felipe Fri, 03 Dec 2010 21:05:44 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=305954
Log: - Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number) Bug: http://bugs.php.net/53463 (Open) sqlite3 columnName() segfaults on bad column_number Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/sqlite3/sqlite3.c A php/php-src/branches/PHP_5_3/ext/sqlite3/tests/bug53463.phpt U php/php-src/trunk/ext/sqlite3/sqlite3.c A php/php-src/trunk/ext/sqlite3/tests/bug53463.phpt Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-12-03 16:38:03 UTC (rev 305953) +++ php/php-src/branches/PHP_5_3/NEWS 2010-12-03 21:05:44 UTC (rev 305954) @@ -1,6 +1,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? Dec 2010, PHP 5.3.4 +- SQLite3 extension: + . Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number). + (Felipe) 02 Dec 2010, PHP 5.3.4RC2 - Core: Modified: php/php-src/branches/PHP_5_3/ext/sqlite3/sqlite3.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/sqlite3/sqlite3.c 2010-12-03 16:38:03 UTC (rev 305953) +++ php/php-src/branches/PHP_5_3/ext/sqlite3/sqlite3.c 2010-12-03 21:05:44 UTC (rev 305954) @@ -1532,6 +1532,7 @@ php_sqlite3_result *result_obj; zval *object = getThis(); long column = 0; + char *column_name; result_obj = (php_sqlite3_result *)zend_object_store_get_object(object TSRMLS_CC); SQLITE3_CHECK_INITIALIZED(result_obj->db_obj, result_obj->stmt_obj->initialised, SQLite3Result) @@ -1539,8 +1540,13 @@ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &column) == FAILURE) { return; } + column_name = (char*) sqlite3_column_name(result_obj->stmt_obj->stmt, column); - RETVAL_STRING((char*)sqlite3_column_name(result_obj->stmt_obj->stmt, column), 1); + if (column_name == NULL) { + RETURN_FALSE; + } + + RETVAL_STRING(column_name, 1); } /* }}} */ Added: php/php-src/branches/PHP_5_3/ext/sqlite3/tests/bug53463.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/sqlite3/tests/bug53463.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/sqlite3/tests/bug53463.phpt 2010-12-03 21:05:44 UTC (rev 305954) @@ -0,0 +1,28 @@ +--TEST-- +Bug #53463 (sqlite3 columnName() segfaults on bad column_number) +--FILE-- +<?php + +$db = new SQLite3(':memory:'); + +$db->exec('CREATE TABLE test (whatever INTEGER)'); +$db->exec('INSERT INTO test (whatever) VALUES (1)'); + +$result = $db->query('SELECT * FROM test'); +while ($row = $result->fetchArray(SQLITE3_NUM)) { + var_dump($result->columnName(0)); // string(8) "whatever" + + // Seems returning false will be most appropriate. + var_dump($result->columnName(3)); // Segmentation fault +} + +$result->finalize(); +$db->close(); + +echo "Done\n"; + +?> +--EXPECT-- +string(8) "whatever" +bool(false) +Done \ No newline at end of file Property changes on: php/php-src/branches/PHP_5_3/ext/sqlite3/tests/bug53463.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/trunk/ext/sqlite3/sqlite3.c =================================================================== --- php/php-src/trunk/ext/sqlite3/sqlite3.c 2010-12-03 16:38:03 UTC (rev 305953) +++ php/php-src/trunk/ext/sqlite3/sqlite3.c 2010-12-03 21:05:44 UTC (rev 305954) @@ -1529,6 +1529,7 @@ php_sqlite3_result *result_obj; zval *object = getThis(); long column = 0; + char *column_name; result_obj = (php_sqlite3_result *)zend_object_store_get_object(object TSRMLS_CC); SQLITE3_CHECK_INITIALIZED(result_obj->db_obj, result_obj->stmt_obj->initialised, SQLite3Result) @@ -1536,8 +1537,13 @@ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &column) == FAILURE) { return; } + column_name = (char*) sqlite3_column_name(result_obj->stmt_obj->stmt, column); - RETVAL_STRING((char*)sqlite3_column_name(result_obj->stmt_obj->stmt, column), 1); + if (column_name == NULL) { + RETURN_FALSE; + } + + RETVAL_STRING(column_name, 1); } /* }}} */ Added: php/php-src/trunk/ext/sqlite3/tests/bug53463.phpt =================================================================== --- php/php-src/trunk/ext/sqlite3/tests/bug53463.phpt (rev 0) +++ php/php-src/trunk/ext/sqlite3/tests/bug53463.phpt 2010-12-03 21:05:44 UTC (rev 305954) @@ -0,0 +1,28 @@ +--TEST-- +Bug #53463 (sqlite3 columnName() segfaults on bad column_number) +--FILE-- +<?php + +$db = new SQLite3(':memory:'); + +$db->exec('CREATE TABLE test (whatever INTEGER)'); +$db->exec('INSERT INTO test (whatever) VALUES (1)'); + +$result = $db->query('SELECT * FROM test'); +while ($row = $result->fetchArray(SQLITE3_NUM)) { + var_dump($result->columnName(0)); // string(8) "whatever" + + // Seems returning false will be most appropriate. + var_dump($result->columnName(3)); // Segmentation fault +} + +$result->finalize(); +$db->close(); + +echo "Done\n"; + +?> +--EXPECT-- +string(8) "whatever" +bool(false) +Done \ No newline at end of file Property changes on: php/php-src/trunk/ext/sqlite3/tests/bug53463.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
