summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelipe Pena <felipe@php.net>2010-12-03 21:05:44 +0000
committerFelipe Pena <felipe@php.net>2010-12-03 21:05:44 +0000
commit689d1d9e4bf69289d1a2446cc32cb53b76e9cf4e (patch)
tree3d39966f93da267859a08915c1ecee9dcd2538e0
parent686c7fec26c7721bb92b836cc40d1232be497334 (diff)
downloadphp-git-689d1d9e4bf69289d1a2446cc32cb53b76e9cf4e.tar.gz
- Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number)
Diffstat
-rw-r--r--NEWS3
-rw-r--r--ext/sqlite3/sqlite3.c8
-rw-r--r--ext/sqlite3/tests/bug53463.phpt28
3 files changed, 38 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 7e3b283578..e54e450a64 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? Dec 2010, PHP 5.3.4
+- SQLite3 extension:
+ . Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number).
+ (Felipe)
02 Dec 2010, PHP 5.3.4RC2
- Core:
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 8dcce7ca65..c1813673a8 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -1532,6 +1532,7 @@ PHP_METHOD(sqlite3result, columnName)
php_sqlite3_result *result_obj;
zval *object = getThis();
long column = 0;
+ char *column_name;
result_obj = (php_sqlite3_result *)zend_object_store_get_object(object TSRMLS_CC);
SQLITE3_CHECK_INITIALIZED(result_obj->db_obj, result_obj->stmt_obj->initialised, SQLite3Result)
@@ -1539,8 +1540,13 @@ PHP_METHOD(sqlite3result, columnName)
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &column) == FAILURE) {
return;
}
+ column_name = (char*) sqlite3_column_name(result_obj->stmt_obj->stmt, column);
- RETVAL_STRING((char*)sqlite3_column_name(result_obj->stmt_obj->stmt, column), 1);
+ if (column_name == NULL) {
+ RETURN_FALSE;
+ }
+
+ RETVAL_STRING(column_name, 1);
}
/* }}} */
diff --git a/ext/sqlite3/tests/bug53463.phpt b/ext/sqlite3/tests/bug53463.phpt
new file mode 100644
index 0000000000..c9216e660f
--- /dev/null
+++ b/ext/sqlite3/tests/bug53463.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Bug #53463 (sqlite3 columnName() segfaults on bad column_number)
+--FILE--
+<?php
+
+$db = new SQLite3(':memory:');
+
+$db->exec('CREATE TABLE test (whatever INTEGER)');
+$db->exec('INSERT INTO test (whatever) VALUES (1)');
+
+$result = $db->query('SELECT * FROM test');
+while ($row = $result->fetchArray(SQLITE3_NUM)) {
+ var_dump($result->columnName(0)); // string(8) "whatever"
+
+ // Seems returning false will be most appropriate.
+ var_dump($result->columnName(3)); // Segmentation fault
+}
+
+$result->finalize();
+$db->close();
+
+echo "Done\n";
+
+?>
+--EXPECT--
+string(8) "whatever"
+bool(false)
+Done \ No newline at end of file
View Lorry Controller Status