07 2004 +++ php-src/ext/sqlite/sess_sqlite.c Sat Mar 6 13:11:59 2004 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: sess_sqlite.c,v 1.13 2004/01/13 05:23:07 john Exp $ */ +/* $Id: sess_sqlite.c,v 1.14 2004/03/06 18:11:59 iliaa Exp $ */ #include "php.h" @@ -142,7 +142,7 @@ t = time(NULL); - binary = emalloc((256 * vallen + 1262) / 253); + binary = emalloc(1 + 5 + vallen * (256 / 253)); binlen = sqlite_encode_binary((const unsigned char*)val, vallen, binary); rv = sqlite_exec_printf(db, "REPLACE INTO session_data VALUES('%q', '%q', %d)", NULL, NULL, &error, key, binary, t); @@ -177,7 +177,7 @@ /* because SQLite does not actually clear the deleted data from the database * we need to occassionaly do so manually to prevent the sessions database - * from endlessly growing. + * from growing endlessly. */ if ((int) ((float) PS(gc_divisor) * PS(gc_divisor) * php_combined_lcg(TSRMLS_C)) < PS(gc_probability)) { rv = sqlite_exec_printf(db, "VACUUM", NULL, NULL, NULL);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php