Fixed possible crash due to an integer overflow.

author Ilia Alshanetsky <iliaa@php.net>

Sat, 6 Mar 2004 18:11:59 +0000 (18:11 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Sat, 6 Mar 2004 18:11:59 +0000 (18:11 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Sat, 6 Mar 2004 18:11:59 +0000 (18:11 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Sat, 6 Mar 2004 18:11:59 +0000 (18:11 +0000)
diff --git a/ext/sqlite/sess_sqlite.c b/ext/sqlite/sess_sqlite.c

index 1b8f4cfcbd449ca6d4a91ed173812e9e764163ed..8c4ea7da4bc048d7ab8838e5ddc1039c38508b13 100644 (file)
--- a/ext/sqlite/sess_sqlite.c
+++ b/ext/sqlite/sess_sqlite.c
@@ -142,7 +142,7 @@ PS_WRITE_FUNC(sqlite)
         
         t = time(NULL);
  
-       binary = emalloc((256 * vallen + 1262) / 253);
+       binary = emalloc(1 + 5 + vallen * (256 / 253));
         binlen = sqlite_encode_binary((const unsigned char*)val, vallen, binary);
         
         rv = sqlite_exec_printf(db, "REPLACE INTO session_data VALUES('%q', '%q', %d)", NULL, NULL, &error, key, binary, t);
@@ -177,7 +177,7 @@ PS_GC_FUNC(sqlite)
  
         /* because SQLite does not actually clear the deleted data from the database 
          * we need to occassionaly do so manually to prevent the sessions database 
-        * from endlessly growing.
+        * from growing endlessly.
          */
         if ((int) ((float) PS(gc_divisor) * PS(gc_divisor) * php_combined_lcg(TSRMLS_C)) < PS(gc_probability)) {
                 rv = sqlite_exec_printf(db, "VACUUM", NULL, NULL, NULL);
author	Ilia Alshanetsky <iliaa@php.net>
	Sat, 6 Mar 2004 18:11:59 +0000 (18:11 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Sat, 6 Mar 2004 18:11:59 +0000 (18:11 +0000)