resolved #73787

Changes

@@ -1,9 +1,11 @@
 Changes for Perl extension DBD-SQLite
 
-1.36_01 Tue 29 Nov 2011
+1.36_01 to be released
     - Enabled SQLITE_ENABLE_FTS4
     - Enabled SQLITE_ENABLE_STAT3
     - Resolved #73159: FTS tokenizer segfault (ISHIGAKI)
+    - Resolved #73787: sqlite_see_if_its_a_number causes a buffer
+      overflow (ISHIGAKI)
 
 1.35 Tue 29 Nov 2011
     - Updated to SQLite 3.7.9 (ISHIGAKI)

dbdimp.c

@@ -166,7 +166,7 @@ sqlite_is_number(pTHX_ const char *v, bool strict)
     int neg;
     int digit = 0;
     int precision = 0;
-    char str[30], format[10];
+    char format[10];
 
     if (!strict) {
         while (*z == ' ') { z++; v++; }
@@ -192,7 +192,7 @@ sqlite_is_number(pTHX_ const char *v, bool strict)
     }
 #else
     if (digit > 11) return 0; /* too large for i32 */
-    if (digit == 10) {
+    if (digit == 11) {
         int c;
         char tmp[14];
         strncpy(tmp, v, z - v + 1);
@@ -215,12 +215,10 @@ sqlite_is_number(pTHX_ const char *v, bool strict)
         while (isdigit(*z)) { z++; }
     }
 
-    sprintf(str, "%i", atoi(v));
+    if (strEQ(form("%i", atoi(v)), v)) return 1;
-    if (strEQ(str, v)) return 1;
     if (precision) {
         sprintf(format, "%%.%df", precision);
-        sprintf(str, format, atof(v));
+        if (strEQ(form(format, atof(v)), v)) return 2;
-        if (strEQ(str, v)) return 2;
     }
     return 0;
 }

t/rt_73787_exponential_buffer_overflow.t

@@ -0,0 +1,23 @@
+#!/usr/bin/perl
+
+use strict;
+BEGIN {
+	$|  = 1;
+	$^W = 1;
+}
+
+use t::lib::Test qw/connect_ok/;
+use Test::More tests => 6;
+use Test::NoWarnings;
+
+my $dbh = connect_ok(sqlite_see_if_its_a_number => 1);
+$dbh->do('create table foo (id integer primary key, exp)');
+my $ct = 0;
+for my $value (qw/2e100 10.04e100/) {
+    eval {
+        $dbh->do('insert into foo values (?, ?)', undef, $ct++, $value);
+        my $got = $dbh->selectrow_arrayref('select * from foo where exp = ?', undef, $value);
+        is $value => $got->[1], "got ".$got->[0];
+    };
+    ok !$@, "and without errors";
+}