From a7ed2fcba8ef1df4bcd846d895469ca72542be07 Mon Sep 17 00:00:00 2001
From: Hugo SIMELIERE <simeliere.hugo@non.se.com>
Date: Fri, 14 Nov 2025 15:31:17 +0100
Subject: [PATCH] Optimize allocation of large tombstone arrays in fts5.

FossilOrigin-Name: 0fcc3cbdfa21adf97aed01fa76991cccf9380e2755b0182a9e2c94e3c8fb38d7

CVE: CVE-2025-7709
Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/192d0ff8ccf0bf55776a5930cdc64e25f87299d6]
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
---
 sqlite3.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sqlite3.c b/sqlite3.c
index 1ee8de4..43f59e2 100644
--- a/sqlite3.c
+++ b/sqlite3.c
@@ -240724,9 +240724,9 @@ static void fts5SegIterSetNext(Fts5Index *p, Fts5SegIter *pIter){
 ** leave an error in the Fts5Index object.
 */
 static void fts5SegIterAllocTombstone(Fts5Index *p, Fts5SegIter *pIter){
-  const int nTomb = pIter->pSeg->nPgTombstone;
+  const i64 nTomb = (i64)pIter->pSeg->nPgTombstone;
   if( nTomb>0 ){
-    int nByte = nTomb * sizeof(Fts5Data*) + sizeof(Fts5TombstoneArray);
+    i64 nByte = nTomb * sizeof(Fts5Data*) + sizeof(Fts5TombstoneArray);
     Fts5TombstoneArray *pNew;
     pNew = (Fts5TombstoneArray*)sqlite3Fts5MallocZero(&p->rc, nByte);
     if( pNew ){
-- 
2.43.0