Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.

author: Ilia Alshanetsky <iliaa@php.net> 2010-04-28 12:10:10 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2010-04-28 12:10:10 +0000
commit: 5031bfc395bd9cc5a29389d5fe458c3452643b76 (patch)
tree: 7a4fa7ee5e10f531a6cfe7e45e562660d1357e08 /ext/sqlite/sqlite.c
parent: 07446082c86ad21833006c2aa86cb6cc60cd25ad (diff)
download: php-git-5031bfc395bd9cc5a29389d5fe458c3452643b76.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index 4017dc7fbc..5fc562eeab 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -2508,7 +2508,7 @@ PHP_FUNCTION(sqlite_array_query)
 		return;
 	}
 
-	rres = (struct php_sqlite_result *)emalloc(sizeof(*rres));
+	rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres));
 	sqlite_query(NULL, db, sql, sql_len, (int)mode, 0, NULL, &rres, NULL TSRMLS_CC);
 	if (db->last_err_code != SQLITE_OK) {
 		if (rres) {
@@ -2624,7 +2624,7 @@ PHP_FUNCTION(sqlite_single_query)
 		return;
 	}
 
-	rres = (struct php_sqlite_result *)emalloc(sizeof(*rres));
+	rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres));
 	sqlite_query(NULL, db, sql, sql_len, PHPSQLITE_NUM, 0, NULL, &rres, NULL TSRMLS_CC);
 	if (db->last_err_code != SQLITE_OK) {
 		if (rres) {
author	Ilia Alshanetsky <iliaa@php.net>	2010-04-28 12:10:10 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2010-04-28 12:10:10 +0000
commit	5031bfc395bd9cc5a29389d5fe458c3452643b76 (patch)
tree	7a4fa7ee5e10f531a6cfe7e45e562660d1357e08 /ext/sqlite/sqlite.c
parent	07446082c86ad21833006c2aa86cb6cc60cd25ad (diff)
download	php-git-5031bfc395bd9cc5a29389d5fe458c3452643b76.tar.gz