From 3bb789ba44d04e5c7d02abdfce6ff2e51f566db2 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Fri, 14 Dec 2018 17:57:01 +0000
Subject: [PATCH 0626/1009] Fix possible integer overflow while running PRAGMA
 integrity_check on a database file with a badly corrupted freelist.

https://github.com/mackyle/sqlite/commit/3bb789ba44d04e5c7d02abdfce6ff2e51f566db2

---
 src/btree.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/btree.c b/src/btree.c
index 8b3375e..24a274c 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -9414,18 +9414,18 @@ static void checkList(
     }
     pOvflData = (unsigned char *)sqlite3PagerGetData(pOvflPage);
     if( isFreeList ){
-      int n = get4byte(&pOvflData[4]);
+      u32 n = (u32)get4byte(&pOvflData[4]);
 #ifndef SQLITE_OMIT_AUTOVACUUM
       if( pCheck->pBt->autoVacuum ){
         checkPtrmap(pCheck, iPage, PTRMAP_FREEPAGE, 0);
       }
 #endif
-      if( n>(int)pCheck->pBt->usableSize/4-2 ){
+      if( n>pCheck->pBt->usableSize/4-2 ){
         checkAppendMsg(pCheck,
            "freelist leaf count too big on page %d", iPage);
         N--;
       }else{
-        for(i=0; i<n; i++){
+        for(i=0; i<(int)n; i++){
           Pgno iFreePage = get4byte(&pOvflData[8+i*4]);
 #ifndef SQLITE_OMIT_AUTOVACUUM
           if( pCheck->pBt->autoVacuum ){
-- 
1.8.3.1