Bug #53463 [Opn->Csd]: sqlite3 columnName() segfaults on bad column_number

Fri, 03 Dec 2010 13:06:26 -0800 

Edit report at http://bugs.php.net/bug.php?id=53463&edit=1

 ID:                 53463
 Updated by:         fel...@php.net
 Reported by:        danielc at analysisandsolutions dot com
 Summary:            sqlite3 columnName() segfaults on bad column_number
-Status:             Open
+Status:             Closed
 Type:               Bug
 Package:            SQLite related
 Operating System:   linux
 PHP Version:        5.3SVN-2010-12-03 (SVN)
-Assigned To:        
+Assigned To:        felipe
 Block user comment: N
 Private report:     N

 New Comment:

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.




Previous Comments:
------------------------------------------------------------------------
[2010-12-03 22:05:46] fel...@php.net

Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&revision=305954
Log: - Fixed bug #53463 (sqlite3 columnName() segfaults on bad
column_number)

------------------------------------------------------------------------
[2010-12-03 18:01:04] danielc at analysisandsolutions dot com

Description:
------------
PHP's SQLite3Result::columnName() method produces a segmentation fault
when column_number exceeds the column count.



Inside ext/sqlite3/sqlite3.c, PHP utlizes RETVAL_STRING for the data
coming back from SQLite's sqlite3_column_name() function.  But inside
ext/sqlite3/libsqlite/sqlite3.c, their sqlite3_column_name() function
calls columnName(), which returns 0 on error conditions.



PHP's C code needs to be adjusted to account for mixed type results from
sqlite3_column_name().  When making this fix, it seems PHP should return
FALSE if sqlite3_column_name() produces 0.



Test script:
---------------
$db = new SQLite3(':memory:');



$db->exec('CREATE TABLE test (whatever INTEGER)');

$db->exec('INSERT INTO test (whatever) VALUES (1)');



$result = $db->query('SELECT * FROM test');

while ($row = $result->fetchArray(SQLITE3_NUM)) {

    var_dump($result->columnName(0));  // string(8) "whatever"



    // Seems returning false will be most appropriate.

    var_dump($result->columnName(3));  // Segmentation fault

}



$result->finalize();

$db->close();



echo "Done\n";



Expected result:
----------------
string(8) "whatever"

bool(false)

Done



Actual result:
--------------
string(8) "whatever"

Segmentation fault




------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53463&edit=1

Reply via email to