diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/sqlite/sess_sqlite.c | 10 | ||||
| -rw-r--r-- | ext/sqlite/sqlite.c | 2 |
3 files changed, 10 insertions, 4 deletions
@@ -6,6 +6,8 @@ PHP NEWS - Fixed altering $this via argument named "this". (Dmitry) - Fixed bug #41287 (Namespace functions don't allow xmlns defintion to be optional). (Rob) +- Fixed bug #41285 (Improved fix for CVE-2007-1887 to work with non-bundled + sqlite2 lib). (Ilia) - Fixed bug #41283 (Bug with serializing array key that are doubles or floats). (Ilia) - Fixed bug #41257: (lookupNamespaceURI does not work as expected). (Rob) diff --git a/ext/sqlite/sess_sqlite.c b/ext/sqlite/sess_sqlite.c index 785704faf7..c893baad98 100644 --- a/ext/sqlite/sess_sqlite.c +++ b/ext/sqlite/sess_sqlite.c @@ -110,9 +110,13 @@ PS_READ_FUNC(sqlite) case SQLITE_ROW: if (rowdata[0] != NULL) { *vallen = strlen(rowdata[0]); - *val = emalloc(*vallen); - *vallen = sqlite_decode_binary(rowdata[0], *val); - (*val)[*vallen] = '\0'; + if (*vallen) { + *val = emalloc(*vallen); + *vallen = sqlite_decode_binary(rowdata[0], *val); + (*val)[*vallen] = '\0'; + } else { + *val = STR_EMPTY_ALLOC(); + } } break; default: diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index 27922020b1..93d62cfa93 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -73,7 +73,7 @@ extern int sqlite_encode_binary(const unsigned char *in, int n, unsigned char *o extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out); #define php_sqlite_encode_binary(in, n, out) sqlite_encode_binary((const unsigned char *)in, n, (unsigned char *)out) -#define php_sqlite_decode_binary(in, out) sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) +#define php_sqlite_decode_binary(in, out) in && *in ? sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) : 0 static int sqlite_count_elements(zval *object, long *count TSRMLS_DC); |