From c856e821d0609a6b1f7e97f721ac1473887b11da Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 27 Feb 2004 00:29:10 +0000
Subject: Fixed possible crash inside sqlite_escape_string() and
 sqlite_udf_encode_binary().

---
 ext/sqlite/sqlite.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ext/sqlite/sqlite.c')

diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index d923045125..a16603b578 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -2604,7 +2604,7 @@ PHP_FUNCTION(sqlite_escape_string)
 		/* binary string */
 		int enclen;
 		
-		ret = emalloc( 1 + ((256 * stringlen + 1262) / 253) );
+		ret = emalloc( 1 + 5 + stringlen * (256 / 253) );
 		ret[0] = '\x01';
 		enclen = php_sqlite_encode_binary(string, stringlen, ret+1);
 		RETVAL_STRINGL(ret, enclen+1, 0);
@@ -2834,7 +2834,7 @@ PHP_FUNCTION(sqlite_udf_encode_binary)
 		int enclen;
 		char *ret;
 		
-		ret = emalloc( 1 + ((256 * datalen + 1262) / 253) );
+		ret = emalloc( 1 + 5 + datalen * (256 / 253) );
 		ret[0] = '\x01';
 		enclen = php_sqlite_encode_binary(data, datalen, ret+1);
 		RETVAL_STRINGL(ret, enclen+1, 0);
-- 
cgit v1.2.1