summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBohwaZ <bohwaz@github.com>2018-11-22 16:57:55 +0100
committerChristoph M. Becker <cmbecker69@gmx.de>2018-11-29 02:16:57 +0100
commit94ec262fca2e832ab2e1c4f03bc68cbda6aa42ae (patch)
treead6275ae1c717f437c968fcf1debea1ed3bb858e
parent4ac764e8bbe86706fe7c144bf7f410416cd4f120 (diff)
downloadphp-git-94ec262fca2e832ab2e1c4f03bc68cbda6aa42ae.tar.gz
Fix #77051: Issue with re-binding on SQLite3
We have to call `sqlite3_reset()` before re-binding the parameters.
-rw-r--r--NEWS3
-rw-r--r--ext/sqlite3/sqlite3.c3
-rw-r--r--ext/sqlite3/tests/bug77051.phpt84
3 files changed, 90 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index d5bb3fb886..a2bcf45713 100644
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,9 @@ PHP NEWS
. Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
(Mizunashi Mana)
+- SQLite3:
+ . Fixed bug #77051 (Issue with re-binding on SQLite3). (BohwaZ)
+
06 Dec 2018, PHP 7.2.13
- ftp:
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 5a0ee776b4..4c6b3f11fb 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -1568,6 +1568,9 @@ PHP_METHOD(sqlite3stmt, execute)
SQLITE3_CHECK_INITIALIZED(stmt_obj->db_obj, stmt_obj->initialised, SQLite3);
+ /* Always reset statement before execution, see bug #77051 */
+ sqlite3_reset(stmt_obj->stmt);
+
if (stmt_obj->bound_params) {
ZEND_HASH_FOREACH_PTR(stmt_obj->bound_params, param) {
zval *parameter;
diff --git a/ext/sqlite3/tests/bug77051.phpt b/ext/sqlite3/tests/bug77051.phpt
new file mode 100644
index 0000000000..98e45ae88a
--- /dev/null
+++ b/ext/sqlite3/tests/bug77051.phpt
@@ -0,0 +1,84 @@
+--TEST--
+Bug #77051 SQLite3::bindParam memory bug when missing ::reset call
+--SKIPIF--
+<?php require_once(__DIR__ . '/skipif.inc'); ?>
+--FILE--
+<?php
+
+$db = new SQLite3(':memory:');
+$db->enableExceptions(true);
+
+$stmt = $db->prepare('SELECT :a, :b, ?;');
+
+$a = 42;
+$stmt->bindParam(':a', $a, SQLITE3_INTEGER);
+$stmt->bindValue(':b', 'php');
+$stmt->bindValue(':b', 'PHP');
+$stmt->bindValue(3, 424242);
+
+echo "Execute statement\n";
+var_dump($res = $stmt->execute());
+
+echo "Statement result\n";
+var_dump($res->fetchArray(SQLITE3_NUM));
+
+echo "Change binded param to wrong type\n";
+$a = 'TEST';
+
+echo "Execute statement\n";
+var_dump($res = $stmt->execute());
+
+echo "Statement result\n";
+var_dump($res->fetchArray(SQLITE3_NUM));
+
+echo "Change binded values\n";
+$a = 5252552;
+$stmt->bindValue(':b', 'TEST');
+$stmt->bindValue(3, '!!!');
+
+echo "Execute statement\n";
+var_dump($res = $stmt->execute());
+
+echo "Statement result\n";
+var_dump($res->fetchArray(SQLITE3_NUM));
+
+?>
+--EXPECTF--
+Execute statement
+object(SQLite3Result)#3 (0) {
+}
+Statement result
+array(3) {
+ [0]=>
+ int(42)
+ [1]=>
+ string(3) "PHP"
+ [2]=>
+ int(424242)
+}
+Change binded param to wrong type
+Execute statement
+object(SQLite3Result)#4 (0) {
+}
+Statement result
+array(3) {
+ [0]=>
+ int(0)
+ [1]=>
+ string(3) "PHP"
+ [2]=>
+ int(424242)
+}
+Change binded values
+Execute statement
+object(SQLite3Result)#3 (0) {
+}
+Statement result
+array(3) {
+ [0]=>
+ int(5252552)
+ [1]=>
+ string(4) "TEST"
+ [2]=>
+ string(3) "!!!"
+} \ No newline at end of file