Edit report at http://bugs.php.net/bug.php?id=53463&edit=1
ID: 53463 Updated by: fel...@php.net Reported by: danielc at analysisandsolutions dot com Summary: sqlite3 columnName() segfaults on bad column_number -Status: Open +Status: Closed Type: Bug Package: SQLite related Operating System: linux PHP Version: 5.3SVN-2010-12-03 (SVN) -Assigned To: +Assigned To: felipe Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2010-12-03 22:05:46] fel...@php.net Automatic comment from SVN on behalf of felipe Revision: http://svn.php.net/viewvc/?view=revision&revision=305954 Log: - Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number) ------------------------------------------------------------------------ [2010-12-03 18:01:04] danielc at analysisandsolutions dot com Description: ------------ PHP's SQLite3Result::columnName() method produces a segmentation fault when column_number exceeds the column count. Inside ext/sqlite3/sqlite3.c, PHP utlizes RETVAL_STRING for the data coming back from SQLite's sqlite3_column_name() function. But inside ext/sqlite3/libsqlite/sqlite3.c, their sqlite3_column_name() function calls columnName(), which returns 0 on error conditions. PHP's C code needs to be adjusted to account for mixed type results from sqlite3_column_name(). When making this fix, it seems PHP should return FALSE if sqlite3_column_name() produces 0. Test script: --------------- $db = new SQLite3(':memory:'); $db->exec('CREATE TABLE test (whatever INTEGER)'); $db->exec('INSERT INTO test (whatever) VALUES (1)'); $result = $db->query('SELECT * FROM test'); while ($row = $result->fetchArray(SQLITE3_NUM)) { var_dump($result->columnName(0)); // string(8) "whatever" // Seems returning false will be most appropriate. var_dump($result->columnName(3)); // Segmentation fault } $result->finalize(); $db->close(); echo "Done\n"; Expected result: ---------------- string(8) "whatever" bool(false) Done Actual result: -------------- string(8) "whatever" Segmentation fault ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53463&edit=1