From a767d55a81f3d48151dac40ce51d3b94005c080d Mon Sep 17 00:00:00 2001
From: Yasuhiro Horimoto <horimoto@clear-code.com>
Date: Thu, 20 Jul 2017 22:25:22 +0900
Subject: [PATCH] Fixed integer overflow in sessionimpl.cpp (#1803) (#1820)

* Fix integer overflow in sessionimpl.cpp

* Modify document of setConnectionTimeout

Add discription of exception.
---
 .../include/Poco/Data/SQLite/SessionImpl.h       |  1 +
 Data/SQLite/src/SessionImpl.cpp                  | 16 ++++++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/Data/SQLite/include/Poco/Data/SQLite/SessionImpl.h b/Data/SQLite/include/Poco/Data/SQLite/SessionImpl.h
index f5b02b801..861addd87 100644
--- a/Data/SQLite/include/Poco/Data/SQLite/SessionImpl.h
+++ b/Data/SQLite/include/Poco/Data/SQLite/SessionImpl.h
@@ -75,6 +75,7 @@ public:
 
 	void setConnectionTimeout(std::size_t timeout);
 		/// Sets the session connection timeout value.
+		/// Throws RangeException if the timeout value is overflow.
 
 	std::size_t getConnectionTimeout();
 		/// Returns the session connection timeout value.
diff --git a/Data/SQLite/src/SessionImpl.cpp b/Data/SQLite/src/SessionImpl.cpp
index 6f1eb9a5c..10a7b3bc8 100644
--- a/Data/SQLite/src/SessionImpl.cpp
+++ b/Data/SQLite/src/SessionImpl.cpp
@@ -223,10 +223,18 @@ bool SessionImpl::isConnected()
 
 void SessionImpl::setConnectionTimeout(std::size_t timeout)
 {
-	int tout = 1000 * timeout;
-	int rc = sqlite3_busy_timeout(_pDB, tout);
-	if (rc != 0) Utility::throwException(rc);
-	_timeout = tout;
+	if(timeout >= 0 && (timeout <= INT_MAX/1000))
+	{
+		int tout = 1000 * timeout;
+		int rc = sqlite3_busy_timeout(_pDB, tout);
+		if (rc != 0) Utility::throwException(rc);
+		_timeout = tout;
+	}
+	else
+	{
+		throw RangeException
+				("Occurred integer overflow because of timeout value.");
+	}
 }