Fixed possible crash due to an integer overflow.

author: Ilia Alshanetsky <iliaa@php.net> 2004-03-06 18:11:59 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2004-03-06 18:11:59 +0000
commit: 2d630bb6ae848ecca4f54ef68f2cfce82a69318c (patch)
tree: e9d12feaffbd784d75a5e5a4a43a8860ee277215
parent: f60d104c09b441cbc663c821915c48075333fe19 (diff)
download: php-git-2d630bb6ae848ecca4f54ef68f2cfce82a69318c.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/sqlite/sess_sqlite.c b/ext/sqlite/sess_sqlite.c
index 1b8f4cfcbd..8c4ea7da4b 100644
--- a/ext/sqlite/sess_sqlite.c
+++ b/ext/sqlite/sess_sqlite.c
@@ -142,7 +142,7 @@ PS_WRITE_FUNC(sqlite)
 	
 	t = time(NULL);
 
-	binary = emalloc((256 * vallen + 1262) / 253);
+	binary = emalloc(1 + 5 + vallen * (256 / 253));
 	binlen = sqlite_encode_binary((const unsigned char*)val, vallen, binary);
 	
 	rv = sqlite_exec_printf(db, "REPLACE INTO session_data VALUES('%q', '%q', %d)", NULL, NULL, &error, key, binary, t);
@@ -177,7 +177,7 @@ PS_GC_FUNC(sqlite)
 
 	/* because SQLite does not actually clear the deleted data from the database 
 	 * we need to occassionaly do so manually to prevent the sessions database 
-	 * from endlessly growing.
+	 * from growing endlessly.
 	 */
 	if ((int) ((float) PS(gc_divisor) * PS(gc_divisor) * php_combined_lcg(TSRMLS_C)) < PS(gc_probability)) {
 		rv = sqlite_exec_printf(db, "VACUUM", NULL, NULL, NULL);
author	Ilia Alshanetsky <iliaa@php.net>	2004-03-06 18:11:59 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2004-03-06 18:11:59 +0000
commit	2d630bb6ae848ecca4f54ef68f2cfce82a69318c (patch)
tree	e9d12feaffbd784d75a5e5a4a43a8860ee277215
parent	f60d104c09b441cbc663c821915c48075333fe19 (diff)
download	php-git-2d630bb6ae848ecca4f54ef68f2cfce82a69318c.tar.gz