From b973d24081b88c4201d377723763b818a50317f9 Mon Sep 17 00:00:00 2001
From: Vincent Herbet <github@arkshine.me>
Date: Thu, 23 Feb 2017 13:56:58 +0100
Subject: [PATCH] Add missing buffer size check to SQLite QuoteString
 implementation (#411)

---
 modules/sqlite/sqlitepp/SqliteDatabase.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/sqlite/sqlitepp/SqliteDatabase.cpp b/modules/sqlite/sqlitepp/SqliteDatabase.cpp
index b926e98e..6258c8b6 100644
--- a/modules/sqlite/sqlitepp/SqliteDatabase.cpp
+++ b/modules/sqlite/sqlitepp/SqliteDatabase.cpp
@@ -81,6 +81,14 @@ IQuery *SqliteDatabase::PrepareQueryFmt(const char *fmt, ...)
 
 int SqliteDatabase::QuoteString(const char *str, char buffer[], size_t maxlen, size_t *newsize)
 {
+	auto size = strlen(str);
+	auto needed = size * 2 + 1;
+
+	if (maxlen < needed)
+	{
+		return static_cast<int>(needed);
+	}
+
 	char *res = sqlite3_snprintf(static_cast<int>(maxlen), buffer, "%q", str);
 
 	if (res != NULL && newsize != NULL)