summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/sqlite3/sqlite3.c4
-rw-r--r--ext/sqlite3/tests/bug72571.phpt21
2 files changed, 24 insertions, 1 deletions
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 5ba59ad604..201c683b4f 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -1379,7 +1379,9 @@ static int register_bound_parameter_to_sqlite(struct php_sqlite3_bound_param *pa
}
if (param->param_number < 1) {
- zend_string_release(param->name);
+ if (param->name) {
+ zend_string_release(param->name);
+ }
return 0;
}
diff --git a/ext/sqlite3/tests/bug72571.phpt b/ext/sqlite3/tests/bug72571.phpt
new file mode 100644
index 0000000000..3ffde291c7
--- /dev/null
+++ b/ext/sqlite3/tests/bug72571.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash)
+--SKIPIF--
+<?php
+if (!extension_loaded('sqlite3')) die('skip'); ?>
+--FILE--
+<?php
+$db = new SQLite3(':memory:');
+
+$stmt = $db->prepare("select 1 = ?");
+
+// bindParam crash
+$i = 0;
+$stmt->bindParam(0, $i);
+
+var_dump($stmt->execute());
+$db->close();
+?>
+--EXPECTF--
+object(SQLite3Result)#%d (0) {
+}
View Lorry Controller Status