Skip to content

Conversation

@cmb69
Copy link
Member

@cmb69 cmb69 commented Feb 18, 2025

::setAttribute(PDO::ATTR_TIMEOUT, …) accepts a timeout in seconds, but sqlite3_busy_timeout()[1] expects the timeout in milliseconds, which is an int. To avoid signed overflow, we reject values larger than the allowed range.

We also cater to negative values by simply clamping those to zero, since sqlite3_busy_timeout() handles negative values the same as zero.

[1] https://www.sqlite.org/c3ref/busy_timeout.html


@nielsdos said:

I wonder if we should warn in that case to notify the user that no timeout actually was applied.

I'm not sure about this, since that may raise an exception with ERRMODE_EXCEPTION (and possibly even with ERRMODE_WARNING due to a global error handler), and might break working code (not working as intended, but somehow working). Perhaps it's better to postpone that to the master branch.

`::setAttribute(PDO::ATTR_TIMEOUT, …)` accepts a timeout in seconds,
but `sqlite3_busy_timeout()`[1] expects the timeout in milliseconds,
which is an `int`.  To avoid signed overflow, we reject values larger
than the allowed range.

We also cater to negative values by simply clamping those to zero,
since `sqlite3_busy_timeout()` handles negative values the same as
zero.

[1] <https://www.sqlite.org/c3ref/busy_timeout.html>
@cmb69 cmb69 linked an issue Feb 18, 2025 that may be closed by this pull request
@cmb69 cmb69 marked this pull request as ready for review February 18, 2025 17:35
@cmb69 cmb69 requested a review from SakiTakamachi as a code owner February 18, 2025 17:35
Copy link
Member

@nielsdos nielsdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine by me, and point taken about the warning. Thx for the patch

@nielsdos
Copy link
Member

Ping ;) Forgot to merge this? 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Signed integer overflow when setting ATTR_TIMEOUT

2 participants