Flummi/amxmodx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add missing buffer size check to SQLite QuoteString implementation (#411)

Browse Source
This commit is contained in:
Vincent Herbet 2017-02-23 13:56:58 +01:00 committed by GitHub
parent 074af44ead
commit b973d24081
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/sqlite/sqlitepp/SqliteDatabase.cpp
View File

@ -81,6 +81,14 @@ IQuery *SqliteDatabase::PrepareQueryFmt(const char *fmt, ...)
int SqliteDatabase::QuoteString(const char *str, char buffer[], size_t maxlen, size_t *newsize) int SqliteDatabase::QuoteString(const char *str, char buffer[], size_t maxlen, size_t *newsize)
{ {
auto size = strlen(str);
auto needed = size * 2 + 1;
if (maxlen < needed)
{
return static_cast<int>(needed);
}
char *res = sqlite3_snprintf(static_cast<int>(maxlen), buffer, "%q", str); char *res = sqlite3_snprintf(static_cast<int>(maxlen), buffer, "%q", str);
if (res != NULL && newsize != NULL) if (res != NULL && newsize != NULL)