From 95a3db8dcf8622a8db12059abe1befca418d9440 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Sat, 12 Jan 2019 21:30:26 +0000
Subject: [PATCH 0756/1009] Prevent unsigned 32-bit integer overflow from
 leading to a buffer overread inside of an assert().  The problem fixed here
 is no reachable in production code.

https://github.com/mackyle/sqlite/commit/95a3db8dcf8622a8db12059abe1befca418d9440

---
 src/vdbeaux.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index 1125cfd..1af8a6f 100644
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -3883,8 +3883,8 @@ static int vdbeRecordCompareDebug(
     ** Use that approximation to avoid the more expensive call to
     ** sqlite3VdbeSerialTypeLen() in the common case.
     */
-    if( d1+serial_type1+2>(u32)nKey1
-     && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1 
+    if( d1+(u64)serial_type1+2>(u64)nKey1
+     && d1+(u64)sqlite3VdbeSerialTypeLen(serial_type1)>(u64)nKey1 
     ){
       break;
     }
-- 
1.8.3.1