diff options
author | Xinchen Hui <laruence@php.net> | 2015-07-07 21:38:24 +0800 |
---|---|---|
committer | Xinchen Hui <laruence@php.net> | 2015-07-07 21:38:24 +0800 |
commit | ca1ba39102d3e209d4c8a04b46316e9c8b7521e4 (patch) | |
tree | 77bfce47da72370aa1d4bf9f00d58560e9b722d0 | |
parent | 5bd315657c41601803bf5cf2528fdd373fdfdf48 (diff) | |
parent | 26471eb69c3cd9e8162ff3b398d33919d9075191 (diff) | |
download | php-git-ca1ba39102d3e209d4c8a04b46316e9c8b7521e4.tar.gz |
Merge branch 'PHP-5.6'
Conflicts:
ext/sqlite3/sqlite3.c
-rw-r--r-- | ext/sqlite3/sqlite3.c | 12 | ||||
-rw-r--r-- | ext/sqlite3/tests/bug69972.phpt | 28 |
2 files changed, 38 insertions, 2 deletions
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index eacd66399e..b16cba3668 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -281,7 +281,11 @@ PHP_METHOD(sqlite3, lastErrorCode) return; } - RETURN_LONG(sqlite3_errcode(db_obj->db)); + if (db_obj->initialised) { + RETURN_LONG(sqlite3_errcode(db_obj->db)); + } else { + RETURN_LONG(0); + } } /* }}} */ @@ -299,7 +303,11 @@ PHP_METHOD(sqlite3, lastErrorMsg) return; } - RETVAL_STRING((char *)sqlite3_errmsg(db_obj->db)); + if (db_obj->initialised) { + RETURN_STRING((char *)sqlite3_errmsg(db_obj->db)); + } else { + RETURN_EMPTY_STRING(); + } } /* }}} */ diff --git a/ext/sqlite3/tests/bug69972.phpt b/ext/sqlite3/tests/bug69972.phpt new file mode 100644 index 0000000000..539ebd2696 --- /dev/null +++ b/ext/sqlite3/tests/bug69972.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()) +--SKIPIF-- +<?php +if (!extension_loaded('sqlite3')) die('skip'); +?> +--FILE-- +<?php +$db = new SQLite3(':memory:'); +echo "SELECTING from invalid table\n"; +$result = $db->query("SELECT * FROM non_existent_table"); +echo "Closing database\n"; +var_dump($db->close()); +echo "Done\n"; + +// Trigger the use-after-free +echo "Error Code: " . $db->lastErrorCode() . "\n"; +echo "Error Msg: " . $db->lastErrorMsg() . "\n"; +?> +--EXPECTF-- +SELECTING from invalid table + +Warning: SQLite3::query(): Unable to prepare statement: 1, no such table: non_existent_table in %sbug69972.php on line %d +Closing database +bool(true) +Done +Error Code: 0 +Error Msg: |