More prepare fixes while we're at it

Author: simolus3

sqlite3/CHANGELOG.md

@@ -4,6 +4,7 @@
   SQL statement.
 - Fix a native null-pointer dereference when calling `prepare` with a statement
   exclusively containing whitespace or comments.
+- Fix a potential out-of-bounds read when preparing statements.
 
 ## 1.5.0
 

sqlite3/lib/src/impl/database.dart

@@ -216,7 +216,7 @@ class DatabaseImpl implements Database {
         return function(
           _handle,
           sqlPtr.elementAt(offset).cast(),
-          bytes.length,
+          bytes.length - offset,
           prepFlags,
           stmtOut,
           pzTail,
@@ -235,7 +235,7 @@ class DatabaseImpl implements Database {
         return function(
           _handle,
           sqlPtr.elementAt(offset).cast(),
-          bytes.length,
+          bytes.length - offset,
           stmtOut,
           pzTail,
         );