sqlite3MulInt64() in util.c appears to try to detect integer overflow
by dividing the inputs by 2^32.  If both inputs are 0 when divided by
2^32, it does the 64-bit multiplication and moves on.

In the case of something like |SELECT 3452005775*3452005775|, both
inputs are greater than 2^31 but less than 2^32, but the result is
greater than 2^63, so it ends up as a large negative number (ie,
overflow, which is undefined for signed integers in C).  The smallest
number this overflow happens to is sqrt(2^63)+1, which is 3037000500.
Obviously there's a range of values where this can happen.

No patch suggested, though I wouldn't be surprised if my brain makes a
suggestion after things simmer for an hour or so.  If either value
needs less than 31 bits, it can't happen, but there's not a simple bit
pattern to check, AFAICT.

sqlite-users mailing list

Reply via email to