From 8dba5edb332d9bdf8b856c26404c8043bdfd4192 Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Thu, 18 Oct 2018 15:17:18 +0000
Subject: [PATCH 0460/1009] Take steps to avoid a potential integer overflow in
 sessionBufferGrow().

https://github.com/mackyle/sqlite/commit/8dba5edb332d9bdf8b856c26404c8043bdfd4192

---
 ext/session/sqlite3session.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
index 20810ee..a1ca9a7 100644
--- a/ext/session/sqlite3session.c
+++ b/ext/session/sqlite3session.c
@@ -1794,12 +1794,12 @@ int sqlite3session_attach(
 static int sessionBufferGrow(SessionBuffer *p, int nByte, int *pRc){
   if( *pRc==SQLITE_OK && p->nAlloc-p->nBuf<nByte ){
     u8 *aNew;
-    int nNew = p->nAlloc ? p->nAlloc : 128;
+    i64 nNew = p->nAlloc ? p->nAlloc : 128;
     do {
       nNew = nNew*2;
-    }while( nNew<(p->nBuf+nByte) );
+    }while( (nNew-p->nBuf)<nByte );
 
-    aNew = (u8 *)sqlite3_realloc(p->aBuf, nNew);
+    aNew = (u8 *)sqlite3_realloc64(p->aBuf, nNew);
     if( 0==aNew ){
       *pRc = SQLITE_NOMEM;
     }else{
-- 
1.8.3.1