summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOndřej Surý <ondrej@sury.org>2011-01-05 11:00:17 +0100
committerOndřej Surý <ondrej@sury.org>2011-01-05 11:00:17 +0100
commitf53d59a45e76d58cfe061de8431b77a3bc9f4b71 (patch)
tree9a74a9767a2cb2a69a50e138a83b3fa5fa9eb849
parente23fb12f07be0df7a3b176a56a1f83a0f2556198 (diff)
downloadphp-f53d59a45e76d58cfe061de8431b77a3bc9f4b71.tar.gz
Cherry pick fix for sqlite3 columnName segfault on bad column_number
Diffstat
-rw-r--r--debian/patches/fix-sqlite3-columnName-segfaults-on-bad-column_number.patch57
-rw-r--r--debian/patches/series1
2 files changed, 58 insertions, 0 deletions
diff --git a/debian/patches/fix-sqlite3-columnName-segfaults-on-bad-column_number.patch b/debian/patches/fix-sqlite3-columnName-segfaults-on-bad-column_number.patch
new file mode 100644
index 000000000..b6de54030
--- /dev/null
+++ b/debian/patches/fix-sqlite3-columnName-segfaults-on-bad-column_number.patch
@@ -0,0 +1,57 @@
+--- /dev/null
++++ b/ext/sqlite3/tests/bug53463.phpt
+@@ -0,0 +1,28 @@
++--TEST--
++Bug #53463 (sqlite3 columnName() segfaults on bad column_number)
++--FILE--
++<?php
++
++$db = new SQLite3(':memory:');
++
++$db->exec('CREATE TABLE test (whatever INTEGER)');
++$db->exec('INSERT INTO test (whatever) VALUES (1)');
++
++$result = $db->query('SELECT * FROM test');
++while ($row = $result->fetchArray(SQLITE3_NUM)) {
++ var_dump($result->columnName(0)); // string(8) "whatever"
++
++ // Seems returning false will be most appropriate.
++ var_dump($result->columnName(3)); // Segmentation fault
++}
++
++$result->finalize();
++$db->close();
++
++echo "Done\n";
++
++?>
++--EXPECT--
++string(8) "whatever"
++bool(false)
++Done
+\ No newline at end of file
+--- a/ext/sqlite3/sqlite3.c
++++ b/ext/sqlite3/sqlite3.c
+@@ -1532,6 +1532,7 @@ PHP_METHOD(sqlite3result, columnName)
+ php_sqlite3_result *result_obj;
+ zval *object = getThis();
+ long column = 0;
++ char *column_name;
+ result_obj = (php_sqlite3_result *)zend_object_store_get_object(object TSRMLS_CC);
+
+ SQLITE3_CHECK_INITIALIZED(result_obj->db_obj, result_obj->stmt_obj->initialised, SQLite3Result)
+@@ -1539,8 +1540,13 @@ PHP_METHOD(sqlite3result, columnName)
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &column) == FAILURE) {
+ return;
+ }
++ column_name = (char*) sqlite3_column_name(result_obj->stmt_obj->stmt, column);
+
+- RETVAL_STRING((char*)sqlite3_column_name(result_obj->stmt_obj->stmt, column), 1);
++ if (column_name == NULL) {
++ RETURN_FALSE;
++ }
++
++ RETVAL_STRING(column_name, 1);
+ }
+ /* }}} */
+
diff --git a/debian/patches/series b/debian/patches/series
index 2397914a9..15567d677 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -88,3 +88,4 @@ fix-segfault-in-pgsql_stmt_execute-when-postgres-is-down.patch
fix-segfault-when-extending-SplFixedArray.patch
fix-segfault-when-node-is-NULL-in-simplexml.patch
fix-segfault-when-using-several-cloned-intl-objects.patch
+fix-sqlite3-columnName-segfaults-on-bad-column_number.patch
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-16 16:14:41 +0000