UNLOZE/sourcemod
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add missing buffer size check to SQLite QuoteString impl

Browse Source
This commit is contained in:
Asher Baker 2016-02-15 14:19:11 +00:00
parent 1ff13c59cf
commit 7c3bcc9c25
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
extensions/sqlite/driver/SqDatabase.cpp
View File

@ -84,6 +84,18 @@ IDBDriver *SqDatabase::GetDriver()
bool SqDatabase::QuoteString(const char *str, char buffer[], size_t maxlen, size_t *newSize) bool SqDatabase::QuoteString(const char *str, char buffer[], size_t maxlen, size_t *newSize)
{ {
unsigned long size = static_cast<unsigned long>(strlen(str));
unsigned long needed = size * 2 + 1;
if (maxlen < needed)
{
if (newSize != NULL)
{
*newSize = (size_t)needed;
}
return false;
}
char *res = sqlite3_snprintf(static_cast<int>(maxlen), buffer, "%q", str); char *res = sqlite3_snprintf(static_cast<int>(maxlen), buffer, "%q", str);
if (res != NULL && newSize != NULL) if (res != NULL && newSize != NULL)