diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/sqlite3/sqlite3.c | 8 | ||||
| -rw-r--r-- | ext/sqlite3/tests/bug53463.phpt | 28 |
3 files changed, 38 insertions, 1 deletions
@@ -1,6 +1,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? Dec 2010, PHP 5.3.4 +- SQLite3 extension: + . Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number). + (Felipe) 02 Dec 2010, PHP 5.3.4RC2 - Core: diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 8dcce7ca65..c1813673a8 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -1532,6 +1532,7 @@ PHP_METHOD(sqlite3result, columnName) php_sqlite3_result *result_obj; zval *object = getThis(); long column = 0; + char *column_name; result_obj = (php_sqlite3_result *)zend_object_store_get_object(object TSRMLS_CC); SQLITE3_CHECK_INITIALIZED(result_obj->db_obj, result_obj->stmt_obj->initialised, SQLite3Result) @@ -1539,8 +1540,13 @@ PHP_METHOD(sqlite3result, columnName) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &column) == FAILURE) { return; } + column_name = (char*) sqlite3_column_name(result_obj->stmt_obj->stmt, column); - RETVAL_STRING((char*)sqlite3_column_name(result_obj->stmt_obj->stmt, column), 1); + if (column_name == NULL) { + RETURN_FALSE; + } + + RETVAL_STRING(column_name, 1); } /* }}} */ diff --git a/ext/sqlite3/tests/bug53463.phpt b/ext/sqlite3/tests/bug53463.phpt new file mode 100644 index 0000000000..c9216e660f --- /dev/null +++ b/ext/sqlite3/tests/bug53463.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #53463 (sqlite3 columnName() segfaults on bad column_number) +--FILE-- +<?php + +$db = new SQLite3(':memory:'); + +$db->exec('CREATE TABLE test (whatever INTEGER)'); +$db->exec('INSERT INTO test (whatever) VALUES (1)'); + +$result = $db->query('SELECT * FROM test'); +while ($row = $result->fetchArray(SQLITE3_NUM)) { + var_dump($result->columnName(0)); // string(8) "whatever" + + // Seems returning false will be most appropriate. + var_dump($result->columnName(3)); // Segmentation fault +} + +$result->finalize(); +$db->close(); + +echo "Done\n"; + +?> +--EXPECT-- +string(8) "whatever" +bool(false) +Done
\ No newline at end of file |